Last updated July 19, 2022
When you access the Services, we may ask you to voluntarily provide us certain information that personally identifies (or could be used to personally identify) you (“Personal Information”). Personal Information includes, but is not limited to, the following: (a) contact data such as your email address and phone number; (b) demographic data such as your gender, your date of birth, and your address including ZIP Code; and (c) other information that you voluntarily choose to provide to us including without limitation your National Identity Number, unique identifiers such as passwords, and Personal Information in emails or letters that you send to us.
You may still access and use some of the Services if you choose not to provide us with some Personal Information, but certain features may not be accessible to you as a result.
We also may automatically collect certain data elements when you use the Services, such as (a) IP address; (b) domain server; (c) type of device(s) used to access the Services; (d) web browser(s) used to access the Services; (e) referring webpage or other source through which you access the Services; (f) geolocation information; and (g) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information. We may also collect addition information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent.
Some of the demographic, health, and/or health-related information that Cowva collects as part of providing the Services may be considered “protected health information” or “PHI.” Specifically, when Cowva receives identifiable information about you from you and/or on behalf of your Healthcare Providers, this information is treated by Cowva as PHI. Cowva ensures specific protections for the privacy and security of PHI and fulfills all restrictions on how PHI is used and disclosed.
Today, Cowva primarily relies on email addresses and phone numbers on-file with your vaccination provider to verify your identity in order to transmit personal and/or family immunization records. You are responsible for ensuring that your personal and/or family immunization records are accurate and complete. Cowva cannot guarantee that an estranged or former spouse, for example, would not have access to your and/or your child’s immunization records. Please contact your provider to ensure the phone numbers and email addresses on-file with them belong only to you. Cowva recommends that you do not share your passwords needed in order to access your personal and/or family immunization records.
Cowva ENABLES PATIENT USERS TO VOLUNTARILY AND SELECTIVELY TRANSMIT PHI TO TRUSTED THIRD PARTIES.
How We Collect Information
We collect information (including Personal Information and Traffic Data) when you use and interact with the Services through your provider, and in some cases from third-party sources. Such information includes (but is not limited to): when you use the Services’ interactive tools, send us an email, or otherwise contact us.
How We Use Information
We use the information we collect, including Personal Information, to provide and continuously improve the Services. When Cowva users use the Services try to access personal and/or family immunization records, Cowva will collect user-reported information (e.g. First Name, Last Name, Date of Birth, Sex, cellphone number, and/or email, Cowva ID). Cowva retrieves and stores information from providers such as but not limited to immunization records (including line-level detail about shots such as when and where immunizations were administered, immunization manufacturer, and other relevant clinical information), immunization forecasting schedules, allergies, contraindications, immunities, home address. Cowva primarily stores immunization data for your convenience. Cowva may report deidentified immunization-related data (e.g. number of immunization records obtained using Cowva) to state, federal authorities and other public health partners. We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses Cowva and how we could enhance our products and services. Cowva indicates within the application what user-reported data is required in order to provide the Services.
Disclosure of Information
We may disclose certain information that we collect from Patient Users. Cowva will not disclose Personal Information without your consent. For example, we may disclose certain information (e.g. specific immunization records) to third parties at the user’s request when the user presents their Cowva generated report for verification of immunization. We do not sell email addresses to third parties. We may, however, choose to share your email addresses with our business partners to enable them to help Cowva customize our advertising.
We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses Cowva and how we could enhance our products and services. We may also need to disclose your Personal Information or any other information we collect if we determine in good faith that such disclosure is needed to: (a) comply with applicable law, regulation, court order, or other legal process; (b) protect the rights, property, or safety of Cowva or another party; (c) enforce the Agreement or other agreements with you; or (d) respond to claims that any posting or other content violates third-party rights.
Your privacy is important to us. As such, we endeavor to follow generally accepted standards to protect Personal Information submitted to us, both in storing and during transmission. Personal Information submitted to Cowva is encrypted. Although we make good faith efforts to store Personal Information in a secure operating environment, we do not and cannot guarantee the security of your Personal Information.
Information Provided by or on Behalf of Children
The Services are not intended for use by children under the age of 18. By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age 18.
If we learn that we have received any information directly from a child under age 18 without his/her parent’s consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services and subsequently we will delete that information. If you are a minor child in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian.
If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information.
Controlling Personal Information
Registered Patient Users may view and modify certain data elements, including Personal Information, submitted to Cowva.
Cowva reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement, and take other actions permitted by applicable law.
If you believe that anybody has unauthorized access to any of your phone numbers or email addresses, you must rectify the situation immediately by either: (a) changing all relevant passwords or; (b) contacting your provider. If you believe that an estranged spouse, partner, or anybody not authorized to access your child’s records has access to your child’s records through Cowva, you must contact your provider immediately to resolve any custody-related issues.
Additional Disclosures for California Residents
This section applies to California residents when and if the California Consumer Privacy Act is applicable to our Site and Services about whom we have collected Personal Information, including through the use of our Site or Services, by purchasing or utilizing our Service, or by communicating with us electronically, in paper correspondence, or in person. For purposes of this section, the term “Personal Information” includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.
We may disclose the following types of Personal Information to third parties for a business or commercial purpose, as further described: identifiers, medical and health insurance information, protected classifications under applicable law, commercial information, biometric information, internet or similar network activity, geolocation data, sensory data, professional or employment-related information, alerts for upcoming or overdue immunizations, and inferences from other Personal Information. Functionality within the Cowva platform enables consumers to consolidate and share Personal Information with third parties. You may be entitled by applicable law to exercise the following rights with respect to your Personal Information:
- Right to Know. You have the right to request what Personal Information we collect, use, disclose, and/or sell, as applicable. Please note that Cowva clearly indicates within the app what data is collected in order for Cowva to perform the Services.
- Right to Delete. You have the right to request that we delete the Personal Information that we have collected about you. Users have the ability to delete their information under Settings & Info within the application.
- Right to Opt-out of the Sale of Personal Information. You have the right to request to be opted-out from the sale of your Personal Information. Please note that Cowva does not sell user-provided information with third parties without your consent.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy right described herein.
You may also authorize someone to exercise the above rights on your behalf. If we have collected information on your minor child (e.g. immunization records), you may exercise the above rights on behalf of your minor child. In addition, residents of California also have the right to request once per calendar year certain information with respect to types of Personal Information (as defined by California law) we share with third parties for those third parties’ direct marketing purposes, as the identities of the third parties with whom we have shared such information during the immediately preceding calendar year.
The above rights are subject to our ability to reasonably verify your identity and authority to make these requests by providing verifiable information such as the following:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we have collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Through partnership with public health agencies, Cowva may offer consumer access to immunization records. As such, Cowva only accesses personal and sensitive data required directly to support public health-related efforts. Specifically, Cowva uses this data to facilitate consumer access to personal and family immunization records.
External File Storage
Cowva supports the capability for users to share and/or save a PDF copy of their personal and family immunization records. As such, Cowva may require access to read and/or write to your phone’s file storage.