Mahana Website Privacy Notice

Version Effective Date: 1 May 2024

Note: If you wish to exercise privacy rights regarding data processed by Mahana, please submit requests to our Data Subject Portal or contact privacy@mahanatherapeutics.com with questions.

Section I.  Introduction

This privacy notice (“Notice”) is for people who use this Mahana website, the Mahana Direct portal, and for people with whom we communicate for marketing and product educational purposes (“you”). 

Mahana Therapeutics, Inc., its subsidiary Mahana Therapeutics, Ltd. and their affiliates (collectively “Mahana” or “we”) respect your privacy and will treat your data in accordance with applicable law(s). This Notice describes the types of information we collect, the purposes for which it is used, and the choices you have with respect to how we use your data. There is a separate privacy statement for people who use the Mahana digital health products and associated services. We encourage you to read these notices before using our website, Mahana Direct portal, products or associated platforms.

If you are a California resident and would like to exercise your California privacy rights, please see our California Consumer Privacy Act Notice below. If you are a UK resident, please see our General Data Protection Regulation Notice below

Mahana currently limits our activities to the United States and United Kingdom, where our products and services have received regulatory clearance and conformity assessments. Consequently, Mahana websites and the Mahana Direct portal are not directed to residents outside the United States or United Kingdom and we do not intend to collect personal information from visitors outside those regions. Your use of this site indicates you acknowledge our collection, use and disclosure of your information as described in this Notice. If you disagree with the way we collect or handle your data, please do not use our website(s). 

1. The personal data that we collect

In this Section 1, we have set out the general categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data. Your data is collected by Mahana in a few ways. Here is a list of the categories of personal data that are collected and used, with examples.

  • Data provided by you.  You may submit your name, email address, and other contact and location information to obtain product information or to set up a product account. If you are a healthcare provider, we may also collect information about your healthcare business or practice, including practice name, location and contact information.  This data is collected with your consent.
  • Data you provide at events or to publish your testimonial. With your consent, we collect information, such as your name and contact information, for those who attend professional or patient education events or medical conferences or who wish to share product testimonials.
  • Data collected automatically. When you use our websites, we automatically collect your device information, such as operating system and IP address, and browsing information, such as time, frequency and use pattern (collectively, “Analytics”). We may share de-identified Analytics with third party marketing partners to develop, improve and test our website and products. We currently do not respond to “Do Not Track” technologies.
  • Cookies. We collect cookies from your web browser when you visit our websites. These make it easier for you to navigate the website, and they can also be used to analyze trends and track activity and interactions with a website. For more information about how we use cookies and how to manage cookies, please see our Cookie Policy.
  • Data collected from third parties. We collect data from third parties who manage relevant business contact databases. For those who use our prescription digital therapeutics, we may receive personal data from your healthcare provider or pharmacy in order to deliver access and treatment.

2. What we do with your personal data

We use your data for a number of purposes to operate our business, develop products, and provide digital therapeutic products and associated services.  Examples of how we use your data include without limit:

  • Operations. We use your data for the provision of treatment, payment, and support in connection with our digital health products and contracts with payers and national health services; to operate our business; develop and improve products and services; receive and process payment for our products and services; and for fraud prevention purposes.
  • Inquiries. We use your contact details and inquiry details to respond to your request for product or other information. If you are a healthcare provider, we will add you as a business contact.
  • Marketing. We communicate with you about relevant products or services. We will notify consumers regarding important product updates or related information and may continue to provide access to data and educational content after your digital health product usage terminates (e.g., prescription period ends). We do not sell (as that term is commonly understood) for financial remuneration your identifiable personal data to third parties without your permission. 
  • Understanding usage and improving services. Mahana records data and uses analytics tools to help analyze how users use the website.
  • Conduct Research. We may use your information to contact you about marketing or user surveys, studies or clinical trials for which you may be eligible or that might interest you. 
  • Compliance. For compliance with legal obligations, such as regulatory safety reporting obligations and insurance contracts.

We may share your data with third parties.  The following are examples of when your data might be shared, which include without limit:

  • Service providers. Your personal data may be shared with your healthcare provider, pharmacy, and/or healthcare plans and vendors who help us operate our websites and digital advertising. These third parties are legally obligated to maintain your personal data consistent with applicable data protection laws.
  • Legal purposes.  We may disclose your personal data in response to valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your data in response to a law enforcement agency’s request or other request for information from the U.S. or other government entities, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, serious adverse events, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may transfer your data to an entity or individual that acquires, buys, or merges with Mahana, or our other business units.
  • Behavioral advertising. In the U.S., we partner with advertising technology service providers, such as Google, to manage our marketing and advertising activities. These partners use cookies and other tracking technologies to collect information about your internet-browsing activities and habits at other sites. They use this information to provide you with targeted advertisements. To learn how to opt-out of ad network interest-based advertising in the U.S., please visit www.aboutads.info/choices and http://www.networkadvertising.org/choices/. If you are in the UK, please visit www.youronlinechoices.eu. Even if you choose to opt-out, you will continue to receive generic advertisements. We will not share identifiable protected health information with advertising technology service providers in a legally impermissible manner.
  • Research Partners. We may share information with our research partners for particular projects or surveys. If you take part in such a project, you will be informed of these third parties in a separate or supplemental privacy notice.
  • Your personal data may be stored on the servers of our hosting service provider, Amazon Web Service (AWS), and Google Workspace.  
  • Affiliates. We may share your personal data with our affiliated entities.

3. Your Choices

For those who have created user accounts, you can request that your account be deleted either through the mobile app (Under “Manage your Account” in the profile settings tab) or by contacting Customer Support (support@mahana.com or 1.844.624.2620). Note that, once your account is deleted, you will no longer have access to any product content or tools. For more information about data deletion, see the Data Subject Rights section, below.

We deliver advertising and marketing across various platforms, such as our websites, email, telephone, text messaging and various online channels. Our services and marketing materials may also include links to other websites and applications.  Third party advertising partners may collect information about you when you interact with their content, advertising or services. You can control cookies and tracking tools. To learn how to manage cookies and other tracking tools, read our Cookie Policy.

In some cases, you may have consented to receive product information or marketing communications from Mahana.  You may withdraw your consent to further use of your personal data by (i) using the unsubscribe link in any marketing email received; or (ii) submitting a request to Mahana’s Data Subject Portal, including your name, contact information, state/country of residence, and to which specific data you are directing the request.  We will respond to your request once we have confirmed your identity and in accordance with the law(s) that applies[y] to you.  Your personal data which we processed prior to your request may not be deleted from our website system records, but will be blocked from further use to contact you without your permission. A request to withdraw consent may not apply to information (i) collected by tracking technologies or used internally to recognize you and/or facilitate your visits to our website, (ii) we must keep in compliance with contractual, legal, or record retention obligations or purposes, (iii) necessary in order to provide you the digital health program during the prescription period, or (iv) information we have shared with third parties.

4. GDPR Privacy Notice for UK Residents

Legal Bases. If you are an individual in the United Kingdom (UK), Mahana Therapeutics, Ltd. (data controller) and Mahana Therapeutics, Inc. (data processor) collect and process your personal data consistent with applicable laws. The legal basis for how we may collect and process your personal data depends on how you use our services. We collect and use your personal information to conduct the following and as otherwise stated in the Mahana Website Privacy Notice of which this GDPR Privacy Notice forms a part:

  • Operations - We may process your personal data for patient treatment, payment, and support in connection with our digital health products and services, subject to contracts with you and/or payers and national health services, and to operate our business, develop and improve our products and services, receive and process payment for our products and services, and for fraud prevention purposes. The legal bases for this processing is the performance of a contract between you (or your insurance provider) and us and/or taking steps, at your request, to provide digital therapeutic services and to meet applicable legal and regulatory requirements.
  • Relationships and communications - We may process contact data, account data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of our website, services and business, and complying with applicable legal and regulatory requirements.
  • Marketing - We may process contact data, transaction data, and user testimonials for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is your consent.
  • Research and analysis - We may process your personal data for the purposes of researching and analysing the efficacy and use of our products and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is consent.
  • Record keeping - We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this notice, as well as compliance with legal and regulatory requirements.
  • Security - We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others, as well as compliance with legal and regulatory requirements.
  • Legal claims - We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  • Legal compliance and vital interests - We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

International Transfers.  We may transfer your personal data from the European Economic Area (EEA) and the UK to the United States (US) for the purposes set out in this notice, pursuant to our Data Transfer Agreement with Mahana Therapeutics, Inc. The US is not currently covered by an adequacy decision under EU/UK data protection law.

The AWS hosting facilities for our website are currently situated in the United States. Transfers to the US will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the Information Commissioner’s Office (ICO), the terms of which are available here.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

5. Your rights

California Privacy Notice. If you are a California resident and your personal information is subject to California law, California law provides you with specific rights regarding your personal information, including without limit:

  • Access to your personal information
  • Delete your personal information (subject to the exceptions provided under California law)
  • Not to be discriminated against for exercising these privileges.
  • Transparency regarding what personal information we have collected and used over the past 12 months
  • Opt-out of having your personal information shared for cross-context behavioral advertising

We update this Privacy Notice annually to provide transparency regarding the categories of personal information we collect and how it is used.  If you want to exercise your other data rights, you can submit (i) a data subject request here; or (ii) close your account via the Mahana application or Support@mahanatx.com.  You can designate an agent to submit a data subject request on your behalf by either: (1) having your agent submit a letter, signed by you, certifying that the agent is acting on your behalf and showing proof that they are registered with the California Secretary of State; or (2) by you and the agent executing and sending us a notarized power of attorney stating that the agent is authorized to act on your behalf. Please note that we are only required to respond to two such requests per customer each year.

You also have the right to lodge a complaint to the California Privacy Protection Agency.

Mahana may have collected the following categories of personal information of California residents who visited the website in the past 12 months:

  • Identifiers such as a name, Internet Protocol address, email address, or other similar identifiers. 
  • Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80.
  • Internet or other electronic network activity information. 
  • Sensitive personal information (health information) collected to determine if a product is right for you and to deliver therapeutic services.

This information is collected and used for the purposes disclosed in this notice. Mahana may have disclosed any of the above categories of personal information pursuant to an individual’s consent or under a written contract with a service provider for a business purpose (e.g., telehealth referral, prescription, billing) in the past 12 months or to the extent otherwise legally permissible.  Personal information collected during the prescription and delivery of digital therapeutics will be maintained for at least seven years from completion of treatment, up to a maximum retention period of ten years. Consumer data collected solely for the purposes of marketing and other communications is retained for up to five years from collection. 

Mahana does not sell personal information of website visitors and does not sell consumer data to third parties for direct marketing purposes or share consumer data for cross-context behavioral advertising without consumer consent.  

Data Subject Rights. For other individuals, depending on your country or state of residence (including Colorado, Connecticut, Utah, and Virginia residents) and as required by law, in addition to receiving the information provided in this Notice, you may have the right to:

  • Access and receive a portable copy of your data; 
  • Delete or correct incomplete or inaccurate data, subject to Mahana’s legal and regulatory data retention requirements; 
  • Restrict processing of sensitive data (e.g., health data) and opt-out of processing for profiling/targeting advertising; and
  • Confirm that Mahana does not sell your Personal Data.
  • For UK individuals, additionally:
  • Withdraw consent where we have relied solely on your consent to process your personal data;
  • Request to stop processing of your personal data;
  • Object to the processing of your data where we rely on our legitimate interest as the legal basis; and
  • Lodge a complaint with a Data Protection Authority, such as the Information Commissioner’s Office.

We reserve the right to request additional information to verify your identity before we process your request and to maintain a copy of all requests for our legal records. If you wish to exercise these rights, please submit your request to Mahana’s Data Subject Portal and we will respond to verifiable requests within 30-45 days, depending on the applicable state or country regulations (if any). Applicable privacy laws may give you the right to file a complaint with a government regulator if you are not satisfied with our response.

6. Links to Other Websites

You should be aware that when you link to another website (e.g., telehealth provider partner) from the Mahana website, Mahana has no control over that other website. Accordingly, Mahana cannot guarantee that the operator of that website will treat your privacy in the same manner as Mahana.

7. Data security

We have implemented commercially reasonable measures to help secure your information. To help prevent unauthorized access or disclosure, we have put in place commercially reasonable physical, electronic, and managerial procedures intended to safeguard and secure the information we collect online. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your information.

8. Privacy Notice Changes

We will revise this privacy notice when necessary, and we encourage you to check back in future for changes.

9. Contact

This website and the Mahana Direct portal are owned and operated by Mahana Therapeutics, Inc., on behalf of itself and its subsidiary, Mahana Therapeutics, Ltd. You can contact us as follows:

Mahana Therapeutics, Inc., a Delaware corporation (6703171)

6110 E Colfax Ave #4 - 154

Denver, CO 80220

+ 1-415-202-5158

mahanacare@mahana.com

Mahana Therapeutics, Ltd., registered in England and Wales (11995982)

Suite 2, First Floor

10 Temple Back

Bristol, United Kingdom BS1 6FL

uk@mahana.com

Our data protection officer's contact details are privacy@mahanatherapeutics.com

Section II.  Mahana Cookie Policy

This Cookie Policy supplements the above Privacy Notice and specifically explains how Mahana, our partners and users of our website, Mahana Direct portal and digital health products and services deploy cookies and other tracking technologies, including interest-based advertising (IBA) and options on how you can control them.

What is a cookie? A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Personal data that we store about you may be linked to the information stored in and obtained from cookies.

Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.”  These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way as cookies. As a result, if you disable cookies, web beacons may still load, but their functionality may be restricted.

Where we place cookies. We set cookies in a number of different locations across our services.  These locations include our websites, mobile applications and the emails we send (collectively, “Services”).

Types of cookies. The bullet points below outline the types of cookies we use on our Services and why we use them. We also provide explanations of their purpose(s).

  • Strictly Necessary. These cookies are essential for our Services to perform their basic functions. These include cookies that are required to allow registered users to authenticate and perform account related functions, as well as to save content entered by you to facilitate digital therapeutic product functionality, and to store preferences set by users such as account name, language, and location.
  • Analytics. Performance cookies collect information on how users interact with our Services, including what pages are visited most, as well as other analytical data. We use these details to improve how our Services function and to understand how users interact with our Services 
  • Security. We use these cookies to help identify and prevent potential security risks.
  • Targeting. These cookies are used to display relevant advertising to users who use our Services, as well as to understand and report on the efficacy of ads served on our Services. They track details such as the number of unique visitors, the number of times particular ads have been displayed, and the number of clicks the ads have received. They are also used to build user profiles, including showing you ads based on products or services you’ve viewed or acts you have taken on our (and other) websites and services. These are set by us and trusted third party networks and are generally persistent in nature.
  • Third party cookies. Our service providers use cookies and those cookies may be stored on your computer when you visit our website. For example, we use Google Analytics. Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can opt out of Google Analytics by installing Google’s opt-out browser add-on.You can find out more about Google's use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google's privacy policy at https://policies.google.com/privacy.

Controlling Cookies. You may wish to restrict the use of cookies or completely prevent them from being set. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful, or you can use the help option in your browser for more details:

If you disable cookies, please be aware that some of the features of our Services may not function correctly.

For more details on your choices regarding use of your web browsing activity for interest-based advertising you may visit the following sites:

On a mobile device, you may also be able to adjust your settings to limit ad tracking.  

Do Not Track Signals. Generally, we do not currently respond to, or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual’s online activities over time and across third party websites or online services. However, in some instances our third party service providers who integrate within our Services do honor Do Not Track signals.

Consent for Advertising Cookies on Our Sites. You will see a “cookie banner” on our websites on your first visit. If you are visiting one of our Services from the UK, then we do not set, or allow our ad partners to set, cookies that are used to show you targeted ads before you click to accept. When you consent in this manner, we and our advertising partners may set advertising cookies on the site or other Service you are visiting and on other of our websites, dashboards, and services. We’ll display the banner to you periodically, just in case you change your mind.

Mahana logoGet Mahana IBSGet Mahana Tinnitus

Programs

Company

News

mahanacare@mahana.com
Terms & Conditions
Privacy Policy
Code of Ethics & Conduct
Declaration of Compliance

© Copyright 2024. Mahana Therapeutics, Inc.  All Rights Reserved.