Privacy Policy
Effective Date: February 16, 2021
This statement (the “Privacy Policy”) sets forth the policies and practices for handling the information collected from or about you (“you” or “Users”) when you use the COVID Symptom mobile application, the COVID Symptom bot, and associated online services that we operate and that link to this Privacy Policy (the “App”). The App is made available by University of Michigan (“we,” “us,” or “our”) and is developed by Kirusa, Inc. (“Developer”).
We are making this App available to gather information about those with COVID-19 symptoms in order to help researchers fight the disease. The App allows you to enter and store history of your symptoms and some of your past health conditions. The App also allows you to provide your gender, age, and geographical area, if you so desire. With your consent, we donate the information you submit to the App in a form that is not linked to your name, e-mail address, phone number, or other similar identifiers (“Research Data”) with third parties who are conducting research or engaged in public health efforts in the fight against COVID-19 (such parties, “Third Party Researchers”). Please see the discussion on “Third Party Researchers” below for more information.
By using the App, or otherwise giving the Company your information, you acknowledge that you have read and understood the practices described in this Privacy Policy.
I. COLLECTION OF INFORMATION
We collect the following categories of information when you access and use the App:
-
Information you provide directly to us.
-
Sign-In Information, including email address;
-
Demographic information, including your age and gender;
-
Geographic information, including your country and zip/postal code;
-
Health information, including your symptoms and past health conditions;
-
Correspondence you send to us; and
-
Other information that you provide through the App.
-
Information we collect automatically. We collect certain internet, electronic activity, and other information automatically when you access or use the App (including when you download or launch the App, or when the App is running on your device in the background). This includes:
-
your device type; Internet protocol (IP) address; device and other unique personal or online identifiers;
-
time zone setting, country, and language settings;
-
information about the links you click and other information about how you use the App. For example, if you or your device experiences an error, we collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred.
We may also collect information from other publicly and commercially available sources and combine it with data collected through the App.
We may aggregate or de-identify the information described above. Aggregated or de-identified data is not subject to this Privacy Policy.
II. USE OF INFORMATION AND PURPOSE OF DATA PROCESSING
We use and otherwise process each of the categories of information identified above for the following business purposes:
-
Provide Users with services. This includes providing you with the information, products and services that you request from us and the features that you choose to use; and managing accounts and our relationship with you, including providing you with the information, products and services that you request from us, and notifying you about changes to our terms or privacy policy.
-
Analyze information for research purposes. With your consent, we generate Research Data to share with Third Party Researchers on a “no names” basis, as described further below.
-
Analyze use of our services. We analyze use of our services, such as to improve the App and to ensure that content is presented in the most relevant and effective manner for you and for your device; to administer the App, including troubleshooting, data analytics, testing, research, statistical and survey purposes; and to keep the App, business and users safe and secure.
-
Compliance with legal obligation. This includes using personal information to comply with applicable laws and regulations and to protect or exercise our legal rights or defend against legal claims.
-
Any other purposes disclosed to you. We may use your information for any other purposes disclosed to you at the time we collect your information or with your consent.
Where we rely on your consent to process your data, you may subsequently withdraw your consent at any time by covidsymptom@umich.edu. Withdrawing consent does not affect the lawfulness of processing based on consent before it is withdrawn.
Where we need to collect information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may cancel a product or service you have with us.
III. DISCLOSURE OF INFORMATION
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
-
Third Party Researchers. We share Research Data with Third Party Researchers, including to understand the nature and prevalence of COVID-19. By way of example, Research Data includes, but is not limited to, current symptoms, symptom history, and segmentation data such as age/gender, and certain exacerbating medical conditions in a form that is not tied to your name, e-mail address, phone number, or other similar personal identifiers. You can withdraw from continuing to donate your data at any time by canceling your account.
-
Authorized third-party vendors and service providers. We share your information with third-party vendors and service providers that provide services to us for a variety of business purposes, such as data hosting, security and performance monitoring, and maintaining or servicing accounts.
-
Corporate affiliates. We may share your information with our corporate affiliates.
-
Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, initial public offering, or in the unlikely event of bankruptcy.
-
Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, safety, and security of the Company, our affiliates, users, or the public.
-
With your consent. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent.
If you access third-party services -- such as third-party apps or websites -- through the App, these third-party services may be able to collect information about you, in accordance with their own privacy policies.
IV. COOKIES AND SIMILAR TECHNOLOGIES
When you use the App, we and our third party partners may use cookies, pixel tags, local storage, software development kits (“SDKs”), and other similar technologies (collectively, “cookies”) to collect information from your browser or device. Cookies allow you to access the App and use certain features, and collect information about how you use the App in order to enhance and personalize your experience. Please consult your browser settings and mobile settings for choices that may be available to you to limit cookies. Depending on your settings, you may not be able to take advantage of all of the features of the App.
Do-Not-Track Signals and Similar Mechanisms. Some mobile and web browsers transmit "do-not-track" signals. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
V. YOUR RIGHTS AND CHOICES
You may be entitled, in accordance with applicable law, to object to or request restriction of processing of your information, and to request access to, rectification, deletion, and portability of your information or more information about our information practices. You can access and view your personal information at any time through the App. You can also delete your account at any time, although you are not able to delete or limit the further sharing of Research Data that has been de-identified. Additional requests may be submitted in writing as set out below.
VI. INTERNATIONAL TRANSFERS
By using the App and providing us with information, you understand that we may transfer and store your information on servers located outside your resident jurisdiction. In addition, come of the entities (such as third-party vendors) to which we disclose information may be located outside of your resident jurisdiction, including in countries that may not provide the same level of data protection as your home country. In accordance with applicable law, we take appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality, and the Company implements measures to ensure that any transferred information, remains protected and secure.
VII. CHILDREN
We do not knowingly collect or sell any information from children, as defined by applicable law, without parental consent or as otherwise permitted by applicable law.
VIII. DATA RETENTION, SECURITY, AND INTEGRITY
We maintain security measures intended to safeguard information from loss, theft interference, misuse, unauthorized access, disclosure, alteration, or destruction. However, you should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
The App allows you to share information with third parties using e-mail, text message, and other communications applications available on your device. You use these functionalities at your own risk. We do not control the security or other practices of the third parties with which you share your information. You should use caution in selecting the third parties and evaluating their security practices before disclosing your information. In addition, these functionalities allow you to share your information using modes of communication that may not be encrypted or secure. You should use caution in selecting a suitable mode of communication in light of the sensitivity of the information you are disclosing. We are not responsible for the information you choose to share with third parties.
When we create Research Data, we remove any personal identifiers and store the data in a separate repository from your other information.
IX. CHANGES TO THE PRIVACY POLICY
We may modify this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the App to stay informed of our privacy practices.
X. CONTACT INFORMATION
If you have any questions about this Privacy Policy or our practices, please contact us via covidsymptom@umich.edu.