Carrot Fertility, Inc. (“Carrot,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Notice explains how your personal information is collected, used, stored, processed, transferred and disclosed by Carrot.
This Privacy Notice applies to our website https://get-carrot.com (our "Website") and any other website, mobile application, or online service that links to this Privacy Notice (collectively, our "Service").
Before accessing or using our Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this Privacy Notice.
Unless applicable law requires a longer retention period, we will retain your information only as long as necessary for the purposes outlined in this Privacy Notice and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes.
1. CARROT AS CONTROLLER
Carrot is the controller responsible for protecting your personal information, which means we determine and are responsible for how your personal information is handled. Your employer will also initially send us your name and eligibility information ("Eligibility File"). If you have queries regarding the information contained in the Eligibility File, please contact your employer who is the controller of such information.
"Personal information" encompasses all personal data as defined in Art. 4 (1) of the European Data Protection Regulation ("GDPR"), meaning any information that relates to an identified or identifiable individual; provided, that in such circumstance(s) that applicable data protection laws require otherwise, “Personal information” has the meaning ascribed to it in such law(s).
2. FOR UNITED STATES RESIDENTS
To the extent your employer establishes an infertility HRA (i.e., the “Covered Entity”), Carrot will be considered a Business Associate to the Covered Entity under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").
3. NOTICE TO CALIFORNIA RESIDENTS
Capitalized terms in this section have the meaning given to them under the CPRA.
You have the following rights under the California Privacy Rights Act (CPRA):
If you wish to exercise any of these rights, contact us at email@example.com.
4. WHAT INFORMATION DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT?
We collect personal information about you when you voluntarily submit information to us when you use our Service. This can include information you provide to us when you register for an account, send us messages, subscribe to our mailing lists, newsletters or other forms of marketing communications related to the Service, participate in a survey, or use some other feature of our Service.
We collect certain information automatically when you use the Service, such as information about the pages you look at on our Service, the actions you take on our Service or the device you use to access our Service. We also may collect information about you from our third party partners.
The categories of personal information we collect include:
Annex 1 sets out the categories of personal information we collect about you and how we use that information. It also lists the legal basis which we rely on to process the personal information and information as to applicable retention periods. You hereby expressly acknowledge and agree that the collection and processing described in this Privacy Notice are necessary for our performance of our obligations under the Terms & Conditions found at https://www.get-carrot.com/terms.
We also share information with others, such as your employer or third-party partners, in an aggregated or otherwise anonymized form that does not reasonably identify you as an individual in order to provide the Service.
We do not sell or share your data with third parties for marketing or other commercial purposes unrelated to the Carrot Services.
For further information on your rights and choices regarding your information, see the Your Choices and Control Over Your Information and Your Rights In Respect Of Your Personal Information sections below.
We will indicate to you where the provision of certain personal information is mandatory and where it is optional. If you choose not to provide personal information marked as mandatory, we may not be able to provide you with requested products, services or information.
We also link or combine your activities and information collected from you on our websites with information we collect automatically through tracking technologies. This allows us to provide you with a personalized experience regardless of how you interact with us.
5. WHAT INFORMATION ABOUT YOU IS COLLECTED AUTOMATICALLY AND HOW DO WE USE IT?
When you use our Service, read our emails, or otherwise engage with us through a computer or mobile device, we and our third-party partners automatically collect information about how you access and use the Service and information about the device you use to access the Service.
We use this information to enhance and personalize your user experience, to monitor and improve our Service, and for other internal purposes.
We typically collect this information through a variety of tracking technologies, including cookies, location-identifying technologies, and similar technology (collectively, “tracking technologies”).
Information we collect automatically about you may be combined with other personal information we collect directly. For example, we may combine your location based on your IP address that we have collected automatically with your email address that you have provided.
Annex 2 sets out the categories of personal information we and our third parties collect about you automatically and how we use that information. It also lists the legal basis which we rely on to process the personal information and information as to applicable retention periods. We may also share information with others, such as your employer or third party partners, in an aggregated or otherwise anonymised form that does not reasonably identify you directly as an individual.
For further information on third parties using tracking technologies please see Annex 3.
For further information on your choices regarding your information, including choices around tracking technologies, see Your Choices and Control Over Your Information below.
6. THIRD PARTY DATA COLLECTION OF USER EXPERIENCE INFORMATION
On some of our websites or services, we use third party tools to monitor user experience information. These tools automatically collect usage information, including mouse clicks and movements, page scrolling and any text keyed into website forms. The information collected is de-identified and does not include passwords, payment details, or other sensitive personal data. We use this information for site analytics, optimization and to improve website usability. We do not permit this information to be shared with or used by third parties for their own purposes.
7. YOUR CHOICES AND CONTROL OVER YOUR INFORMATION
Profile: You may update your profile information, such as your name, address, or bank account information.
How to control your communication preferences: To the extent provided in the applicable data protection laws, we will only send you promotional and marketing emails, or contact you for promotional or marketing purposes by phone or SMS, if you have given us your explicit consent. For US-based members, we will only contact you for promotional or marketing purposes by phone or SMS if you have given us your explicit consent. You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may opt-out of receiving promotional calls, SMS/texts and direct mail communications from Carrot at any time with future effect as set forth in our Terms of Service. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).
Modifying or deleting your information: If you have any questions about reviewing, modifying, or deleting your information, or if you want to remove your name or comments from our website or publicly displayed content, you can contact us directly at firstname.lastname@example.org. We may not be able to modify or delete your information in all circumstances. Your request to modify or delete your information may affect our ability to provide the Service.
Geolocation: We approximate your location based on your IP address when you access the Service through a computer or device.
Cookies and tracking preferences:
8. HOW WE STORE AND PROTECT YOUR INFORMATION
Data storage and transfer: Your information collected through our Website may be stored and processed in the United States or any other country in which Carrot or its affiliates or service providers maintain facilities. Please note that these internal and external international transfers of your personal information are made pursuant to appropriate safeguards, for example as provided in the applicable data protection law(s).
If you wish to enquire further about these appropriate safeguards, please contact us using the details set out at section 10 below.
Keeping your information safe: We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Service. When you enter sensitive information (such as a credit card number) on our order forms or login credentials (such as username and password) on our platform login, we encrypt the transmission of that information. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Retention of your information: The sections in Annexes 1 and 2 set out the applicable retention periods that we use with respect to your personal information.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
In summary, we will retain your information only as long as necessary for the purposes outlined in this Privacy Notice and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as otherwise required by law.
9. DISCLOSURE OF YOUR INFORMATION
We will share your personal information with the following categories of recipients for the purposes set out in the Annexes:
Care providers: If you request a self-referral to a care provider, including without limitation fertility clinics, third-party assisted reproduction agencies, or assisted reproduction attorneys, we may share your personal information with those care providers, as indicated at the time of your request.
10. YOUR RIGHTS WITH RESPECT TO YOUR INFORMATION
In addition to the ways in which you can manage the use of your information as outlined in section 4 above, in respect of your personal information that we hold, you may exercise the rights granted to you under the applicable data protection laws, which may include:
If you wish to exercise one of these rights, contact us at email@example.com.
Right to lodge a complaint. You may have the right to lodge a complaint with the applicable data protection authority in your jurisdiction, if you consider that a processing of your personal data infringes the applicable data protection laws. If you are an EU resident, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. However, we encourage you to first reach out to us by using the contact details set out at section 10 below so that we have an opportunity to address your concerns directly and find a solution together before you lodge a complaint.
11. LINKS TO OTHER WEB SITES AND SERVICES
The Service may contain links to and from third party websites of our business partners, advertisers, and social media sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We may also share a user ID with third-party websites allowing us and the third-party website provider to jointly track specified activities across both websites. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third party sites.
12. CHILDREN’S PRIVACY
Carrot does not knowingly collect or solicit any information from anyone under the age of 18 on this Service. In the event that we learn that we have inadvertently collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18, please contact us using the contact details set out at the end of this Privacy Notice. We encourage parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.
13. HOW TO CONTACT US
If you have any questions about this Privacy Notice or the website, please contact us at firstname.lastname@example.org.
14. CHANGES TO OUR PRIVACY NOTICE
We may modify or update this Privacy Notice from time to time to reflect the changes in our business and practices, and you should review this page periodically. We will update the ‘last modified’ date at the bottom of this page when we post changes to this Privacy Notice. If we have your email address, we will notify you of any material changes to this notice. If you object to any changes, you may close your account. Continuing to use our Service after we publish changes to this Privacy Notice means that you have read and understood the changes.
Effective date: March 16, 2023
ANNEX 1 – PERSONAL INFORMATION WE COLLECT
Contact and profile information. Personal information, such as your name, phone number, address, and e-mail address, and your partner’s name, phone, number, address, and e-mail address, when you register for our Service, request a Carrot Card or any other product offered through the Service, or otherwise communicate or interact with us.
How we use it:
Data regarding your health and information about your sexual orientation. Sensitive information, such as your and your partner's gender identities, interest in various fertility health and family-forming options, any relevant diagnoses you may have received, and related health information.
How we use it:
Comments, chat and opinions. When you contact us directly, e.g., by email, phone, mail or by completing an online form or participating in online chat, we will record your comments and opinions. We will also record comments and opinions you express when responding to surveys we run.
How we use it:
Expenses, payment and transaction information. Information such as your Employee ID, your receipts for fertility care and other services, whether you or your partner received the care, the date of your or your partner’s treatments, and your payment information, such as your credit card or bank account details.
How we use it:
Location Information. Information about your location. We may approximate your location based on your IP address.
How we use it:
Information provided by social networks. When you interact with our Service through various social media networks, such as when you Like us on Facebook or when you follow Carrot or share Carrot content on Facebook, Twitter, Snapchat, LinkedIn, Instagram or other sites, we may receive information from those social networks including your profile information, picture, user ID associated with your social media account, friends list, and any other information you permit the social network to share with third parties. Records are kept until you delete your social media account.
How we use it:
Preferences. Preferences set for notifications, marketing communications and how our site is displayed. Records are deleted upon deactivation.
How we use it:
Information provided by third parties. We may receive information from third parties (1) from your employer, (2) that you have provided to those parties, or has been collected through their services, or (3) that are otherwise able to provide it to us. This information may include sensitive information, such as health care claims history and health information.
How we use it:
Information about fraudulent or criminal activity relating to your account.
How we use it:
All personal information set out above.
How we use it:
ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY
Information about how you access the Service. For example, the site from which you came and the site to which you are going when you leave our website, how frequently you access the Service, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices.
Information about how you use the Service. For example, the pages you visit, the links you click, the products you purchase, purchase information and your checkout process, your approximate IP location when you access or interact with our Service, and other similar actions.
Information about the computer, tablet, smartphone or other device you use. Such as your IP address, browser type, Internet service provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account (including, for example, a persistent device identifier or an Ad ID), and other such information.
Analytics information. We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service and to understand more about the demographics and behaviors of our users.
How we use it: For all personal information listed in the annex, we, or the third party partners we use, may use the data collected through tracking technologies to:
Legal basis for the processing: The processing is necessary for our legitimate interests, namely: to tailor our service to the user and to improve our service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
ANNEX 3 – THIRD PARTY TRACKING TECHNOLOGIES
We will strive to update this list if or when we work with new partners which offer you a choice about the collection of your information, but as partners change and new technologies become available, this list is likely to change over time and may not always reflect our current partners.
Third party partners:
Find out how our customizable fertility solutions do more for your people, groups, and organizationsGet Carrot