Application Privacy Policy
Last updated: October 2023
Version C-2
We at CardiacSense (the “CardiacSense”, “Company,” “We,” Us,” or “Our”) are committed to securing Your (“You“, “Your” or “User”)Personal Data as defined below and Your privacy.
This Privacy Policy (the “Policy“)has been created to inform You about how We manage, collect, store and use your Personal Data in connection with any CardiacSense device (the “Device”) or with any application (the “Application”)(collectively, the (“Services”).
This Policy is part of and should be read in conjunction with our Website Privacy Policy https://www.cardiacsense.com/privacy-policy/, which provides information regarding the use of data We collect about website’ users, including users who use Our online portal in conjunction with Our Application.
In this Policy, any reference to “Personal Data” is to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or in combination with additional information that We have or that We have access to.
We will process Your Personal Data in accordance with this Privacy Policy when You use the Application and the Services offered therein. In addition, if You agree, we will use the data collected by the Device when You sync the data on Your Device with the Application, even if You do not subscribe to the services offered by the Application. When doing so, we will take steps to anonymize Your Personal Data prior to processing it.
We will uphold the following principles:
- To be transparent in respect of the collection and processing of Personal Data about You:
It is important to Us that You have at all times all the information required for You to make educated decisions about the processing of Personal Data about You. For this purpose, we will make use of various techniques and measures aimed to provide You with relevant information about the processing of Personal Data about You, in the proper manner and timing.
In addition, if We find You are required to be provided with specific information, we will provide it to You in the appropriate time and place. We are also happy to answer any questions You may have and to provide You with any clarification You require, subject to legal limitations. For this purpose, You can contact Us by sending an email to the following address: support@cardiacsense.com - To process Personal Data about You solely for the purposes outlined in this Policy:
- We respect your privacy and shall not share Your Personal Data (generally meaning any information that can identify You specifically, or your medical condition) without your specific consent. Data may be used anonymously provided that no Personal Data is shared with any third party. We plan to use such anonymized data to improve products, Services and algorithms and to create new ones for Your future benefit and for the benefit of users.
- We may process Personal Data about You, inter alia, to provide You with Our Services as requested by You, to enhance the user experience in Our Services, to improve Our Services, to protect Our rights and interests, to perform business and administrative activity that supports the provision of Our Services to Our users, and/or to uphold any legal and/or regulatory requirements.
In addition, We will process Personal Data about You in order to understand Your personal needs and preferences. - To invest resources in order to respect Your rights in connection with Personal Data about You:
We apply significant resources to allow You to exercise Your rights as a data subject. Therefore, You may approach Us any time You wish to review Personal Data about You, have Us amend it, erase it, cease using it for specific purposes or in general, or transfer it to You or to a third party. We will fulfill Your wishes in accordance with the law. - To secure Personal Data about You:
In provision of Services to You, We may use third-party vendors. We request all such third-parties to comply with the privacy and Personal Data protection terms as set forth in this policy. While We cannot promise absolute protection of the Personal Data about You, we can promise that We use, will continue to use, and shall request our third-party vendors to use, a wide array of means and measures aimed at ensuring the Personal Data about You is secured.
Our Complete Privacy Policy
1.The Scope
This Policy describes what kind of Personal Data the Company collects about natural persons, and how it collects it, uses it, shares it with third parties, secures it, processes it, etc.
2. When Do We Collect Personal Data About You?
We collect Personal Data about You whenever You use our Application, Sync it with Our service channels and the portal or contact Us.
In some instances, You will actively provide Us with the Personal Data including medical data, and in other instances, Wewill collect the Personal Data about You by examining and analyzing Your use of Our Services and/or Our service channels.
We do not have access to the Personal Data collected and stored on the CardiacSense Device. We will only process Your Personal Data collected by the CardiacSense device when You sync it with the CardiacSense cloud or Services.
3. No Obligation to Provide Personal Data to The Company and Its Implications
You are not obligated to provide Us with any Personal Data about You. However, in some instances, not providing such Personal Data will prevent Us from providing You with the Services or services You requested Us to provide You or will prevent Your use of the Application.
4.What Personal Data About You Do We Collect?
Personal Data We collect upon activation of Your User account: email address; first name; last name; date of birth; weight; height; biological country of residence, health related questions or any other relevant information You share with Us and Your Device ID. We also collect Your means of payment information, which are stored with a third-party payment service and not shared with Us.
Personal Data We collect when You sync Your Device: When You sync Your Device with the Application, we collect the Personal and medical data recorded by Your Device and Your generated personal report, based on the data collected by the Device (the “Report“)which will only record the current reading of Your vital signs collected by the Device. You may also share the Report, through email, WhatsApp,or any other meansoutsideOur platforms, with a third party. We also collect the IP address used when syncing, the sync time and date, crash/diagnostic logs and additional technical information about the Device, Device ID, geographic location of the mobile device used, Device battery level and information about the mobile device used.We note that any information made available through the Application is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment.
Personal Data We collect when You provide your consent to share your Personal Data with Us:We may use Personal Data you share with Us to provide You with Services, improve Services and help create new services for Your benefit and the benefit of Users. Personal Data You share with Usthat is not used to provide You with Services will be aggregated and anonymized(namely that such data will not specifically identify You or Your medical condition). Aggregated data is derived from Personal Information but in its aggregated form it does not relate to or identify any particular client or individual or any specific user’s data. This data is used to understand our customer base and to develop, improve, market and commercializeOur Services.
Personal Data We receive from You: any Personal Data You provide to Us of Your own free will when contacting Usor when You decide to share contact details of your physicians after obtaining his/ her consent.
5. The Purposes of The Processing of Personal Data and Their Legal Basis
The Company will not process Personal Data about You unless there is a legal basis for such processing.
A portion of Ourservices are based on data collected by our Device. Significant parts of the collected data (such as heart rate data, pulse rate, breath rate, blood pressure, SPO2) is such that by nature We must ask for Your permission to collect or process it. This permission is requested when You first connect Your Device to the Application.
With respect to non-special categories of Your Personal Data, we will process such according to the appropriate legal basis (please see below).
6. Data collected storage
All data collected by the Device, Application and/or Services and all data is processed and storedinOur platform hosted on AWS in Frankfurt, Germany.
We may elect to add additional hosting locations or migrate the services and storage to any other platform provided we Comply with relevant HIPPA and GDPR requirements.
Your consent to this Privacy Policy accompanied by Your submission of such information into the Device or Application represents Your agreement to the above.
The legal basis according to which the Company may process Personal Data about You:
- Processing is necessary or advisable for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract. This refers to all the information required for Us to operate our Services and grant You access thereto.
- Processing is necessary or advisable for the purposes of the legitimate interests pursued by US or by a third party. By way of example, for the purpose of improving Our Application, improving Services, creating new services, disclosures conducted under suitable non-disclosure undertakings or for the exercise or defense of legal claims.
- Processing is based on Your consent. By way of example, when You agree that We process and analyze the data collected by Your Device for research, or other commercial purposes such as Service improvements or creation of new services for Your benefit or the benefit of users.
At any time, You may contact Us by sending a notice to the email address support@cardiacsense.com, in order to receive information concerning Your Personal Data used by Us. This is so You can conclude that We may process, or continue to process Personal Data about You on account of such processing being necessary for the purposes of the legitimate interests pursued by the Company or by a third party.
The following list outlines the purposes for which We may process Personal Data about You and the legal basis for any such processing:
1. In order to register You with Our Application
Upon Your request to open a user account and register to use the Device, We will process Personal Data about You in order to allow Us to perform such request.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
2. In order to contact You for the purpose of operational requirements
In some circumstances, We may contact You in order to update You in respect of certain operational matters – for instance, if We wish to update You of new Device, Application, new features, new services or to perform updates of this policy.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
3. In order to respond to Your queries, requests, and/or complaints.
Processing of Personal Data about You is required in order to respond to queries You have concerning Your use of the Device, Application or Services.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
4. In order to comply with any legal obligations or judicial or administrative orders
We process Personal Data about You in order to comply with Our various legal obligations including where we are required to keep record of Your recorded vital signs for medical reasons.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
5. In order to improve Our Services
When You sync Your device with the Application, we may collect data, error logs and other records associated with the Device and Application functionalities.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
6. In order to perform and maintain various activities supporting the Services
Such activities include back-office functions, business development activities, strategic decision-making, oversight mechanisms, anonymized data research, commercialization etc.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
7. In order to perform analysis, and research
We use various analytical measures (including statistical ones) to make decisions on various issues and to collaborate with third parties on various projects. We request that all such third-parties comply with the policies set forth herein.
Processing is necessary for the performance of a contract to which You are party or in order to take steps at Your request prior to entering into a contract.
6. Health Research Studies
We use anonymized and aggregated data collected by the Devices and synced with the Application for medical research purposes in collaboration with third parties.
In the event that We offer a medical study that involves human subjects, such would be conducted in accordance with the applicable law and Your informed consent will be requested prior to use of Your Personal Information.
7. Sharing of Personal Data To Third Parties
We may also share Personal Data about You with third parties that provide Us with services including the following services:
- Storage and hosting providers, including cloud computing services and data security services;
- IP address information;
- Analysis of user experience;
- Support;
- Marketing;
- CRM data management, billing and payment information;
- Accounting and legal services;
- Research, analytical, technical, and diagnostic services, development of new services and modalities; and
- Persons (such as family members, Physicians or other care-givers) that You choose to share personal and medical information with.
We may also share Personal Data with third parties in one of the following circumstances:
- Upon Your consent or instruction;
- In the event that we will be subject to an audit, a Due diligence process or any other process conducted under an executed confidentiality undertaking;
- In the event that We sell, assign or transfer some or all of Our business or assets to a successor or acquirer, or if We are acquired by or merge with a third party, or if We file for bankruptcy or become insolvent, or any other situation where Personal Data may be sold, assigned or transferred to a successor or acquirer;
- To protect Our rights, property and interest or those of third parties; or
- To fulfil Our legal or regulatory requirements or to comply with a national authority request or a court order.
8. Retention
The Company shall retain Personal Data about You for as long as is required to fulfill the purposes of the processing of the Personal Data as outlined in this Policy, or for a longer period as required according to the legislation, regulation, policies, and orders that apply to Us.
9. Security
We have implemented suitable security policies, rules and technical measures to protect and safeguard the Personal Data under Our control from unauthorized access, improper use or disclosure, unauthorized modification, or unlawful destruction.
We cannot guarantee, nor do We represent, that there will be error-free performance regarding the privacy of Your Personal Data, and We will not be liable for any indirect, incidental, consequential, or punitive damages relating to the use or release of Personal Data about You including, but not limited to, disclosure of Personal Data due to errors in transmission, failures by third-party vendors to comply with this policy, unauthorized third-party access, or other causes beyond Our reasonable control.
Generally, You have the right to request that We provide You with confirmation as to whether Personal Data about You is being collected by Us, to ask to review such data, to rectify the content if applicable and to erase the Personal Data no longer required by Us. You may also restrict Your consent to certain processing of Your Personal Data (it being understood that some Services may be effected as a result).
Where the legal basis for the processing of the Personal Data about You is consent, You may at any time withdraw Your consent for the purposes for which You provided Your consent by sending a notice free of charge to the following email address: widrawconsent@cardiacsense.com.
Where You withdraw Your consent for the processing of Personal Data about You, We might not be able to provide You with some or all of the Services You requested or in the form intended to be provided to You, and You will have no claim of whatever nature in respect of that.
At any time, You may approach Us by sending a notice to the email address support@cardiacsense.com], in order to receive information concerning the Services performed by Us. This is so You can conclude that We may process the Personal Data about You on account of such processing being necessary for the purposes of the legitimate interests pursued by the Company or by a third party.
We may provide You with offers that are tailored for You specifically, in order to connect You to brands, products and services in ways that are important to You. This may include ads, offers and other sponsored content related to Our products and services or of third parties. This is done following the processing of Personal Data about You, in order to adjust the materials presented to You, on the basis of Your preferences, behavior, characteristics and interests.
Right | Scope | |
1 | Right to know | You have the right to receive the following information: The specific pieces of Personal Data We have collected about You.What types of Personal Data collected;categories of personal data collected;What are the types of sources of the Personal Data collected;the purpose of collecting the Personal Data;Types of third parties with whom We share Personal Data, if any; and |
2 3 | Right of Erasure Right to non selling or sharing | You may ask Us to delete Your Personal Data and direct Our service providers to do so. Please note that We may not delete Your Personal Data if it is necessary to complete Our legal obligation to You to provide the Services otherwise protect Our legal rights, comply with an existing legal obligation; or use Your Personal Data, internally, in a lawful manner that is compatible with the context in which You provided the information. You may ask Us to not sell or share Your Personal Data. |
4 | Right to Non-Discrimination for the exercise of Your privacy rights | You have the right to not be discriminated by Us because You exercised any of Your rights under the CCPA. |
5 | Right to designate an authorized agent to submit CCPA requests on Your behalf | You may designate an authorized agent to make a request under the CCPA on Your behalf. To do so, You need to provide the authorized agent written permission to do so and the agent will need to submit to Us proof that such agent has been authorized by You. We will also require that You verify Your own identity, as explained below. |
In order to exercise Your rights, please contact us using the following details: support@cardiacsense.com;
If You are an EEA resident, please read this section below:
You are entitled to the following rights in respect of the Personal Data about You. To exercise such rights, You may send a request to exercise Your rights to the following email address: support@cardiacsense.com
We will grant Your right to receive information how Personal Data about You is processed by Us; to rectify any inaccuracy in Your Personal Data; to erase Your Personal Data processed and stored by Us; to restrict the processing thereof or object thereto if applicable under the circumstances; the right to receive the Personal Data about You, which You have provided to the Company, in a structured machine readable manner and the right to withdraw Your consent when such is the legal basis of our processing.
We may reject Your requests where the request harms the rights and freedoms of others or comply with legal requirements applicable to Us. We may also charge a reasonable fee where applicable.
You will also have the right to lodge a complaint with a supervisory authority established by a Member State to protect the fundamental rights and freedoms of natural persons in relation to the processing of Personal Data within the European Union.
Please note that We may need to receive Personal Data from You in order to verify Your identity prior to allowing You to exercise Your rights.
11. Transfers of Personal Data
Personal Data about You may be transferred to a third country (i.e. jurisdictions other than the one You reside in) or to international organizations. In such circumstances, the Company shall take appropriate safeguards to ensure the protection of Personal Data about You and to provide that enforceable data subject rights and effective legal remedies for data subjects are available.
If You are an EEA resident, please note that these safeguards and protection will be available if any of the following are met:
- The transfer is to a third country or an international organization that the EU Commission has decided provides an adequate level of protection to the Personal Data that is transferred to it pursuant to Article 45(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR“), including any transfer in accordance with the EU-US Privacy Shield Framework.
- The transfer is according to a legally binding and enforceable instrument between public authorities or bodies pursuant to Article 46(2)(a) of the GDPR; or
- The transfer is in accordance with standard data protection clauses adopted by the EU Commission pursuant to Article 46(2)(c) of the GDPR. The clauses adopted by the EU Commission can be viewedat https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
You may request that the Company provide You with details concerning the safeguards employed by it to protect the Personal Data about You that are transferred to a third country or an international organization, by sending an email to the following address: info@cardiacsense.com
12. MINORS
We do not knowingly solicit or collect data from children nor knowingly market to anyone under the age of 18. If We become aware that a child under 18 has provided us with Personal Information, We will take reasonable steps to remove such information from Uur systems and terminate the applicable account.
13. Changes to This Policy
We may amend, from time to time, the terms of this Policy. Whenever We amend this Policy, We will notify You of such amendments by publishing the updated Policy on the Website and Ourplatform. In addition, when We make significant amendments to this Policy, We will strive to inform You about such amendments via means of communication We believe are reasonably appropriate to inform You of such amendments and by publishing a notice about such amendments on the Website and Ourplatform. Unless stated otherwise, all amendments will enter into force upon publication of the updated Policy on our website or the designated page in the Product.
Contact information:
6 Leshem St. Caesarea.North Industrial Park,Israel
Email: info@cardiacsense.com
For data protection inquiries:
Email: ciso@cardiacsense.com