Sessions, Inc (“Sessions,” “us”, “we”, or “our”) operates the www.sessionshealth.com website (hereinafter referred to as the “Service”). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data (“Privacy Policy” or “Policy”).
We use your data to provide and improve the Service. By using the Service and accepting our Terms and Conditions, you agree to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions,accessible from www.sessionshealth.com or app.sessionshealth.com.
Definitions.
Service. Service is the app.sessionshealth.com website operated by Sessions, Inc.
Personal Data. Personal Data means data about a living individual who can be individually identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data. Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies. Cookies are small files stored on your device (computer or mobile device).
Types of Data Collected.
Personal Data
While using our Service, we may ask you to provide us with certain individually identifiable information that can be used to contact or individually identify you (“Personal Data”).
| Category | Examples | Collected | Disclosed |
|---|---|---|---|
| Identifiers. | A real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name. | YES | YES – Service providers as needed for services used. |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, telephone number, credit card number, debit card number, or any other financial information. | YES | YES – Payment processor to collect payment for services. |
| Protected classification characteristics. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO | NO |
| Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | NO |
| Sensitive Personal Data | Precise geolocation, Social Security number, driver’s license, state identification card, passport number, financial account, racial or ethnic origin, religious/philosophical beliefs, or union membership, genetic data and processing of biometric information, health and sexual orientation. | NO | NO |
| Biometric Information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | NO |
| Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | NO | NO |
| Geolocation data. | Physical location or movements. | NO | NO |
| Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | NO |
| Professional or employment-related information. | Current or past job history or performance evaluations. | NO | NO |
| Non-public education information. | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO | NO |
| Inferences drawn from other Personal Data. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO | NO |
We may obtain the Personal Data listed above from the following categories of sources:
Usage Data
We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Cookies
We use Cookies to help support certain parts of our Service. You can read more about it at our Cookie Policy.
Aggregated and De-Identified Data
We may also collect, use and disclose aggregated and de-identified data such as statistical or demographic data for internal purposes. Aggregated and de-Identified data could be derived from your Personal Data but is not considered Personal Data under applicable law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated or de-identified data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Policy.
Free-Text Boxes
The information that you provide in each case will vary. In some cases, you may be able to provide Personal Data via email or free text boxes, such as contacting Sessions to request further information. When providing your Personal Data, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services or support.
Credentials; Other Sources. We may ask you to create a username and password that should only be known to you. When you provide this information to us, you are no longer anonymous. Additionally, we may receive information about you from other sources and add it to the information you have provided to us.
Recording Use of the Website. We partner with trusted third-party vendors to analyze performance and traffic of our Website. This may include things like buttons you click, mouse movements and other behavior on the Website, date and time of access, pages visited, web beacons, and cookie or pixel tag information.
Use of Data:
Sessions, Inc uses the collected data for various purposes:
Disclosure of Data. We do not sell or lease your Personal Data to any third party. We may disclose your Personal Data under the following circumstances.
Business Transaction
If Sessions, Inc is involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
Disclosure for Law Enforcement
Under certain circumstances, Sessions, Inc may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Legal Requirements
Sessions, Inc may disclose your Personal Data in the good faith belief that such action is necessary to:
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we have stringent data security policies and use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Service Providers.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose. For those service providers that process Protected Health Information on behalf of Session, a business associate agreement (“BAA”) is also in place.
Currently, our service providers include:
Third-Party Services or Websites.
Our Service may contain links to third party websites or services that are not owned or controlled by Sessions, Inc.
Sessions has no control over, and assumes no responsibility or liability for the content, privacy policies, or practices of any third-party websites or third-party services. We do not warrant the offerings of any of these entities/individuals or their websites.
You acknowledge and agree that Sessions shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such third-party content, goods or services available on or through any such third- party web sites or services.
We strongly advise you to read the applicable terms and conditions and privacy policies of any third-party websites or services that you visit.
Information of Minors
We do not knowingly collect or use information from individuals under the age of eighteen (18) without parental or guardian consent. We do not target the website Service to minors, and would not expect them to be engaging with the website or our Service. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Data that we have collected about minors under the age of eighteen (18), we will take steps to securely remove it from our systems.
Your Rights Under State Law
California.
Your Consumer Rights.
Some state laws in the United States provide consumers with additional rights with respect to their Personal Data (also known as “personal information”), as those terms are defined under those applicable state laws. Such state laws may include, but are not limited to, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Florida Digital Bill of Rights, the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act (collectively, the “U.S. State Privacy Laws”). Any Personal Data we collect is collected for the commercial purpose of effectively providing our services to you, as well as enabling you to learn more about, and benefit from, our services. If you reside in a state that provides additional rights with respect to your Personal Data, you may exercise each of your rights as identified below, subject to our verification of your identity.
Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Data. If an authorized agent makes a request on your behalf, we may require proof that you gave the agent permission to submit the request.
Responding to Your Request. Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the Personal Data. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
LOCATION OF OUR WEBSITE AND SERVICES
Unless specifically stated in writing, we do not warrant or represent that this Policy or the website’s use of your Personal Data complies with the laws of every jurisdiction. Furthermore, to provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Data in accordance with this Policy.
FOR USERS OUTSIDE THE UNITED STATES
Under the (i) General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), (ii) Data Protection Act 2018, (iii) the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland (i.e., “UK GDPR”) as provided in the Data Protection Act 2018, and (iv) any other applicable data protection legislation of any country or other jurisdiction (collectively “International Data Protection Laws”) individuals have specific rights with respect to their Personal Data, or “personal data” as defined under the International Data Protection Laws. For the purposes of this Policy, Sessions operates as a data controller. Any personal data we collect from you is processed in the United States and under the terms of this Policy.
Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.
The Data Controller is:
NAME: Sessions, Inc.
ADDRESS: 3948 Market St #24702, Minneapolis, MN 55424
EMAIL ADDRESS: contact@sessionshealth.com
You can exercise any of the following rights, subject to verification of your identity, by notifying us as described below:
Exercising your rights. If you are a data subject that has rights under the International Data Protection Laws, who chooses to exercise the rights listed above, you can submit a request via email at contact@sessionshealth.com.
Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in a European Union member state or the United Kingdom, you may also lodge a complaint with the supervisory authority in your country.
Changes to This Privacy Policy.
We may update our Privacy Policy from time to time, which you may find on our website at www.sessionshealth.com. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us:
If you have any questions about this Privacy Policy, please contact us at contact@sessionshealth.com.