XOLTAR
PRIVACY POLICY
Last modified: 13 February 2022
Xoltar Inc. and its affiliates (collectively, “Xoltar”, “us”, “our” or “we”) offer
innovative AI-powered solutions for optimizing businesses’ customer experience (the
“Services”) and is committed to respecting its clients and users’ privacy rights
(collectively, “you”, “your” or “user”).
This Privacy Policy (the “Policy”) applies to information we collect through the Service
or information that you and/or your health professional caregiver (i.e., Xoltar’s Client)
or the referring physician acting on its behalf (collectively, the “Professional
Caregiver”), have provided us for the purpose of providing you with the Service, and
describes how Xoltar collects, uses and protects such information. We encourage you
to read this Privacy Policy carefully and use it to make informed decisions.
By using the Service and/or accepting our Terms of Service, you hereby agree to the
collection and use of your information as we have outlined in this Policy.
Capitalized terms used and not otherwise defined herein, shall have the respective
meanings ascribed to them under our Terms of Service.
1. THE INFORMATION WE COLLECT
1.1. Xoltar collects information that identifies individuals or that may, with
reasonable effort, identify individuals, including (the “Personal
Information”):
1.1.1. Your name, gender, identification number, date of birth, age, medical
history, current medications and prescription information, medical
conditions, diagnosis and information obtained from your medical
treatment, name of referring physician, provincial drug benefit
program or private health insurance plan information, and other
information you may provide to us when you use the Service.
1.1.2. Recordings of your visual appearance and voice features.
1.1.3. Your health-related information such as your medical records, medical
recommendations from your health Professional Caregiver, etc.
1.1.4. Your contact details; postal address telephone numbers (including
mobile numbers) and e-mail address.
1.1.5. Your online browsing activities through the Service (for example,
device, software or hardware that may identify them, such as online
identifiers, device unique identifiers (e.g., UDID, MAC address), IP
address and geolocation).
1.1.6. Your Account password(s) and usernames.
1.1.7. If you choose to set up an account when using the Service by logging
through your Facebook or other social network account (Single Sign
On), we may receive personal information about you from the social
network.
1.1.8. Your, preferences, feedback and survey responses.
1.1.9. Your correspondence and communications with Xoltar.
1.2. Non-Personal Information. Xoltar also collects certain unidentified, nonpersonal information that relates to your online browsing activities through
your use of the Services (the “Non-Personal Information”). Non-Personal
Information is non-identifiable information that, when taken alone, cannot be
used to identify you. As such, we are not aware of the identity of the user from
which the Non-Personal Information was collected. We also collect aggregate
user data regarding your use of our Services. We may anonymize or de-identify
the information collected through the Service or via other means so that the
information cannot, on its own, personally identify you. Our use and disclosure
of such aggregated or de-identified information is not subject to any restrictions
under this Policy, and we may disclose it to others without limitation and for
any purpose. For the avoidance of doubt, if we combine Personal Information
with Non-personal Information (e.g., analytical data), the combined
information will be treated as Personal Information so long as it remains
combined.
2. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
2.1. Xoltar may collect Personal Information and/or Non-Personal Information
(collectively, “Information”) during your use of our Service, including your
interactions and communications with the Service, in the following ways:
2.1.1. Information You Provide to Xoltar. Xoltar collects Information that you
provide it, for example, when you use the Services; when you answer
questionnaires and surveys; send request customer support; or
communicate with us for other purposes. Please be aware that the
Information you choose to provide, may reveal, or identify, information
that is not expressly stated (for example, your name may reveal your
gender). Accordingly, you should carefully consider which information
you wish to share about yourself.
2.1.2. Information Provided to Xoltar by Your Professional Caregiver. Xoltar
collects Information that was provided to it by the user’s Caregiver (the
“Xoltar’s Client”) to enable the functionality and features of the
Service. This usually means that your Professional Caregiver (i.e.,
Xoltar’s Client), will provide Xoltar with your health condition, for
example, information on a medical procedure, medical
recommendations, etc.
Xoltar’s Client, please note that it is your responsibility to ensure that
you have the right to provide us with Information regarding any user to
which you wish granting access to the Service.
2.2. Information Collected Automatically. When you access or use the Services, we
may automatically collect Information about you, including:
2.2.1. Usage Information. Xoltar monitors users’ activity in connection with
the Services and may collect log information about you when you access
and use the Services including your IP address, time of access, browser
type and language, Internet Service Provider (“ISP”), information about
the applications and features you use, the content you access, and any
actions taken in connection with the access and use of your content in
the Services.
2.2.2. Device Information. If you access the Services from a mobile device,
Xoltar may collect information about the device, including the hardware
model, operating system and version, unique device identifiers, mobile
network information (as allowed by the mobile network) or platform
information (as allowed by the specific platform type).
2.2.3. Cookies and Other Tracking Technologies.
2.2.3.1. Like most websites and online platforms, our Service uses
“cookies” to collect Information. “Cookies” are small text files
containing strings of letters and numbers that are downloaded
onto your device (such as, computer, tablet or smartphone)
when you use the Service. These files allow to store
Information about you. Some “cookies” will expire when you
exit the Service, and others will be saved in your device’s
memory.
If you want to disable or change your “cookies” settings, you
will have to access your device’s browser settings. Please note
that if you disable all cookies, some (or all) of the features and
functionality of the Service may not be available to you.
2.2.3.2. Other than “cookies”, when you use our Service, you consent
to our use (and authorize third parties to use) of various
technologies to collect Information, which may include web
beacons (also known as “tracking pixels”), events and other
technologies (collectively, “Tracking Technologies”). Such
Tracking Technologies allow us to automatically collect
Information about you, your device and your online behavior,
in order to enhance your navigation and improve our Services’
performance, perform analytics and customize your experience.
In addition, we may merge data we have with Information
collected through these Tracking Technologies and data we
may obtain from other sources and, as a result, such combined
data may constitute Personal Information.
3. HOW WE USE YOUR INFORMATION
3.1. Xoltar uses your Information for the limited purpose of providing the Service
and related functionality and services, or as otherwise specifically described in
this Policy and as permitted by applicable laws, all of which serve the
legitimate interests of Xoltar, including :
3.1.1. Provide, operate, maintain, improve, promote and audit the Service,
including by Xoltar, or any third party, from time to time.
3.1.2. Send you transactional messages, technical notices, updates, security
alerts and support and administrative messages.
3.1.3. Identify you, so that we can interact with you, provide and deliver the
services and features you request, process and complete transactions,
and send you related information .
3.1.4. Respond to your comments, questions, and requests and provide
customer service and support .
3.1.5. Communicate with you about services, features, surveys, newsletters,
offers, promotions, contests and events, and provide other news or
information about Xoltar and our select partners, including
responding to your comments, questions, and requests.
3.1.6. Personalize and improve the Service, and provide content, features,
and/or advertisements that match your interests and preferences or
otherwise customize the Services .
3.1.7. Monitor and analyze trends, usage, and activities in connection with
the Services for research, marketing or advertising purposes.
3.1.8. Link or combine the Information with other information we receive
from third parties to help understand your needs and provide you with
better service .
3.1.9. For crime and fraud prevention, detection and related purposes.
3.1.10. Where it has a legal right or duty to use or disclose your information
(for example in relation to an investigation by a public authority or in
a legal dispute).
3.1.11. For customer relations, queries, complaints or disputes and Service’s
operations.
3.1.12. Internal record keeping .
3.1.13. For managing insurance claims by our customers.
3.1.14. Cybersecurity needs, fraud detection and misuse of our website.
Please note that where we rely on your consent to process any of your Personal
Information, you have the right to withdraw your consent at any time. Where we rely
on our legitimate interests to process your Personal Information, you have the right to
object. If you have any questions about or need further information concerning the legal
basis on which we collect and use your Personal Information, please contact us through
the contact details available below.
3.2. Sharing your Information with Third Parties
3.2.1. We may use and share your Information with certain third parties that
help us operate our Service, (e.g., deliver customer support, monitor
and analyze the performance of our Services, provide recording and
storing solutions, etc.), such as newsletter distribution, cloud
providers and other service providers. When Xoltar uses such third
parties, it restricts them from using or disclosing the Information,
except as required to perform the services on behalf of Xoltar or to
comply with legal requirements. Specifically, we do not permit such
third parties to use any Personal Information we share with them for
their own marketing purposes or for any purpose other than in
connection with the services they provide to us. Third parties with
which we may share your Information will be required to meet our
standards on processing information and security. Personal
Information we provide them will only be provided in connection
with the performance of their function .
3.2.2. In addition, we will share your Information with your Professional
Caregiver, our family of companies and other third parties in order to
coordinate your care. For example, we may share a video/audio
recording of your interactions with Xoltar’s virtual representative
with your Professional Caregiver so that any information you provide
it can be documented on your medical record.
3.2.3. We will never sell or share your Information to other organisations
for marketing purposes.
3.2.4. We may share your data with:
3.2.4.1. credit reference agencies and payment card issuers (such as
Visa, Mastercard and American Express) where necessary
for card payments.
3.2.4.2. governmental bodies, regulators, law enforcement agencies,
courts/tribunals and insurers where we are required to do so
(a) to comply with our legal obligations; (b) to exercise our
legal rights (for example in court cases); (c) for the
prevention, detection, investigation of crime or prosecution
of offenders; and (d) for the protection of our employees and
customers.
3.2.4.3. If Xoltar becomes involved in a merger, acquisition, or any
form of sale of some or all of its assets, it may transfer all
the Information that was collected from users in connection
with such a transaction.
3.2.5. We work with third party providers that help us operate, provide,
improve, understand, customize, support, and market our Service. For
example, we work with companies that provide our infrastructure and
other systems, supply map and sites information, help us understand
how people use our Service, etc.
3.2.6. Our cloud service providers. The server(s) on which the Service and
the Service are hosted and/or through which any of the Service are
processed are within the State of Israel, United States, Europe and
UK, however, some of the Information may be managed by third
parties, including, Amazon Web Service (AWS) technology, whose
mailing address is Amazon Web Services, Inc., 410 Terry Avenue
North, Seattle, WA 98109-5210, ATTN: AWS Legal. You can find
more details on AWS’ Privacy Policy here. We have configured our
data to be stored in London, UK.
3.3. International transfer of information. Xoltar is a private company incorporated
under the laws of the State of Delaware, USA. To provide you with our Service,
it will be necessary for Xoltar to grant its fully owned subsidiary, Xoltar Ltd.,
a private company incorporated under the laws of the State of Israel, with
access to your data. By agreeing to these Terms, you to Xoltar sharing your
data outside of the European Economic Area. These transfers are subject to
special rules under data protection laws. If this happens, we will ensure that the
transfer will be compliant with data protection law and all personal data will
be secure. Our standard practice is to use ‘standard data protection clauses’
which have been approved by the European Commission for such transfers.
Those clauses can be accessed here.
3.4. We reserve the right to disclose your Information as required by law and when
we believe that disclosure is necessary to protect our rights and/or comply with
a judicial proceeding, or court order.
3.5. Also, please note that we may disclose general, aggregated, non-personal and
non-identifiable information about our users to potential business partners,
investors, or the public.
4. HOW LONG DO WE KEEP YOUR DATA?
4.1. Xoltar will retain your Information for as long as needed to provide you and
our clients with our Service, or to comply with legal and regulatory obligations
(e.g., audits, accounting and statutory retention terms), enforcing our Terms of
Service, dispute resolutions and for the establishment, exercise or defence of
legal claims in the countries where we do business.
4.2. While different retention periods may apply with respect to different types of
data, the longest we will normally hold any Personal Information is ten (10)
years.
4.3. When you send an email or other communication to [email protected], or
any other correspondence that you have with us, we may retain those
communications in order to process and respond to your requests and improve
our Service.
4.4. Please DO NOT send us any communication which contains confidential or
sensitive information, since we are unable to evaluate whether your content
constitutes as confidential or sensitive information, or not, and we may retain
or use such communication as described hereinabove, and such retention or use
shall not be deemed as a breach of any of our obligations pursuant to this
Policy.
5. INFORMATION SECURITY STANDARD
5.1. Because we value your privacy, Xoltar uses industry standard measures to
protect against unauthorized access to, or unauthorized alteration, disclosure or
destruction of data which is stored in our records. These measures include
internal reviews of our data collection, storage and processing practices and
standard measures, and follows the Health Insurance Portability and
Accountability Act (the “HIPAA”), as amended by Health Information
Technology for Economic and Clinical Health Act of 2009 (the “HITECH
Act”), and all pertinent regulations issued by the Department of Health and
Human Services (“HHS”), as enacted and amended, in its supervision,
management, and control of the use of the Service.
5.2. Nonetheless, we cannot guarantee a perfect and absolute security measure, as
no method of transmission over the Internet and or electronic storage is
perfectly secure or invulnerable. However, should we become aware of a
security breach, we will notify any affected user, so that they can take
appropriate protective steps. Such notifications shall be issued by Xoltar in
accordance with the applicable (local) laws and regulations, as well as Xoltar’s
internal policies .
5.3. Physical Standard. Xoltar follows Amazon’s Privacy and Security Policy
security standards with respect to physical access. You can read more about it
here.
6. HOW CAN YOU HELP TO PROTECT YOUR DATA?
6.1. First, please remember that Xoltar will never ask you for any password, bank
account or credit card details. If you receive such communicating asking you
to provide such information, please ignore it and do not respond. You can let
us know that you have received such communication via [email protected].
6.2. If you are using a computing device in a public location, we highly recommend
that you always log out and close the browser after completing your session.
7. WHAT RIGHTS YOU HAVE IN CONNECTION WITH YOUR
INFORMATION?
7.1. You have the right to ask that Xoltar will provide you with a copy of any
Personal Information that we keep about you.
7.2. You have the right to ask that Xoltar shall update and correct any outdated or
inaccurate Personal Information that we keep about you. Should you find that
the Personal Information related to you is not accurate, complete, or updated,
then please provide us the necessary information to correct it.
7.3. If you wish to exercise any of the rights described above, please notify us by
email to [email protected], and we will use commercially reasonable efforts
to accommodate your request. Xoltar shall not charge you for requesting to
exercise any of the aforementioned rights.
8. SPECIFIC PROVISIONS FOR EU-RESIDENTS
8.1. This Section 8 applies to residents of the European Union. Xoltar adopted the
following provisions, to comply with the EU 2016/679 Directive General Data
Protection Regulation (“GDPR”), pursuant to which Xoltar will be considered
as a “Data Controller” with respect to our use of Personal Information of
residents of the European Union.
8.2. Legal Basis. We base our processing of any personal data as “Data Controllers”
based on the following lawful grounds:
8.2.1.Xoltar relies, primarily, on your consent to the terms of this Policy and
the terms set forth under our Terms of Service, as a legal basis for
processing any Personal Information related to you or communicating
any other promotional material.
8.2.2.Xoltar may collect and use your Personal Information when it is
necessary for one of the legitimate uses set out in Section 3 above, which
we believe are not overridden by your fundamental rights.
8.2.3.We may process your Personal Information to comply with a legal
obligation and to protect our users’ vital interests.
8.2.4.If, at any time, you wish to exercise your rights in accordance with the
provisions provided by law (including as provided under Section 7 of
this Policy) you may send us an email to via [email protected], and
request:
8.2.4.1.to access your Personal Information together with information
about how, and on what basis, such information is being
processed. Should you desire to receive such information in a
different format than the one that was provided to you, you can
contact us via [email protected] and we shall use
commercially reasonable efforts to accommodate your request, if
applicable.
8.2.4.2.to rectify any of the Personal Information being held when such
information is inaccurate.
8.2.4.3.to delete or restrict access to your Personal Information in
limited circumstances as described under the GDPR. Please note
that if we need to delete any Personal Information related to you,
as per your request, it can take time until we completely delete
residual copies of such data from our servers and backup
systems.
8.2.4.4.to withdraw your consent to the processing of your Personal
Information. However, please note that exercising this right will
not affect the lawfulness of any previous processing activities
based on consent that was lawfully obtained before its
withdrawal.
8.2.4.5.to obtain and reuse your Personal Information for your own
purposes across different services, as part of your right to data
portability.
8.3. Please note that you have the right to complain to a Data Protection Authority
about our collection and use of your Personal Information. For more
information, please contact your local data protection authority in the European
Economic Area (EEA) .
8.4. If you have any concerns with respect to our methods of processing any
Personal Information related to you, or if wish to withdraw your consent, for
any reason, kindly let us know by sending an email to [email protected].
8.5. Xoltar shall not charge you for requesting to exercise any of the aforementioned
rights.
9. COMPLIANCE
If you believe that we have not adhered to our Policy as outlined herein, please
notify us by email to [email protected]. Xoltar will examine any query and make
commercially reasonable efforts to resolve any existing or potential dispute. Note
that when you send us a request to exercise your rights, we will need to reasonably
authenticate your identity and location, and therefore we may ask you to provide us
credentials to make sure that you are who you claim to be and will further ask you
questions to understand the nature and scope of your request.
10. CHANGES TO THIS POLICY
We reserve the right to change this Policy from time to time, so please review it
frequently. If we make material changes to this Policy, and you are a registered user
of the Service, we will notify you by email when we make any changes.
11. GOVERNING LAW
This Policy shall be construed in accordance with and governed for all purposes by
the substantive laws of the State of Delaware, USA without regard to conflicts of
law provisions. You agree that any claim or dispute you may have against the
Company and its affiliates, directors, officers, employees, and representatives must
be resolved by a court located in Delaware, USA and waive any jurisdictional,
venue or inconvenient forum objections to such courts.
12. CONTACT US
If you have any questions about this Policy, please contact us via
[email protected] or via post at: 3500 South Dupont Highway, City of Dover,
County of Kent, Delaware 19901, USA, Attn: Privacy Officer.