Privacy Policy
Last updated: July 14, 2021
Privacy Policy
This Privacy Policy describes how personal information is collected, used and stored through the use of the Motusi platform, mobile application, websites and web-based resources. We collectively refer to our platform, Kit, mobile application, websites and web-based resources as the “Platform”.
This Privacy Policy describes Motusi Corporation’s policies and procedures on the collection, use and disclosure of Your information when You use the Platform and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Platform. By using the Platform, You agree to the collection and use of information in accordance with this Privacy Policy.
Notice to Patients
If you are a patient of one of our Subscriber clinics or clinicians, your clinic or clinician controls your patient information, including your contact information, billing details and patient records. Please contact your clinic or clinician for any questions about your patient information. See the section titled Patient Data below for further information.
Why Motusi Collects Personal Information
Motusi collects personal information in order to provide our Platform to our Subscribers and their users, to learn about use of our Platform (for improvement, accessibility and relevant content), and to provide you with information about our Platform, including features and promotions. We collect only the minimum amount of personal information needed for these purposes. We do not sell or trade personal information, and we will only share your personal information with third parties in the ways that are described in this Privacy Policy.
Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Platform or parts of our Platform.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Application means the software program provided by the Company downloaded by You on any electronic device, named Motusi App.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Motusi Corporation, 1001 SE Water Avenue, Suite 460, Portland, OR 97214.
For the purpose of the GDPR, the Company is the Data Controller.
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: United States
Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Platform such as a computer, a cellphone or a digital tablet.
Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
Personal Data is any information that relates to an identified or identifiable individual.
For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
Platform refers collectively to the Motusi platform, Kit, mobile application, websites and web-based resources.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Platform, to provide the Platform on behalf of the Company, to perform services related to the Platform or to assist the Company in analyzing how the Platform is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Subscriber refers to anyone who has subscribed to and paid for use of our Platform (for example, a health clinic, health clinician, health groups or individuals).
Usage Data refers to data collected automatically, either generated by the use of the Platform or from the Platform infrastructure itself (for example, the duration of a page visit).
Website refers to the Motusi Platform, accessible from https://motusi.com.
You means the Subscriber or individual accessing or using the Platform, such as a clinician or staff member of a Subscriber, or an individual browsing or using our websites and web-based resources, or the company, or other legal entity on behalf of which such individual is accessing or using the Platform, as applicable.
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Platform.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Platform, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. We use your contact information to activate your user account, give you access to the Platform, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us at support@Motusi.com. Please note that Motusi does not collect or manage the contact information of patients, or any marketing or other communications between a Subscriber and its patients. Personally identifiable information may include, but is not limited to:
Email address
First name and last name
Phone number
Address, City, State, Province, ZIP/Postal code
Bank account information in order to pay for products and/or services within the Platform
Usage Data
Billing Information. When a Subscriber subscribes to our Platform, we also collect ACH or credit card information to process payment. Credit card information is provided directly to our payment processor and is processed in a PCI-compliant manner. We do not keep your credit card information. Note that when credit card information is referred to as being “stored”, this means we have a “token”. The token replaces sensitive information and acts as a non-sensitive placeholder that can be used by the payment processor to reference your credit card information when payments need to be processed.
Usage Data
Usage Data is collected automatically when using the Platform.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Platform that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Platform by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Platform or when You access the Platform by or through a mobile device.
Information Collected while Using the Application
While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:
Pictures and other information from your Device's camera and photo library
We use this information to provide features of Our Platform, to improve and customize Our Platform. The information may be uploaded to the Company's servers and/or a Service Provider's server or it may be simply stored on Your device.
You can enable or disable access to this information at any time, through Your Device settings.
Tracking Technologies and Cookies
We may use Cookies and similar tracking technologies to track the activity on Our Platform and store certain information. Tracking technologies used are tags, and scripts to collect and track information and to improve and analyze Our Platform. The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Platform. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Platform may use Cookies.
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here: Cookies by TermsFeed Generator.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
To provide and maintain our Platform, including to monitor the usage of our Platform.
To manage Your Account: to manage Your registration as a user of the Platform. The Personal Data You provide can give You access to different functionalities of the Platform that are available to You as a registered user.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Platform.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Platform users is among the assets transferred.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Platform, products, services, marketing and your experience. Data used for these purposes is anonymized and not personally identifiable.
Sharing Your Information
We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. We will only share personal information we collect in the following circumstances:
Suppliers and Service Providers: In order to operate our business and provide the Platform to our Subscribers and their users, we may need to share a limited amount of personal information, including Patient Data, with our third-party suppliers and service providers. Before sharing personal information, we ensure that the third parties receiving the personal information have provided appropriate safeguards, and that privacy rights are protected and preserved. Some of the areas where we use third-party suppliers and service providers include:
Our data centers where all platform data is stored
Customer support services to help us collect feedback and manage our support services
Communication services to send out email and SMS notices or reminders
Payment processors
Corporate Transactions: We may share personal information in connection with negotiating or carrying out a financing or acquisition of our business, a merger or amalgamation with another business, or a sale of all or part of our company assets. Before sharing personal information, we will ensure that appropriate confidentiality and non-disclosure undertakings are in place. We will not share Patient Data in these circumstances.
Compliance with Laws: We may disclose personal information to a third party if we are required to do so by applicable law, government request, court order or regulatory body. We may also be required to disclose personal information to enforce our legal rights, to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. In such instances, if permissible, we will make every reasonable effort to give you as much notice as possible regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Patient Data unless legally required to do so.
Anonymized/Aggregated Data: Motusi may use computer-generated algorithms to gather anonymous and aggregated information from our Subscribers and their Patient Data in order to assist in our continued development and improvement of the Platform, and for research, data analysis, benchmarking, statistics or trend analysis. We will ensure that none of the information we gather identifies, or could be used to identify, any user or patient. Motusi may share such anonymized information with Subscribers and others, for example, by providing insights into most common conditions, most popular treatments or benchmarking fees against industry or regional norms.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Platform, or We are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company’s Cloud Computing Provider (Amazon Web Services), and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Platform
Protect the personal safety of Users of the Platform or the public
Protect against legal liability
Security of Your Personal Data
We protect your personal information, including Patient Data stored in our platform, by:
Using industry standard security controls such encryption and SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
Using state-of-the-art data centers with appropriate security and compliance certifications, such SOC 2, that are HIPAA compliant.
Having our personnel sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process, and only accessing your account when you request assistance from us.
Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via the email address or mobile phone number you use for the Platform.
While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential.
Patient Data
Subscribers use our Platform to collect personal information from their patients and create patient records. This information is sometimes referred to as “personal health information”, “protected health information”, “data concerning health”, “sensitive data” or “movement data” depending on the location of the Subscribers and the privacy laws applicable to them. If you are a patient, Patient Data is collected from you when you visit your Subscriber clinic or clinician and when You set up an account with the Subscriber clinic through our Platform.
Subscriber’s Role
Subscribers retain sole control over Patient Data and may be referred to as a “Motusi Pro”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them.
Subscribers determine:
What Patient Data to collect; How the Subscriber will use the Patient Data; Who has access to Patient Data; How long the Subscriber will store Patient Data; and On what basis the Subscriber may delete Patient Data.
Subscribers are responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.
Motusi stores Patient Data in secure data centers and makes it available to Subscribers and their users through our Platform. Motusi otherwise has no control over Patient Data. Motusi will only access Patient Data on the instructions of the Subscriber or its clinicians or staff or, in rare cases, where needed in order to prevent or address technical problems or if required by law.
Storage Location
Patient Data is stored in the regional data center for the location chosen by the Subscriber during the sign-up process. We currently have regional data centers in the Western and Eastern United States though this may change from time to time. All our data centers and service providers maintain a high level of security and are compliant with applicable privacy laws.
Patient Rights
Patients have certain rights with respect to their Patient Data, which may include knowing what information your Subscriber clinic has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data. Please note that Subscribers have strict legal and regulatory obligations around Patient Data and may not always be permitted to delete or remove Patient Data.
Questions about Patient Data
If you have any questions about your Patient Data or wish to exercise any or your patient rights, please contact your Subscriber clinic or clinician. If your Subscriber clinic or clinician has any questions about the management of Patient Data in the Platform, they may contact us and we will support them as needed to respond to your request. Please note that, in order to maintain strict security of your Patient Data, we can only access Patient Data upon instruction from the Subscriber.
Detailed Information on the Processing of Your Personal Data
The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Platform in accordance with their Privacy Policies.
Email Marketing
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We use Amazon Simple Email Service (SES) to manage and send emails to You. Their Privacy Policy can be viewed at https://aws.amazon.com/privacy.
GDPR Privacy
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Platform.
Exercising of Your GDPR Data Protection Rights
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)
Our Platform does not respond to Do Not Track signals.
However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.
Children's Privacy
The Platform may contain content appropriate for children under the age of 13. As a parent, you should know that through the Platform children under the age of 13 may participate in activities that involve the collection or use of personal information. We use reasonable efforts to ensure that before we collect any personal information from a child, the child's parent receives notice of and consents to our personal information practices.
We also may limit how We collect, use, and store some of the information of Users between 13 and 18 years old. In some cases, this means We will be unable to provide certain functionality of the Platform to these Users. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
We may ask a User to verify its date of birth before collecting any personal information from them. If the User is under the age of 13, the Platform will be either blocked or redirected to a parental consent process.
Information Collected from Children Under the Age of 13
The Company may collect and store persistent identifiers such as cookies or IP addresses from Children without parental consent for the purpose of supporting the internal operation of the Platform.
We may collect and store other personal information about children if this information is submitted by a child with prior parent consent or by the parent or guardian of the child.
The Company may collect and store the following types of personal information about a child when submitted by a child with prior parental consent or by the parent or guardian of the child:
First and/or last name
Email address
Telephone number
For further details on the information We might collect, You can refer to the "Types of Data Collected" section of this Privacy Policy. We follow our standard Privacy Policy for the disclosure of personal information collected from and about children.
Parental Access
A parent who has already given the Company permission to collect and use their child’s personal information can, at any time:
Review, correct or delete the child's personal information
Discontinue further collection or use of the child's personal information
To make such a request, You can contact Us using the contact information provided in this Privacy Policy.
Links to Other Websites
Our Platform may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Platform, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, You can contact us as follows:
Motusi Corporation
Attention: Compliance Officer
1714 NW Overton St, Suite 2A
Portland, OR 97209
By email: support@motusi.com
By visiting this page on our website: https://motusi.com/connect