top of page

​

PRIVACY POLICY

 

Date of Last Revision: September 26, 2023

​

Garner Health Technology, Inc. and its affiliates (collectively, “Garner,” “we,” “us,” “our”) provides certain services (as described in the Terms of Service) to you through its websites on which we link to this Privacy Policy (collectively, the “Site”), and through our mobile applications on which we link this Privacy Policy (the “Mobile App”) and related technologies, including any updated or new features, functionality and technology (collectively, with the Site and Mobile App, the “Service”). This Privacy Policy explains the information we collect in connection with the Service (including information collected offline), how we use and disclose that information, and your choices concerning our practices. 

​

This Privacy Policy applies to information we collect from and about end-users of the Service, including Employers’ employees and their dependents (“Users”) whose information we collect on behalf of the respective Employer, as well as visitors to the Site, whose information we collect on our own behalf and handle as set forth in this Privacy Policy. An “Employer” refers to our client that has contracted with us to provide the Service to Users in connection with its sponsored health plan. In order to provide the Service, we also process information regarding certain health care providers and other medical professionals, referred to herein “Doctors.” “You,” “your,” and “yours” herein refer to Users, Site Visitors, and Doctors.

​

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms used but not defined herein shall have the meanings ascribed to them in our Terms of Service.

​

Before using the Service or providing us with any information, please review this Privacy Policy carefully. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site, use the Service, or otherwise provide us with your information.

​

If you are a California resident, click here to see our California Notice at Collection for information about our practices in accordance with California law.

 

1. INFORMATION WE PROCESS ON BEHALF OF EMPLOYERS

​

If you are a User whose Employer provides you with our Service, we collect your information on your Employer’s behalf as a “service provider” or “business associate.” This Privacy Policy does not apply to information that we collect on behalf of Employers. Our processing of such information, including the collection, use, and disclosure of such information is governed by our Terms of Service and other agreements with Employers. If there is a conflict between a term of this Privacy Policy and a term in our agreement with an Employer, the term in our agreement with an Employer shall control.

​

We do not control what Employers do with any information we process on their behalf. Users should refer to their Employer’s privacy policy for information about how their Employer handles their information. In addition, Users should contact their Employer for more information and to exercise any rights with regard to information we process on the Employer’s behalf (such as to request access, deletion, or correction of their information). 

​

The information we process on behalf of Employers includes:

​

  • Identifiers, such as name, email address, phone number, business address, mailing/billing addresses, information used to sign into your account (including username and password), IP address, Social Security Number, and the employee ID assigned by your Employer. 

  • Internet or Other Electronic Activity Information, as described below in Section 1(B).

  • Financial Information for Reimbursements: If you submit a reimbursement request via the Service, subject to the terms of your HRA and in accordance with the Terms of Service, we may collect the financial information necessary to process your reimbursements, such as your bank account number and routing information. Garner permits Users to link their accounts to certain financial institutions via an integration with Plaid Inc. (“Plaid”). This integration is optional, but if you enable it, you grant Garner and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution, and you agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid end user privacy policy.

  • Commercial Information, such as a history of your reimbursements and other transactions through the Service.

  • Communication Information, including any information you provide when you contact us or when you choose to respond to questionnaires, quizzes, surveys, or requests for your opinion and feedback.

  • Professional or Employment-Related Information, such as your position, company name, Employer Identification Number, employment history, and information about income or other compensation.

  • Location Information, such as your city and zip code and general location information derived from your IP address. Depending on your device settings, we may also collect precise geolocation (e.g., latitude and longitude coordinates).

  • Demographic Information, such as age, gender, gender identity, income level, marital status, and date of birth.

  • Health Information about you or your dependents, such as information and documentation related to the payment for medical services, the content of your communications with our Concierge Service, the history of your search, information about your medical history, information about your medical plans (including dental and vision plans), and the results of any questionnaires, surveys, information requests, interviews, results, or other documentary, text, video, or audio interactions related to the provision of or payment for health services. Please see the “Protected Health Information” section below for more information on our handling of Health Information subject to applicable privacy laws. 

  • Audio and Visual Information: The Mobile App allows you the option to submit claims documentation for reimbursement by taking a photo of the documentation, which contains information about you or your dependent. You can also allow the Mobile App to collect photos from the photo app on your device. If you do not properly crop or frame the images, we may inadvertently collect information included in the background of the images, which may include (for example) faces or locations.  Please note that Garner is not responsible for any information of Users or other individuals inadvertently captured in images uploaded via the Services.

  • Inferences based on any of the information above, such as inferences about you, your preferences, and your health.

We may collect this information from you when you use the Service, from your Employer, from the Third Party Administrator of your Employer’s health plan, insurance companies, health care providers, and as otherwise described in this Privacy Policy. 

​

Protected Health Information: Some of the information we collect on behalf of Employers may be subject to laws and regulations, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) and privacy and security rules thereunder (collectively, “HIPAA”), that govern covered entities’ use and disclosure of certain individually identifiable health-related information (“Protected Health Information”). When we collect Protected Health Information, we do so as a “business associate” of an Employer under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the Employer, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. 

 

2. INFORMATION WE COLLECT

​

Except as explicitly set forth in Section 1, as used in the remainder of this Privacy Policy, “information,” “information we collect,” “your information,” and similar terms refer only to information described in this Section 2 and do not refer to information described in Section 1.

​

A. Information We Collect 

​

We collect information from and about you when you visit the Site; use the Mobile App; register for an account; use the Service (for example, to search for a doctor, get reimbursed for medical services, or correspond with the concierge); and contact or otherwise interact with Garner whether online or offline. We may also collect information about you from our Affiliates, other third parties, and public sources. 

​

The information we collect includes: 

​

  • Identifiers, such as name, email address, phone number, mailing/billing addresses, signature, and IP address.  

  • Internet or Other Electronic Activity Information, as described below in Section 1(B).

  • Financial Information, such as bank account number and routing information. 

  • Commercial Information, such as a history of your transactions through the Service.

  • Communication Information, including any information you provide when you contact us or when you choose to respond to questionnaires, quizzes, surveys, or requests for your opinion and feedback.  

  • Professional or Employment-Related Information, such as your position and Employer Identification Number.

  • Location Information, such as your city and zip code and general location information derived from your IP address.

  • Social Media Information, such as your interactions with us (e.g., “likes” and “shares” of our content) via our pages and posts on social media sites like Instagram, Facebook, Medium, Twitter, and LinkedIn, and any other information you provide to us or permit us to collect via social media, such as your contact details or information about your social media profile. 

  • Inferences based on any of the information above, such as inferences about your preferences.

 

B. Internet or Other Electronic Network Activity Information: When you visit, use, and otherwise interact with the Service, we and our third-party vendors may automatically collect certain information about your device, browser, and interactions with the Services, including but not limited to your device name, operating system, device ID; your browser type and settings; the date and time of your visit; cookie IDs; the page(s) you visited, the content you engage with, the features you use, the actions you take (e.g., what you click on), and the time, frequency, and duration of your interactions with the Services; and the domain you come from. 

​

We and our third-party vendors may collect some of this information via cookies and similar technologies. A “cookie” is a piece of information sent to your device or browser by a website. Cookies help us operate and administer the Service, understand and analyze use of the Service, improve your experience of the Service, secure the Service, and market and advertise the Service to you (subject to any applicable legal and contractual requirements). For more details on cookies, please visit All About Cookies. For information about your choices regarding cookies and similar technologies, see Section 5 below, “Cookies, Analytics, and Advertising.”

​

We may also use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.

 

C. Information About Doctors: In order to identify the Garner Top Doctors, we collect information about Doctors from third-party data providers regarding health insurance claims and treatment courses elected by certain Doctors and combine it with (1) claims data from the Service that has been de-identified in accordance with HIPAA, our agreements with Employers, the Terms of Service, and as otherwise permitted by law; and (2) publicly available information, such as contact information for the Doctor and whether the Doctor is in a particular healthcare network. We use this information as described in this Privacy Policy, including for research purposes, such as to improve our products and services and recommendations made on the Service. If you are a Doctor and would like to opt out of our use of the data about you that we obtain from third party data providers, please contact us at privacy@getgarner.com.

 

3. HOW WE USE INFORMATION

​

We may use the information described in Section 2 for the following purposes:

​

  • To provide the Service, including to maintain your account and authenticate you;

  • To respond to your inquiries, comments, feedback, or questions, including to provide customer or technical support;

  • To facilitate transactions through the Service;

  • To send you administrative and transactional communications, such as information regarding the Service, your transactions, and changes to our terms, conditions, and policies;

  • To analyze use of the Service;

  • To maintain and improve the Service, including recommendations made on or through the Service;

  • To market and advertise ourselves and the Service (subject to applicable laws and any preferences you have communicated to us);

  • To conduct research and develop new products and services;

  • To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of the Service and our IT systems, architecture, and networks; and

  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or third parties.

  • For any other lawful purpose (including, where legally required, with your consent).

 

Combined, Aggregated, and De-Identified Information: We may combine the information we collect through the Service with information we collect automatically or receive from other sources and use such combined information in accordance with this Privacy Policy. We may also aggregate and/or de-identify this information in such a way that it cannot reasonably be linked to you or your device. We may use such aggregated and/or de-identified information for any purpose, including for research and marketing purposes, and may disclose such information to any other parties without limitation.

 

4. HOW WE DISCLOSE INFORMATION

​

We may disclose the information described in Section 2 as follows, for any of the purposes set forth in Section 3:

​

  • Affiliates: We may disclose information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Garner. 

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose information to companies that provide services to us, such as hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and web analytics services. 

  • Joint Product/Marketing Partners and Sponsors: If you attend or participate in an event or speaking engagement, we may disclose your information to joint product/marketing partners and sponsors.

  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your information may be disclosed in the diligence process and may be part of the transferred assets.

  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation; (ii) protect and defend the rights, property, or personal safety of ourselves, our personnel, users of the Service, or third parties; (iii) investigate and respond to fraud, other illegal activity, or violations of our terms and policies; or (v) protect against legal liability.

  • Your Consent/At Your Direction: If you direct us to or otherwise consent to the disclosure of your data, we may disclose your data consistent with your consent

 

5. COOKIES, ANALYTICS, AND ADVERTISING

​

A. Cookies and Analytics

​

To adjust your cookie preferences generally, please consult the “Help” or similar section of your browser for information about how to adjust your browser settings to disable cookies or notify you when a cookie is being set or updated. If you disable certain cookies, you may be unable to access certain parts of the Service and you may not be able to benefit from the full functionality of the Service. Some cookies are strictly necessary for the Services to function, meaning that you cannot opt out of them.

Our third-party analytics providers, such as Twilio Segment, may collect information via cookies. You can find more information about Segment’s privacy practices, as well as information regarding opt-out methods or browser tools, at https://www.twilio.com/en-us/legal/privacy

 

Any preferences you have exercised through these methods will only apply to the specific device/browser on which you made them, so if you access the Service from a new device/browser, you will also need to indicate your preferences there.

 

B. Online Advertising

​

We may allow cookies and third-party advertising technologies operated by other parties (e.g., ad networks and ad servers such as Google’s ad services) on the Service that use cookies and similar technologies to deliver relevant and targeted advertisements and other content to you, including to advertise our Service on other websites you visit and applications you use. These ads may be based on the content of the page you are visiting, information you provide, automatically collected information, and other information about you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

​

For more information about tailored browser advertising and how you can generally control cookies from being put on your computer or mobile browser to deliver tailored advertising (i.e., not just for the Service), you may visit the Network Advertising Initiative's Consumer Opt-Out Link and/or the Digital Advertising Alliance's WebChoices Tool to opt out of receiving tailored advertising from companies that participate in those programs. Please note that you may still see ads for the Service on other websites or apps, but these ads may not be tailored to you. We do not control any of the above opt-out links and are not responsible for any choices you make using them or their continued availability or accuracy. Any preferences you have exercised through these methods will only apply to the specific device/browser on which you made them.

 

C. Do Not Track

​

Do Not Track (“DNT”) is a privacy preference that is available in certain web browsers which you can learn more about here. We do not currently recognize or respond to browser initiated DNT signals. Please note that DNT is different than the user “preference signal” referenced elsewhere in this Privacy Policy, which is a browser-based control that indicates whether you would like to opt out of processing of your data for certain purposes, such as the “sale” of your data or the disclosure of your data for targeted advertising purposes, under applicable laws.

 

6. YOUR RIGHTS AND CHOICES 

​

A. Your Rights

​

Depending on your jurisdiction, you may have the right to make certain requests of us regarding your “personal information” or “personal data,” as defined in applicable law, including but not limited to the right to ask us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of other parties to whom we disclose personal information.

  • Provide you access to and/or a copy of certain personal information we hold about you.

  • Correct or update personal information we hold about you.

  • Delete certain personal information we have about you.

You have the right to opt out of “sales” of your information and “sharing/use of your information for targeted advertising” as described in the “California Notice at Collection” section of this Privacy Policy. As provided in applicable law, you also have the right to not be discriminated against for exercising your rights. 

If you would like to request to exercise any of these rights, you may email us at privacy@getgarner.com.

Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information to provide our Service to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying certain information about you. You can also designate an authorized agent to make requests on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us. 

 

B. Doctors 

​

If you are a Doctor and would like to opt out of our use of data about you that we collect from third-party data providers (as described in Section 2(C) above), please contact us at privacy@getgarner.com.

 

C. Marketing Communications

​

You may opt out of receiving marketing emails by following the instructions contained in each promotional email we send you. 

Subject to legal requirements, if you provide your telephone number, we may contact you by telephone, including SMS (1) for transactional purposes, such as to respond to your support questions and other inquiries regarding the Service (such as calling you back after you reach out to our Concierge Service); and/or (2) to provide you with marketing or promotional content that may interest you. 

You are not required to consent to receive marketing SMS text messages or phone calls as a condition of using the Service. To opt out of marketing calls and marketing text messages, you may text “STOP” from the device receiving such communications. You acknowledge that this is the only reasonable way to opt out of marketing via SMS text message or phone calls.

Please contact us as provided at the end of this Privacy Policy to opt out of marketing via direct mail.

If you unsubscribe from or opt out of our marketing communications, you will no longer receive marketing communications but we may continue to send you administrative or transactional communications and respond to your requests. 

 

7. DATA RETENTION

​

We may retain your information for as long as reasonably necessary for the purposes described in this Privacy Policy or as required by law (e.g. for tax, legal, accounting, medical record retention, or other purposes), whichever is longer. To provide security and business continuity for the activities described in this Privacy Policy, we make backups of certain data, which we may retain for as long as needed for the functioning of our Service.

 

8. CHILDREN

​

Our Service is not directed to children who are under the age of 18. We do not knowingly collect “personal information” (as defined in the Children’s Online Privacy Protection Act) from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided personal information to us through the Service please contact us at privacy@getgarner.com and we will delete that information from our databases as required by law.

 

9. LINKS TO OTHER WEBSITES

​

The Service may contain links to other websites and services not operated or controlled by us (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. We are not responsible for any Third Party Site’s privacy practices. Please contact the Third Party Sites directly for information on their privacy practices and policies. 

 

10. SECURITY

​

You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free, including those made via the Mobile App. In particular, information sent to or from us via the Mobile App or e-mail may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Information to us via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service or any Third Party Sites.

 

11. INTERNATIONAL USERS

​

The Service is based and hosted in the United States, and is designed solely for use by United States residents. By using our Service, you understand and acknowledge that your information will be processed and stored at our facilities and servers in the United States and may also be processed outside of the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.

 

12. CALIFORNIA NOTICE AT COLLECTION

​

This California Notice at Collection applies solely to California residents and provides disclosures required under the California Consumer Privacy Act (as amended from time to time, the “CCPA”). This Section only applies to personal information described in Section 2 of the Privacy Policy. This Section does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants, as such information practices are described in separate policies. 

 

A. Categories, Sources, Use Purposes, Disclosure, and Retention of Personal Information 

 

In the twelve months leading up to the effective date of this Privacy Policy, we have collected and disclosed the categories of personal information described in Section 2(A) for business or commercial purposes. We also collect the following categories of “sensitive personal information,” as defined under the CCPA: (i) account log-in and password or other credentials that allow access to your account; and (ii) other sensitive personal information you may provide to us in your capacity as an individual user of the Service. 

We collect this personal information from you directly, automatically through your use of the Service, our Affiliates, and other parties such as lead generation firms.

​

In the twelve months leading up to the effective date of this Privacy Policy, we or our vendors have collected and disclosed the categories of personal information described in Section 2(A) above for the business and commercial purposes described in Section 3 above. We may disclose your personal information in the circumstances described in Section 4 above.

​

For our retention practices, please see Section 7 above.

​

B. Your California Rights

 

If you are a California resident, you may have the right to request that we: 

  • Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting, “selling,” or “sharing” your personal information, as those terms are defined by the CCPA; the categories of parties to whom we disclosed, “sold,” or with whom we “shared” personal information; and the categories of personal information we “sold” or “shared.” 

  • Provide access to and/or a copy of certain information we hold about you. 

  • Delete certain information we have about you. 

  • Correct inaccurate personal information that we maintain about you.

You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. In addition, we need certain types of information so that we can provide the Service. If you ask us to delete it, you may no longer be able to access or use the Service. 

If you would like to request to exercise any of these rights, you may email us at privacy@getgarner.com. You may be required to verify your identity before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us. 

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.

​

C. “Sale” and “Sharing” of Personal Information

​

We may disclose your personal information to third parties in connection with our advertising activities. Specifically, we may provide personal information to third-party advertising providers in order to provide you with more relevant and tailored advertising. We may also provide information to third parties that help us better understand how users interact with our ads and the Service, such as advertising analytics providers. Under the CCPA and based on our understanding of current regulatory guidance, disclosing personal information to these third parties may be considered the “sharing” of personal information for purposes of “cross-context behavioral advertising.”

The CCPA requires businesses that “share” personal information to provide an opt out from such sharing. Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. We “share” information for these purposes to provide more relevant and tailored advertising to you regarding our Services. As part of this advertising, in the twelve months leading up to the effective date of this Privacy Policy, we have “shared” Identifiers, Commercial Information, and/or Internet or Other Electronic Network Activity Information with ad networks, advertising partners, and analytics providers as described above. You can opt out of such “sharing” by emailing us at privacy@getgarner.com.

 

The CCPA also requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt out from such sales. Some people have taken the position that when a website uses third parties’ cookies or similar technology for its own analytics or advertising purposes, the website is engaged in a “sale” under the CCPA if the third parties have some ability to use, disclose or retain the data to improve their service or to take steps beyond the most narrowly drawn bounds of merely providing their service to the website/app. Some take this position even when the website pays the third party (not vice versa), and in most cases merely provides the third party with an opportunity to collect data directly, instead of providing personal information to the third party. As part of these analytics and advertising services, these technologies may access Identifiers, Commercial Information, and/or Internet or Other Electronic Network Activity Information. While we do not believe these are “sales” as that term is defined under the CCPA, you can opt out of this activity by emailing us at privacy@getgarner.com.

 

We do not knowingly “sell” or “share” the personal information of children under 16.

 

D. California “Shine the Light” Disclosure 

 

The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosing of certain categories of personal information (as defined in the Shine the Light law) to third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their own direct marketing purposes within the meaning of that law.

​

13. CHANGES TO THE PRIVACY POLICY

​

We may change or update this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with your information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.

​

14. CONTACT US

​

If you have any questions about our Privacy Policy or information practices, please feel free to contact us via email at privacy@getgarner.com, or by mail sent to 64 Bleecker St., #103, New York, NY 10012.

​

​

california-privacy-notice
protected-health-information
bottom of page