Privacy Notice

Carrot Fertility, Inc. (“Carrot,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Notice explains how your personal information is collected, used, stored, processed, transferred and disclosed by Carrot.

Carrot is the controller responsible for protecting your personal information, which means we determine and are responsible for how your personal information is handled. Your employer will also initially send us your name and eligibility information ("Eligibility File"). If you have queries regarding the information contained in the Eligibility File, please contact your employer who is the controller of such information.

"Personal information" encompasses all personal data as defined in Art. 4 (1) of the European Data Protection Regulation ("GDPR"), meaning any information that relates to an identified or identifiable individual; provided, that in such circumstance(s) that applicable data protection laws require otherwise, “Personal information” has the meaning ascribed to it in such law(s).

While Carrot is not a 'Covered Entity' under the Health Insurance Portability and Accountability Act ("HIPAA"), we follow the guidelines for Covered Entities set forth in HIPAA as a Business Associate.

This Privacy Notice applies to our website https://get-carrot.com (our "Website") and any other website, mobile application, or online service that links to this Privacy Notice (collectively, our "Service").

Before accessing or using our Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this Privacy Notice.

1.  WHAT INFORMATION DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT?

We collect personal information about you when you voluntarily submit information to us when you use our Service. This can include information you provide to us when you register for an account, send us messages, subscribe to our mailing lists, newsletters or other forms of marketing communications, participate in a survey, or use some other feature of our Service.

We collect certain information automatically when you use the Service, such as information about the pages you look at on our Service, the actions you take on our Service or the device you use to access our Service.  We also may collect information about you from our third party partners.

The categories of personal information we collect include:

  • Contact and profile information
  • Sensitive Personal Data, including health data and data about your sexual orientation
  • Comments, chat and opinions
  • Payment and transaction information
  • Location information
  • Information provided by third parties
  • Information about fraudulent or criminal activity related to your account

Annex 1 sets out the categories of personal information we collect about you and how we use that information. It also lists the legal basis which we rely on to process the personal information and information as to applicable retention periods. You hereby expressly acknowledge and agree that the collection and processing described in this Privacy Notice are necessary for our performance of our obligations under the Terms & Conditions found at https://www.get-carrot.com/terms.

We also share information with others, such as your employer or third-party partners, in an aggregated or otherwise anonymised form that does not reasonably identify you as an individual.

For further information on your rights and choices regarding your information, see the Your Choices and Control Over Your Information and Your Rights In Respect Of Your Personal Information sections below.

We will indicate to you where the provision of certain personal information is mandatory and where it is optional. If you choose not to provide personal information marked as mandatory, we may not be able to provide you with requested products, services or information.

We also link or combine your activities and information collected from you on our websites with information we collect automatically through tracking technologies. This allows us to provide you with a personalized experience regardless of how you interact with us.

2.  WHAT INFORMATION ABOUT YOU IS COLLECTED AUTOMATICALLY AND HOW DO WE USE IT?

When you use our Service, read our emails, or otherwise engage with us through a computer or mobile device, we and our third party partners automatically collect information about how you access and use the Service and information about the device you use to access the Service.

We use this information to enhance and personalize your user experience, to monitor and improve our Service, and for other internal purposes.

We typically collect this information through a variety of tracking technologies, including cookies, location-identifying technologies, and similar technology (collectively, “tracking technologies”).

Information we collect automatically about you may be combined with other personal information we collect directly. For example, we may combine your location based on your IP address that we have collected automatically with your email address that you have provided.

Annex 2 sets out the categories of personal information we and our third parties collect about you automatically and how we use that information. It also lists the legal basis which we rely on to process the personal information and information as to applicable retention periods. We may also share information with others, such as your employer or third party partners, in an aggregated or otherwise anonymised form that does not reasonably identify you directly as an individual.

For further information on third parties using tracking technologies please see Annex 3.

For further information on your choices regarding your information, including choices around tracking technologies, see Your Choices and Control Over Your Information below.

3.  THIRD PARTY DATA COLLECTION OF USER EXPERIENCE INFORMATION  

On some of our websites or services, we use third party tools to monitor user experience information. These tools automatically collect usage information, including mouse clicks and movements, page scrolling and any text keyed into website forms. The information collected is de-identified and does not include passwords, payment details, or other sensitive personal data. We use this information for site analytics, optimization and to improve website usability. We do not permit this information to be shared with or used by third parties for their own purposes.

4.  YOUR CHOICES AND CONTROL OVER YOUR INFORMATION

Profile: You may update your profile information, such as your name, address, or bank account information.

How to control your communication preferences:  To the extent provided in the applicable data protection laws, we will only send you promotional and marketing emails, or contact you for promotional or marketing purposes by phone or SMS, if you have given us your explicit consent.  For US-based members, we will only contact you for promotional or marketing purposes by phone or SMS if you have given us your explicit consent.  You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may opt-out of receiving promotional calls, SMS/texts and direct mail communications from Carrot at any time with future effect as set forth in our Terms of Service. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).

Modifying or deleting your information:  If you have any questions about reviewing, modifying, or deleting your information, or if you want to remove your name or comments from our website or publicly displayed content, you can contact us directly at legal@get-carrot.com. We may not be able to modify or delete your information in all circumstances.  Your request to modify or delete your information may affect our ability to provide the Service.

Geolocation: We approximate your location based on your IP address when you access the Service through a computer or device.

Cookies and tracking preferences:

  • Cookies and Flash cookies. Most browsers allow you to adjust your browser settings to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies.

    Blocking or deleting cookies may negatively impact your experience using the Service, as some features and services may not work properly.

    You may set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you viewed or engaged with our emails.
  • Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. To manage Flash cookie settings and preferences, you must use the settings manager on Adobe’s website or by clicking here. If you choose to delete Flash objects from our Service, then you may not be able to access and use all or part of the Service or benefit from the information and services offered.
  • Some of these opt-outs may not be effective unless your browser is set to accept cookies. If you delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you will need to opt-out again.

5.  HOW WE STORE AND PROTECT YOUR INFORMATION

Data storage and transfer:  Your information collected through our Website may be stored and processed in the United States or any other country in which Carrot or its affiliates or service providers maintain facilities. Please note that these internal and external international transfers of your personal information are made pursuant to appropriate safeguards, for example as provided in the applicable data protection law(s).

If you wish to enquire further about these appropriate safeguards, please contact us using the details set out at section 10 below.

Keeping your information safe:  We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Service. When you enter sensitive information (such as a credit card number) on our order forms or login credentials (such as username and password) on our platform login, we encrypt the transmission of that information. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Retention of your information: The sections in Annexes 1 and 2 set out the applicable retention periods that we use with respect to your personal information.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.

In summary, we will retain your information only as long as necessary for the purposes outlined in this Privacy Notice and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as otherwise required by law.

6. DISCLOSURE OF YOUR INFORMATION

We will share your personal information with the following categories of recipients for the purposes set out in the Annexes:

  • Your employer: When you submit valid reimbursement requests for processing, we may share your name, Employee ID (or other unique identifier),the amount of your valid reimbursement request with your employer, and whether the reimbursement was related to an infertility diagnosis for disbursement, payroll and tax purposes, where applicable, or as otherwise required by applicable law;
  • Third party partners and service providers: We will share your personal information with third party partners and service providers , as necessary to achieve the purpose for which we have shared it, which may include fulfilling your orders for products available through our Service as requested by you, improving our Service and business, providing mailing services, web hosting, or providing analytic services.  Any such service providers and partners will be given limited access to personal information as reasonably necessary to achieve such purpose and will, by appropriate data processing agreements or analogous contractual provisions, be bound to only process personal information on our behalf and for specifically enumerated purposes ; if you would like to more specifically understand the services our third party partners render, please contact us using the details set out at section 10 below.
  • Independent third party providers and advisors: We may share your personal information with third party providers and advisors where this is necessary to achieve our legitimate interests, such as conducting security audits, consulting tax consultants and lawyers or engaging payment processors to process payment transactions;
  • Purchasers and third parties in connection with a business transaction: Personal information may be disclosed to third parties in connection with a Carrot-related transaction, such as a merger, sale of Carrot assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by a third party, or in the event of a bankruptcy or related or similar proceedings;  
  • Law enforcement, regulators and other parties for legal reasons: We may share your personal information with third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our terms and policies or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Carrot, our other members, or others;
  • Payments provider: We may use third-party payment services to process payments made through the Service. If you wish to make a payment through the Service, for example by using the Carrot Card, your payment information may be collected by a third-party payment service provider, such as Stripe Inc., and not by us, and thus will be subject to the third-party’s privacy notice (https://stripe.com/gb/privacy) rather than this Privacy notice; and

Care providers: If you request a self-referral to a care provider, including without limitation fertility clinics, third-party assisted reproduction agencies, or assisted reproduction attorneys, we may share your personal information with those care providers, as indicated at the time of your request.

7.  YOUR RIGHTS WITH RESPECT TO YOUR INFORMATION

In addition to the ways in which you can manage the use of your information as outlined in section 4 above, in respect of your personal information that we hold, you may exercise the rights granted to you under the applicable data protection laws, which may include:

  • RIGHT TO OBJECT. THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL INFORMATION WHICH IS CARRIED OUT IN THE PUBLIC INTEREST OR IN OUR LEGITIMATE INTERESTS, AND TO OBJECT TO PROCESSING OF YOUR PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES, TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING;
  • Right of access. The right to obtain access to your personal information along with certain related information;
  • Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete;
  • Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed;
  • Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information; and
  • Right to data portability. The right to receive your personal information in a commonly used format and to have your personal information ported to another data controller;
  • Right to withdraw consent. If you have provided consent for the processing of your personal information, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.

If you wish to exercise one of these rights, contact us at legal@get-carrot.com.

Right to lodge a complaint. You may have the right to lodge a complaint with the applicable data protection authority in your jurisdiction, if you consider that a processing of your personal data infringes the applicable data protection laws. If you are an EU resident, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. However, we encourage you to first reach out to us by using the contact details set out at section 10 below so that we have an opportunity to address your concerns directly and find a solution together before you lodge a complaint.

8.  LINKS TO OTHER WEB SITES AND SERVICES

The Service may contain links to and from third party websites of our business partners, advertisers, and social media sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We may also share a user ID with third-party websites allowing us and the third-party website provider to jointly track specified activities across both websites. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third party sites.

9. CHILDREN’S PRIVACY

Carrot does not knowingly collect or solicit any information from anyone under the age of 18 on this Service. In the event that we learn that we have inadvertently collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18, please contact us using the contact details set out at the end of this Privacy Notice. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.

10.  HOW TO CONTACT US

If you have any questions about this Privacy Notice or the website, please contact us at legal@get-carrot.com.

11.  CHANGES TO OUR PRIVACY NOTICE

We may modify or update this Privacy Notice from time to time to reflect the changes in our business and practices, and you should review this page periodically. We will update the ‘last modified’ date at the bottom of this page when we post changes to this Privacy Notice.  If we have your email address, we will notify you of any material changes to this notice.  If you object to any changes, you may close your account. Continuing to use our Service after we publish changes to this Privacy Notice means that you have read and understood the changes.

Effective date: June 13, 2022.

ANNEX 1 – PERSONAL INFORMATION WE COLLECT

Contact and profile information. Personal information, such as your name, phone number, address, and e-mail address, and your partner’s name, phone, number, address, and e-mail address, when you register for our Service, request a Carrot Card or any other product offered through the Service, or otherwise communicate or interact with us. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • To create your account and to communicate with you directly about the Service.
  • Legal basis for processing: The processing is necessary for the performance of a contract and to take steps prior to entering into a contract.
  • To set up and send you a Carrot Card, or any other product offered through the Service as requested by you.
  • Legal basis for processing: The processing is necessary for the performance of a contract and to take steps prior to entering into a contract.
  • To communicate with you including to answer any questions, issues or concerns you have.
  • Legal basis for processing: The processing is necessary for our legitimate interests, namely communicating with users in relation to the Service.
  • To send you marketing communications in accordance with your preferences.
  • Legal basis for processing: If provided under the applicable data protection law , we will only process your personal information in this way to the extent you have given us consent to do so.
  • To better tailor the marketing communications that you receive.
  • Legal basis for processing: The processing is necessary for our legitimate interests, namely to promote and advertise our products and services.

Data regarding your health and information about your sexual orientation. Sensitive information, such as your and your partner's gender identities, interest in various fertility health and family-forming options, any relevant diagnoses you may have received, and related health information. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • To provide you with our Services, specifically, to recommend appropriate providers, clinics, agencies, and lawyers in order to help you determine the most appropriate treatments and services.
  • Legal basis for processing: We will only process your personal information in this way to the extent you have given us consent to do so.
  • To validate requests for reimbursement related to fertility treatments and other services, and to determine any taxes owed.
  • Legal basis for processing: We will only process your personal information in this way to the extent you have given us consent to do so.
  • To validate your eligibility for and use of the Carrot Card®, as applicable, including to validate your Carrot Card® transactions and, in some cases, to determine whether or not you are eligible for the Carrot Card® based on eligibility rules set by your employer.
  • Legal basis for processing: We will only process your personal information in this way to the extent you have given us consent to do so.
  • To send you relevant information and recommendations (such as learning material or contact details for appropriate providers and other professionals), and to support you with efficient and personalized guidance.
  • Legal basis for processing: We will only process your personal information in this way to the extent you have given us consent to do so.

Comments, chat and opinions. When you contact us directly, e.g., by email, phone, mail or by completing an online form or participating in online chat, we will record your comments and opinions. We will also record comments and opinions you express when responding to surveys we run. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • To address your questions, issues and concerns and improve our products and services.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely for communicating with users in relation to the Service.
  • We may use your comments and opinions to determine products and services that may be of interest to you.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to enable us to tailor our product and service recommendations to you and your interests.
  • We may use the personal details you provide to us via our public-facing online forms to analyze the results of our marketing efforts.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to analyze the use of our Service.

Expenses, payment and transaction information. Information such as your Employee ID, your receipts for fertility care and other services, whether you or your partner received the care, the date of your or your partner’s treatments, and your payment information, such as your credit card or bank account details. Records are deleted 6 years post employer deactivation.

How we use it:

  • To validate your treatment expenses and to determine any taxes owed.
  • Legal basis for processing: The processing is necessary for our legitimate interests, namely verifying the validity of your expenses incurred for fertility care treatment.

  • To arrange reimbursements from your employer.
  • Legal basis for processing: The processing is necessary for the performance of a contract.

  • To detect and prevent fraud.
  • Legal basis for processing: The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.

  • To process any financial transactions when you purchase products available to you through the Service.
  • Legal basis for processing: The processing is necessary for the performance of a contract.

Location Information. Information about your location. We may approximate your location based on your IP address. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • We use your location information to provide personalized content, to enhance your experience, to improve the effectiveness of our websites and mobile applications, and to analyze and evaluate our Service.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to tailor our Service to the user and to improve our Service generally.

Information provided by social networks. When you interact with our Service through various social media networks, such as when you Like us on Facebook or when you follow Carrot or share Carrot content on Facebook, Twitter, Snapchat, LinkedIn, Instagram or other sites, we may receive information from those social networks including your profile information, picture, user ID associated with your social media account, friends list, and any other information you permit the social network to share with third parties. Records are kept until you delete your social media account.

How we use it:

  • We use this information to communicate or interact with you on the social network. The data we receive is dependent upon your privacy settings with the social network. You should always review, and if necessary, adjust your privacy settings on third party websites and social media networks and services before linking or connecting them to our website or Service.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to communicate with individuals through social media.

Preferences. Preferences set for notifications, marketing communications and how our site is displayed. Records are deleted upon deactivation.

How we use it:

  • We use this information to personalize our Service to you and to better understand the interests and demographics of our users. For these purposes, we may combine this information with the information we collect from you directly.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely ensuring the user can view our site and receives the correct marketing communications.

Information provided by third parties. We may receive information from third parties (1) from your employer, (2) that you have provided to those parties, or has been collected through their services, or (3) that are otherwise able to provide it to us.  This information may include sensitive information, such as health care claims history and health information. Records are deleted 6 years post employer deactivation..

How we use it:

  • We use this information to personalize our Service to you, to better understand the interests and demographics of our users, and to analyze and evaluate our Service. For these purposes, we may combine this information with the information we collect from you directly.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to tailor our Service to the user and to improve our Service generally.

Information about fraudulent or criminal activity relating to your account. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • We will use information about fraudulent or criminal activity relating to your use of our Service for the purposes of detecting and preventing fraud or abuse.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely the detection and prevention of fraud.

All personal information set out above. Records are deleted 6 years post employer deactivation, or upon member request to remove.

How we use it:

  • We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Service, to communicate with you, to monitor and improve our Service and business, and to help us develop new products and services.
  • Legal basis for processing: The processing is necessary for our legitimate interest, namely to provide and improve our Service and to develop new products and services.

ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY

Information about how you access the Service. For example, the site from which you came and the site to which you are going when you leave our website, how frequently you access the Service, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices.

Information about how you use the Service. For example, the pages you visit, the links you click, the products you purchase, purchase information and your checkout process, your approximate IP location when you access or interact with our Service, and other similar actions.

Information about the computer, tablet, smartphone or other device you use. Such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, for example, a persistent device identifier or an Ad ID), and other such information.

Analytics information. We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service and to understand more about the demographics and behaviors of our users.

How we use it: For all personal information listed in the annex, we, or the third party partners we use, may use the data collected through tracking technologies to:

  • remember information so that you will not have to re-enter it during your visit or the next time you visit the site;
  • provide custom, personalised content and information;
  • provide and monitor the effectiveness of our Service;
  • perform analytics and detect usage patterns on our Service;
  • diagnose or fix technology problems;
  • detect or prevent fraud or other harmful activities, and
  • otherwise to plan for and enhance our service.

Legal basis for the processing: The processing is necessary for our legitimate interests, namely: to tailor our service to the user and to improve our service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.

Retention period: Records deleted 6 years post employer deactivation, or upon member request to remove.

ANNEX 3 – THIRD PARTY TRACKING TECHNOLOGIES

We will strive to update this list if or when we work with new partners which offer you a choice about the collection of your information, but as partners change and new technologies become available, this list is likely to change over time and may not always reflect our current partners.

Third party partners:

Google

  • Partner Product: Google Analytics and Advertising
  • Type of Tracking Technology: Site analytics and advertising
  • Description: We use Google Analytics and Google Universal Analytics to recognize you and link the devices you use when you visit our site or Service on your browser or mobile device, login to your account on our Service, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google Universal Analytics to facilitate the service. Google Analytics allows us to better understand how our users interact with our Service and to tailor our content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s site “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.

Facebook

  • Partner Product: Facebook
  • Type of Tracking Technology: Advertising and social media
  • Description: Used to retarget to visitors across all their devices; tracking of served/viewed advert impressions; and to allow Facebook members to log on with their Facebook identity and, while logged in, can connect with friends via these media and post information and updates to their Facebook profile.

LinkedIn

Marqueta

  • Partner Product: Marqueta
  • Type of Tracking Technology: Site analytics and advertising
  • Description: This cookie is used to keep track of the visitors to the website and to keep track of user sessions. This cookie is passed to Marqueta on form submission and used when deduplicating contacts.

Heap

  • Partner Product: Heap
  • Type of Tracking Technology: Site analytics and advertising
  • Description: This cookie is a user behavioral analytics product and service that allows us to collect and analyze data about how our users are interacting with our services.



Warrant Canary Status

The standard for inclusive, global fertility healthcare and family-forming support

Find out how our customizable fertility solutions do more for your people, groups, and organizations

Get Carrot
Avery
Carrot member
Woman on phone