Effective Date: April 27, 2022
Welcome! You’ve arrived at an App or Site operated by Safe Haus LLC (“Safe Haus,” “we,” “our,” or“us”). We value your privacy and make every effort to collect from users as little personal information as possible to allow for the safe and responsible gathering of groups.
We are required by law to tell you what information we collect from you, why we collect it, how we use it, under what circumstances we may share it with third parties, and how we protect that information.
1. What Information We Collect
A. Information You Provide to Us In connection with the Services we provide, we may ask you to provide us with certain information below, collectively known as “Personal Information”:
• Your name, email address and/or mobile number.
• Your birthdate (used to identify you and confirm that testing records are properly matched to you).
• Medical and/or health information relating to coronavirus (COVID-19), such as your responses to a questionnaire or a negative test of the coronavirus COVID-19 within a certain timeframe prior to granting access to an event, set, place of employment, or other location. You might be required to show this evidence or additional proof at a later time, and you may be required to update this information periodically.
• Other information that could reasonably be used to identify you personally or identify your household or device as identified at the time of collection. You may also be issued a Test ID, a Global ID, and a User or Member ID. These identification numbers will be de-identified and/or hashed prior to use in the App.
B. Information That Is Automatically Collected
In addition to information that you choose to submit to us, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the App (“Usage Information”). This Usage Information may be stored and/or accessed from your mobile phone or other device (a “Device”) whenever you visit or interact with the App. Usage Information may include:
• Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier
• Your Device functionality (including browser, browser language, operating system, hardware, mobile network information);
• Referring and exit web pages and URLs;
• The areas within the App that you visit and your activities there, including remembering you and your preferences;
• Your Device location or other geolocation information regarding the location from which you accessed the Services;
• Your Device characteristics; and
• Certain other Device data, including the time of day you visit the App.
We may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the App), include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):
• Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. The App may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage.
• Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on the App’s pages and messages.
• Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the App, such as the links you click on.
• ETag, or entity tag. An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
• Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
• Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).
We may use Tracking Technologies for a variety of purposes, including:
• To allow you to use and access the App, including for the prevention of fraudulent activity and improved security functionality;
• For contact tracing or other notification purposes related to COVID-19 or other public health or safety matters;
• To assess the performance of the App, including as part of our analytic practices or otherwise to improve the content, products or services offered through the App.
D. Information We Collect When You Interact with Third-Party Apps
We may not control or have access to your communications through these third parties. Further, when you use third-party sites or services, you are using their services and not our services and they, not we, are responsible for their practices. You should read the applicable third-party privacy policies before using such third-party tools on the App. Please also see our Terms of Service for further information.
2. Why We Collect Information
We may use your information for various purposes, including:
• Providing the Services to you, your employer, your workplace, or an event you are attending;
• Responding to your requests for information;
• Verifying your device and/or its location;
• Verifying your identity and for fraud prevention;
• Providing you with updates and information by push notification, including health and safety alerts where applicable;
• Improving the effectiveness of the App and our product and service offerings;
• Identifying your product and service preferences;
• Helping us address problems with and improve the App and our products and services, including testing and creating new products, features, and services;
• Protecting the security and integrity of the App, including understanding and resolving any technical and security issues reported on the App;
• Engaging in analysis, research, and reports regarding the use of the App and Services;
• For internal business purposes;
• Complying with the law and protecting the safety, rights, property or security of Safe Haus, the Services, and the general public;
• Communicating with public health authorities relating to reporting obligations, if applicable; and
3. When We Disclose Information
• To inform you, your employer, your worksite, or an event location, including production companies, event planners, and facilities managers, of a potential exposure or positive diagnosis of coronavirus (COVID-19) or other medical condition that necessitates potential testing, notification, quarantine, or isolation of you or of others;
• To comply with other orders and guidelines within a public health emergency, including admission control and/or enforcement of a local, city, regional, state, or federal law, regulation, order, or guideline;
• To comply with a validly issued and enforceable subpoena or summons;
• In conjunction with a prospective purchase, sale, or merger of all or part of our company, Apps or Services, provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review;
• As a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record;
Please note that we may aggregate, de-identify, and/or anonymize any information collected through the App or Services such that such information is no longer linked to your Personal Information (“Non-Personal Information”), including your Test ID, Global ID, and User or Member ID. We may use and share this Non-Personal Information for any purpose, including without limitation, for analytics, research, or marketing purposes.
4. Your Choices About the Information We Collect
Please note that certain of your Personal Information, such as your name or other basic identifying information, may remain in our database even after a deletion request in order to maintain the integrity and historical record of our database and systems, or to comply with applicable laws and regulations.
5. Children’s Privacy
The App is not intended for use by children under the age of 16. We do not request, or knowingly collect, any personally identifiable information from children under the age of 16. If you are the parent or guardian of a child under 16 who you believe has provided their information to us, please contact us at firstname.lastname@example.org to request the deletion of that information.
6. Do Not Track Disclosures
Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally-agreed upon standard for what a company should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here.
7. HIPAA Compliance
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we are required to disclose to you that we will have temporary access to your health information – specifically, a negative COVID-19 test – but will only use such information to determine your eligibility to enter a location or event safely. We will not store this information on our servers. We will disclose this information only as stated above in the “When We Disclose Information” section.
8. Updating Personal Information
We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please make appropriate changes in the App or contact us at email@example.com. We will make good faith efforts to make requested changes in our active databases as soon as reasonably practicable (but we may retain prior information as business records).
Safe Haus uses enterprise-grade security and regular audits to ensure that we are always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 compliant. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the App, and you provide us with your information at your own risk.
11. Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:
• The right to access, update or delete the information we have on you. Whenever made possible,you can access, update or request deletion of your Personal Information by contacting us at the contact information below.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Information.
• The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where Safe Haus relied on your consent to process your Personal Information.
• Legal Basis for Processing Personal Information Under GDPR In most instances, Safe Haus is a controller of Personal Information; however, in some instances Safe Haus may be a processor of Personal Information. Safe Haus’ legal basis for collecting and using the Personal Information described in this section depends on the Personal Information we collect and the specific context in which we collect it.
Safe Haus may collect or process your Personal Information because:
• We need to provide a service to you;
• You have given us your consent to do so;
• The processing is in our legitimate interests and it is not overridden by your rights; or
• To comply with the law.
A. Retention of Information
Safe Haus will also retain Personal information, including Usage Data, for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the App or from the App infrastructure itself. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our App or we are legally obligated to retain this data for longer periods.
B. Disclosure of Personal Information
Under certain circumstances, Safe Haus may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
C. Legal Requirements
Safe Haus may disclose your Personal Information in the good faith belief that such action is necessary
• To comply with a legal obligation;
• To protect and defend the rights or property of Safe Haus;
• To prevent or investigate possible wrongdoing in connection with the Service;
• To protect the personal safety of users of the Service or the public; and/or
• To protect against legal liability.
D. Exercising Your Rights Under GDPR
If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the details in the Contact Us section below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA in order to obtain the information. We will respond to your request within 30 days or let you know if we need additional time. Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request. Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us at firstname.lastname@example.org.
For more information about the GDPR, please contact your local data protection authority in the EEA.
12. Your California Privacy Rights
At the present time, Safe Haus does not meet the minimum thresholds for the application of the California Consumer Privacy Act (“CCPA”). However, if you would like to delete or modify your information, please send us a request at email@example.com. Third Party Marketing. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. Please note that Safe Haus does not share any personal information with third parties for their direct marketing purposes.