General

We may collect and store information about you when you access the Site. We use the information for a number of reasons such as: improving the Site’s quality, personalizing your experience, tracking usage of the Site, providing feedback to caregivers and/or hospitals, marketing the Site (including on social media), providing customer support, messaging you, backing up our systems and allowing for disaster recovery, enhancing the security of the Site, and complying with legal obligations.

Among the information we collect, please note:
a. User Information: If you create an account on the Site and/or post a statement of gratitude to a care provider on carepostcard, we may store and use your full name, email address, street address, city, state, zip code, and other information you may provide.
b. Activity: We may store information about your use of the Site, such as your search activity, the pages you view, and the date and time of your visit(s). We also may store information that your computer or mobile device provides to us in connection with your use of the Site, such as your browser type, type of computer or mobile device, browser language, IP address, mobile carrier, phone number, unique device identifier, advertising identifier, location (including geolocation, beacon based location, and GPS location), and requested and referring URLs. You may be able to disallow our use of certain location data through your device or browser settings, for example by disabling “Location Services” for the carepostcard application in iOS privacy settings. You may need to do this for each device you use to access our Platform.

Please note the following:

If you use the Platform with an account provided by your employer, your employer can:
• Control and administer the Platform and your account, including controlling privacy-related settings of the Platform or your account.
• Access and process your data, including the interaction data, diagnostic data, and the contents of your communications and files associated with your Platform account.
If you lose access to your work account (in event of change of employment, for example), you may lose access to the Platform and the content associated with the Platform.
If your employer provides you with access to the Platform, your use of the Platform is subject to your employer’s policies (including any applicable privacy policies) in addition to the Platform’s policies. Your employer’s privacy and security practices may differ from those of the Platform, and we are not responsible for the privacy and security practices of our clients (including your employer). If you have any questions regarding your employer’s participation in the Platform or provision of your information to us, you may direct such concerns to your employer’s administrator. When you use some features of the Platform, other users in your network may see some of your activity.
When you use the Platform as provided by your employer, our processing of your personal data in connection with the Platform is governed by a contract between us and your employer. We process your personal data to provide the product to your employer and you, and for our legitimate business operations related to providing the Platform. For information that you may have provided to us independently from your organization, you may direct privacy requests to us at privacy@wambi.org.

a. User Information: Your first and last name will be publicly displayed as part of your carepostcard.

b. Public Content: The information that you contribute to carepostcard is intended for public consumption, including your full name and/or any statement of gratitude that you write to a care provider on carepostcard (including any personally identifiable information and/or personal health information you include in such a statement). We may display this information on the Site and further distribute it to a wider audience for marketing purposes (for example, through social media). You agree that you will not post personally identifiable and/or personal health information regarding any third party, including, but not limited to, a family member and/or friend. We reserve the right to, but are not obligated to, remove or edit any post that contains personally identifiable or personal health information regarding any healthcare provider or third party.

We may use cookies, web beacons, tags, scripts, local shared objects such as HTML5 and Flash (sometimes called “flash cookies”), advertising identifiers (including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID) and similar technology (“Cookies”) in connection with your use of the Site. Cookies may have unique identifiers, and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit information about you and your use of the Site, such as your browser type, search preferences, IP address, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. Cookies may be persistent or stored only during an individual session.
The purposes for which we use Cookies in the Service include:
Purpose Explanation
Strictly Necessary Intended to prevent fraud, protect your data from unauthorized parties, and comply with legal requirements.
Performance Intended to make the Site work in the way you expect.
Functionality Intended to remember information about how you prefer the Site to behave and look.
Performance/Analytics Intended to help us understand how visitors use the Site.
Targeting/Advertising Intended to help tailor advertising or other notifications to you based on your use of the Site.
It may be possible to disable some (but not all) Cookies through your device or browser settings, but doing so may affect the functionality of the Site. The method for disabling Cookies may vary by device and browser, but can usually be found in preferences or security settings.

Third parties may receive information about you as follows:
a. Service Providers: We may rely on third party providers to perform certain services for us in connection with your use of the Site, such as communications and hosting services, network security, technical and customer support, tracking and reporting functions, quality assurance testing, our own marketing of the Site, and other functions. We may share information from or about you with these third party providers so that they can perform their services or complete your requests. These third party providers may share information with us that they obtain from or about you in connection with providing their services or completing your requests.
b. Aggregate Information: We may share user information, including deidentified or aggregated information with third parties, such as hospitals and other care providers.
c. Business Transfers: We may share information from or about you with our parent companies, subsidiaries, joint ventures, or other companies under common control, in which case we will require them to honor this Privacy Policy. If another company acquires us or all or substantially all of our assets, that company will possess the same information, and will assume the rights and obligations with respect to that information as described in this Privacy Policy.
d. Investigations: We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure (a) is reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) is helpful to prevent, investigate, or identify possible wrongdoing in connection with the Site; or (c) protects our rights, reputation, property, or that of our users, affiliates, or the public. If you flag or otherwise complain to us about content on the Site, we may share the substance of your complaint with the contributor of that content in order to provide an opportunity for the contributor to respond.
e. Other Parties With Your Express or Implied Consent: We may share information about you with third parties when you consent to such sharing or use a third party site (e.g., social media) to share information from our site.

This Site is not intended or designed for the use of children under the age of 13. We do not collect information from a person we actually know is a child under the age of 13.

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have questions regarding this Privacy Policy, you may contact us by email at privacy@wambi.org or write to us at the following address:
Aetas Company LLC DBA Wambi LLC
Attn: Data Privacy Manager
755 West Lancaster Avenue, #1084
Bryn Mawr, PA 19010, USA

Under the California Consumer Privacy Act (“CCPA”), California residents have certain rights concerning our collection, use, and sharing of your personal information.

We collect various categories of personal information when you use the Site, as set forth in this Privacy Policy. If you are a resident of California, you have the right to request to know what personal information has been collected about you, and to access that information. You also have the right to request deletion of your personal information, though exceptions under the CCPA may allow us to retain and use certain personal information notwithstanding your deletion request. While we do not receive monetary consideration for any personal information you have provided to us, certain transfers of your information to third parties may be considered a “sale” under California law. You may also lodge a “Do Not Sell” request with us. You can submit a data rights request by emailing us at privacy@wambi.org or sending a request in writing to:

Aetas Company LLC DBA Wambi LLC
Attn: Data Privacy Manager
755 West Lancaster Avenue, #1084
Bryn Mawr, Pennsylvania 19010

Please be sure to include “California Privacy Rights Request” in the subject line of your request, and indicate whether you are requesting to access, delete or opt out of the sale of your personal information. You must provide your full name, email address, and attest that you are a California resident by providing a California postal address in your request.

We will not discriminate against you for exercising your rights under the CCPA. An agent may submit a request on your behalf, but you must verify that your agent is authorized to do so.

Separate from the CCPA, California’s Shine the Light law gives California residents the right to ask companies what personal information they share with third parties for those third parties’ direct marketing purposes.

Nevada law (SB 220) requires website operators to provide Nevada consumers with information about whether the business has sold for monetary consideration certain information regarding Nevada residents, and allow those residents to opt out of the sale of certain information that the website operator may collect about them. While we do not believe that the products or services we provide fall under the Nevada statute, Nevada residents may write to request this information or opt-out of the transfer of this information. Please contact us at privacy@wambi.org if you would like to exercise your privacy rights under Nevada law – please include “Nevada Privacy Rights” as your subject line and include your full name, email address, and attest that you are a Nevada resident by providing a Nevada postal address in your request.