This Privacy Policy explains how CardioSignal, Inc., a Delaware company, is committed to protecting your privacy and ensuring that you feel comfortable using MyCardioSignal, a service which can monitor heart rate and patterns of potential concern. This Privacy Policy ("Privacy Policy") explains our personal data practices, including the information we process to provide our Application and Services (each defined below). We understand the importance of privacy and we will always strive to protect your privacy and preserve the trust you place in us. We only collect and retain as much information as is necessary for us to provide you with our Service, and whenever possible we disassociate any personally identifiable information from the data we retain.
CardioSignal, Inc. ("CardioSignal", "we", "us") recognizes and understands the importance of the privacy of its users ("Users", "you", "them") and wants to respect your desire to have personal information stored and accessed in a private and secure manner. This Privacy Policy applies to all of our Services unless specified otherwise.
Please read this Privacy Policy (which is also available on CardioSignal's Website: https://www.us.cardiosignal.com ) carefully so that you fully understand how we obtain and process your Personal Data.
"Account" or "User Account" means your account registered through the registration process on the MyCardioSignal Mobile Application or on the CardioSignal Website;
"Anonymized Data" refers to the processing of Personal Data in a manner that makes it impossible to identify individuals from them. Anonymized Data is not considered Personal Data herein or under the Data Protection Laws;
"Application" means the (I) CardioSignal Cloud Service and (II) MyCardioSignal Mobile Application;
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;
"CardioSignal Cloud Service" means the service hosted by Precordior to which the MyCardioSignal Mobile Application is connected and with which it collectively functions;
"Data Protection Laws” means, collectively, and as applicable with respect to the subject data, the California Consumer Protection Act, the Health Insurance Portability and Accountability Act (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), and any rules on the handling of Protected Health Information under the HIPAA Standards for Privacy of Individually Identifiable Health Information, HIPAA Security Standards and the HIPAA Breach Notification Regulations, and the California Consumer Privacy Act of 2018 ("CCPA"), all as amended from time to time;
"MyCardioSignal Mobile Application" means the mobile application (I) which the User has to download to their mobile device and (II) which is intended to record and transmit chest motion data, show Results and manage the Account";
“Our Website" means the website available at https://www.us.cardiosignal.com;
"Personal Data" means information that can be used to individually identify a person, and may include, but is not limited to name, email address, postal or other physical address, title, and other personally identifiable information including student data, metadata, and user content. Personal Data does not include information that cannot be used to identify you, such as internet protocol (“IP”) address, browser type, internet service provider, operating system, or device type, Anonymized Data or Pseudonymized Data; (detailed list of Personal Data collected by CardioSignal in Section 3 below);
"Personal Health Data” means Personal Data concerning your physical or mental health, including measurements, analysis, and/or results regarding the same, including data which would be regulated under HIPAA and the HITECH Act;
"Pseudonymized Data" means Personal Data that has been processed in such a manner that the Personal Data can no longer be attributed to a specific person without the use of additional information. CardioSignal will store such additional information separate from Personal Data;
"Results" means the results of the analysis by the CardioSignal Cloud Service of the chest motion data recorded by the User through the MyCardioSignal Mobile Application;
"Service" means products, customer services, healthcare service, support service, Website and/or Application and our communication with you;
"Third Parties" means any natural or legal person or entity other than CardioSignal or the primary User;
"Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
We will use your Personal Data only in accordance with our Privacy Policy. The categories of Personal Data used and why and how they are processed is set out below in Section 3. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Application Services) and our “legitimate interests” or the legitimate interest of others (e.g. our users). Legitimate bases for processing your Personal Data include, without limitation:
· Your consent;
· Administering, personalizing, improving or operating our Application, Services and business;
· Better understanding your needs and interests;
· Fulfilling requests you make related to the Application and Services;
· Improving your experience when using our Application and Services;
· Complying with our legal obligations, resolving disputes with users, enforcing our agreements;
· Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity, and;
· Responding to inquiries from you or our third-party service providers.
The Application also collects measurement data and shows analysis results which are classified as Personal Health Data. Therefore, in order to use our Application, we require that you give your explicit consent to the collection and processing of your Personal Health Data before you start using the Application. This explicit consent for processing Personal Health Data concerning your health is given in the account creation process. Processing Personal Health Data is mandatory in order to use the Application and therefore this explicit consent is required.
In order to develop our Application and Services, understand our customer base, and provide you with the best possible experience with us, we also periodically send direct communication with content concerning new features and health.
Your consent might also be requested in relation to the use of Website cookies.
Legitimate bases for CardioSignal’s processing of Personal Data may also include observing Your Website usage in order to ensure efficient and secure use of Our Website, developing our Application and Services, providing customized content to make Our Application and Services more relevant to you, and providing marketing material, and collecting statistics.
If you no longer wish to receive certain communication from us, you may opt out of receiving them by following the unsubscribe instructions included in each communication or by emailing us at support.us@cardiosignal.com. However, you will not be able to opt out of all communication, such as legally required notices or required Application and Service notices.
CardioSignal must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Application and Services, including when you install, access, or use our Application and Services.
The type of information we receive and collect depends on how you use our Application and Services. We require certain Personal Data to deliver our Application and Services, and without it we will not be able to provide our Application and Services to you. For example, you must provide your email address to create an account to use our Application and Services.
Our Services might have optional features which, if used by you, require us to collect additional information to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature.
Everything we collect and the reasons why we do so are listed below.
Contact information
Registration for the Application requires an email address. The email address is needed to verify the account and in order to contact you if necessary. The email is used as a username for your account.
Personal identifier (PID) (collected only in certain circumstances)
In connection with potential partnership projects, we may need to collect data, with your consent, which requires more accurate identification so that we or the partner can reliably associate the measurement results with a specific person. In these cases, the owner of the Personal Data will be informed of the type of collected data and the purpose of the data collection. These cases could be, for example, research projects, cooperation with hospitals, or technology partnerships.
Information on each measurement you make with the Application
|
Data |
Description |
Reason |
|
Time and time zone |
The date and time when the measurement was made |
To help with post-market surveillance, support-related quality control |
|
Device manufacturer |
For example Apple, Samsung, Huawei, etc. |
To help with post-market surveillance, support-related quality control |
|
Device model |
For example iPhone 12 |
To help with post-market surveillance, support-related quality control |
|
Operating system version |
For example iOS14 or Android 10 |
To help with post-market surveillance, support-related quality control |
|
Application version |
For example 2.5.3 |
To help with post-market surveillance, support-related quality control |
Information related to your health (Personal Health Data)
|
Data |
Description |
Reason |
|
Sensor data |
Recorded motion sensor data originating from the kinetic movement reflecting the movement of the chest. |
This information is collected so that we can analyze the data and show the Results to you. |
|
Analysis result: heart rate and patterns of potential concern detected/not detected · Error code · Quality parameters |
Every measurement has a result and parameters related to the measurement quality. |
This is the primary function of the Application. |
|
Non-medical analysis results: · Average heart rate (HR) · Heart rate variability (HRV) · Respiration rate |
Additional physiological information extracted from the measurement data. |
To provide information users may find interesting in addition to the actual results related to the intended use of the Application. |
Customer Support And Other Communication
When you contact us for customer support or otherwise communicate with us, you
may provide us with information related to your use of our Services, including
information about your device and any other information you deem helpful, as
well as how to contact you (e.g., a phone number). For example, you may send us
an email with information relating to the Application’s performance or other
issues.
Account Information
When you create an account for the Application, the following information may be stored by CardioSignal.
|
Data |
Description |
Reason |
|
Email address |
Email address. |
Email is used as the username for the MyCardioSignal account and as the contact information. |
|
Time and time zone |
The date and time when the measurement was made. |
Personalized activity monitoring. |
|
Measurement activity |
Last measurement date. |
Evaluate the functionality of the Application and Service. Ability to provide customer support. Tailored communication for optimal user experience. |
|
Language code |
The language which the user has selected. |
This is used for using the preferred language in communication. |
|
Application/ Website activity |
Information about your participation or engagement in marketing campaigns and Website activities. |
Customer analytics. |
We may collect information about your activity on our Application, Website and Services, such as service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Application, Services and Website, your settings, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.
Cookies and analytics
We use cookies and analytics to operate and provide our Website, Application and Services, and to provide our web-based services, improve your experiences, understand how our Application, Website and Services are being used, and customize them. For example, we use analytics to develop our Application and Services. We may also use cookies to understand which of our articles on the Website are most popular and to show you the most useful information. Additionally, we may use cookies to remember your choices, like your language preferences.
All of our web-based services are functional if you decide to deny all cookies.
Events, surveys, participation
When you attend an online or on-site event organized by CardioSignal we collect the relevant data required to deliver you a good event experience. We may also collect data to further improve the relevance of our event, but providing such information is voluntary. We also conduct various surveys or collect feedback, either in connection with the events or separately. We use the information only to deliver you the event experience, unless you have explicitly given us consent to receive information via email in the future.
By default, Personal Data collected through online or on-site events, or online or on-site surveys, will be deleted after one year if there has not been any engagement during this time.
Voluntary health survey
A health survey can be accessed through the Application. The risk is automatically calculated when the user completes the questionnaire, and the result is based on known risk factors used by physicians and general statistics. It does not involve any health assessment conducted by a real physician.
What is collected from the health survey?
The health survey questionnaire collects the following information:
· Year of birth, weight, height, sex category;
· Sleep apnea, diabetes mellitus, heart failure, hypertension, prior stroke, and coronary artery disease, and;
· Consent to use the survey data for medical studies.
The questions of the health survey may be based on known risk factors of stroke, atrial fibrillation, and other cardiovascular health-related conditions.
Why is this information collected?
This health survey information is collected to calculate your risk of cardiovascular health-related conditions and to give a personal recommendation on the use of the MyCardioSignal Mobile Application.
How is the data used?
Answering the health survey is voluntary. The data collected in the health survey are confidential and will be stored in the CardioSignal system for analysis. All your data will be handled anonymously. CardioSignal can use the data for improving CardioSignal’s services, for providing a more personalized user experience, and for statistical analysis. CardioSignal will not disclose your Personal Health Data to Third Parties unless you have otherwise authorized such sharing through your Physician (defined below).
Hereinafter all of the above-mentioned, from “contact information” to “voluntary health survey” data, is collectively called “Personal Data”.
We would like to draw your attention to the fact that Personal Data consisting of patient medical data are also protected by medical secrecy rules.
Other data
The Application also collects other data that are used for personalizing the Application’s user experience.
|
Data |
Description |
Reason |
|
Language code |
The language which the user has selected. |
This is used for setting the preferred language in the Application and other possible communication. |
|
Approved Terms of Use |
Information on which Terms of Use version the user has approved. |
The user cannot use the Application without approving the Terms of Use. If the Terms of Use are updated, then this information must match the latest version. |
|
Latest measurement information |
Information on when the previous measurement was taken and the result. |
This information is used for personalizing the Application and for assessing your Personal Data’s retention period. |
|
User modifiable options |
User modifies the Application settings and selections. |
This information is used for personalizing the Application. |
Information Received and Shared with Physicians
If you have separately authorized your physician or other healthcare service provider (each a “Physician”) to receive data collected through the Application, your Physician has provided CardioSignal with confirmation of such agreement from you, and your Physician has entered into an agreement to receive services from CardioSignal, then CardioSignal may share your data, including Personal Health Data (e.g., measurement results collected through the MyCardioSignal Mobile Application), with your Physician for the purpose of enabling your Physician to provide you care. In such cases, CardioSignal may provide your Physician with: (a) Personal Data, Personal Health Data, and reports of the same, from which your Physician can review your cardiovascular health-related data, assess disease risk detection, and review other data derived from data collected from the Application, (b) software services for your Physician to authorize and share with you access to the MyCardioSignal Mobile Application, which is used for capturing your cardiovascular function-related data, (c) means for your Physician to analyze your cardiovascular function-related data through the CardioSignal Cloud Service to develop cardiac health, disease risk detection and monitoring data for Physicians to review your Personal Data and Personal Health Data.
All Personal Data that we process originate from the User of the Application as described in Section 3 above.
We may also collect device data automatically from your devices that interact with our Application in accordance with the access rights given with your consent.
In the case of collaborative projects with hospitals or other healthcare service providers, as noted in Section 3 above, it is also possible that we receive Personal Data (including Personal Health Data) from these parties, including from Physicians. For example, a list of individuals collected by the hospital or Physician’s office to whom they wish to provide access to the Application through partnership.
CardioSignal (I) collects, (II) uses, (III) maintains and (IV) may share your Personal Data, including Personal Health Data, provided by you or collected by us with its affiliates, parent companies or other related companies for all purposes necessary to ensure the proper functioning and operation of the User Accounts and/or the proper functioning of the Application. These purposes (collectively “Purpose”) may include:
· Creating and managing your Account to use the Application and Services;
· Providing information and allowing Users to access the Application;
· Customizing and personalizing the content and features you see in the Services, Application and Website;
· Placing transactions or orders;
· Conducting research relating to our Application, Services and Website;
· Diagnosing technical problems and managing technical support and processing inquiries concerning the Application;
· Contacting Users by email or push notifications (if they are enabled) to (I) verify their account (II) for information and operational purposes such as account management, instructions, alerts, reminders, customer service, and system maintenance, among other things;
· Contacting Users to (I) communicate about and organize their participation in market or other research or (II) obtain testimonials;
· Commercializing the Application and Services;
· Performing data analyses (including the creation of Anonymized Data and Pseudonymized Data) and using and sharing the resulting Anonymized Data with Third Parties, including for commercial purposes;
· The operation, evaluation and improvement of the Application and Website (including the development of additional products, features, and/or services, enhancing and improving the current Application and Website, analysis of our Application and Website, quality control activities and performing internal business functions such as accounting and auditing);
· Protecting against, identifying and preventing fraud and other unlawful activity, claims and other liabilities;
· Complying with and enforcing any applicable legal obligations, including with respect to our Terms of Use and Privacy Policy.
CardioSignal is free to access, retain, and disclose Personal Data in the following circumstances:
· In order to be in compliance with any applicable legislation or regulations;
· If a law enforcement authority or other government official requests it;
· To enforce the CardioSignal Terms of Use or Privacy Policy;
· For the investigation of any suspected or actual fraudulent or illegal activity; and
· To protect your or our safety and/or rights.
We may disclose certain information to vendors and service providers who help us provide the Application. Examples of these vendors and service providers include entities that provide analytics and web hosting services.
Technical processing and transmission of the Application, including your Personal Data, may involve (I) transmissions over various networks; and (II) modifications to conform and adapt to the technical requirements of connecting networks, or devices.
Anonymized Data and Pseudonymized Data
We may use Anonymized Data and Pseudonymized Data to test features in development and to analyze the information we have in order to evaluate and improve the Application, Services and Website, to develop new services or features, and to conduct audits and troubleshooting activities. Anonymized Data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, date of birth, demographic information, and time zone. Furthermore, we agree not to attempt to re-identify Pseudonymized Data and not to transfer Pseudonymized Data to any party unless that party agrees not to attempt to re-identify any personal identifying information from such data. We may share Pseudonymized Data and Anonymized Data with our affiliates, agents, advertisers, manufacturers, academic researchers, and business partners. We may also disclose Anonymized Data in order to describe our Application and Services to current and prospective business partners and to other third parties for other lawful purposes.
CardioSignal shall take appropriate administrative, technical (e.g. the Application uses encrypted data transmissions) and organizational measures against unauthorized or unlawful processing of any Personal Data or the accidental loss, destruction or damage, access, disclosure or use of Personal Data.
CardioSignal is committed to protecting the privacy of all of its Users’ Personal Data and to providing a secure, user-controlled environment for the use of the Application. At the same time, you also share responsibility for maintaining privacy and security, for example, by not allowing any Third Party to use your personal account on the Application. CardioSignal requires all Users to be responsible for safeguarding any authentication information and to immediately notify CardioSignal of any unauthorized use of your personal Account.
We do not disclose Personal Data to Third Parties except as provided in this Section 7.
Other than as set out in this Privacy Policy, we shall not disclose your identifiable Personal Data to Third Parties unless this is necessary for the purposes set out in this Privacy Policy or unless we are required to do so by law.
We may share Personal Data with Third-Party service providers who help us to provide, understand, commercialize and improve our Application and Services. We do not authorize these Third-Party service providers to use or disclose your Personal Data except as necessary to perform these services or to comply with applicable legislation, including Data Protection Laws. We seek to provide any such Third-Party service provider with only the Personal Data they need to perform their specific function and require that they comply with all applicable Data Protection Laws in their use and disclosure of Personal Data.
In certain cases, we may share Personal Data with Third-Party partners for research studies or collaboration projects. In these cases, you will be informed at the time of collection of your Personal Data, and adequate consents will be obtained to comply with applicable Data Protection Laws, for example, if a collaborating hospital offers medical assistance based on your analysis results.
In any event, such Third-Party providers shall be obliged to treat your Personal Data in accordance with applicable Data Protection Laws. However, you agree that CardioSignal cannot be held liable for any damages, whether direct or indirect, that may result from the misuse of your Personal Data by such Third Parties.
CardioSignal has the right to use Anonymized Data for any and all commercial purposes. Anonymizing data removes the possibility of linking your Pseudonymized Data to any identifiable information such as your email address so that it is no longer possible to identify who the data belongs to.
We may also disclose your Personal Data to effect a merger or acquisition or to support the sale or transfer of business assets. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or prominent notice via the Application, Services, or by email of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
We may also disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of investigating, preventing, or taking action regarding suspected or actual illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use, to comply with subpoenas, or as otherwise required by law. In the event that we receive a subpoena affecting your privacy, we are not required to notify you or quash the subpoena ourselves.
If you are a California resident, you may request that we:
· Disclose to you the following information covering the 12 months preceding your request:
o The categories of Personal Information (as defined under the CCPA) we collected about you and the categories of sources from which we collected such Personal Information;
o The specific Personal Information we collected about you;
o The business or commercial purpose for collecting (if applicable) Personal Information about you; and,
o The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
· Delete Personal Information we collected from you.
To exercise your rights under the CCPA, you must submit a “verifiable consumer request.” Only you, or your authorized agent, may make a verifiable consumer request related to your personal information.
A verifiable consumer request must provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative. To verify your consumer request, we may ask, for example, for the submission of the person’s first and last name, address, and date of birth. If we cannot verify your identity or authority to make the request, we will not be able to fulfill your request. The information provided for verification will only be used for that purpose.
You can request access to your personal information or have your information deleted. To exercise your rights under the CCPA, please submit a request by sending an email to support.us@cardiosignal.com or call (833) 865-5231.
If you have already submitted a request and want to know the status, please send us an email at support.us@cardiosignal.com. You will need the Request ID number that we sent to you after you submitted your initial request.
CardioSignal will delete your Account after one year of inactivity. Deletion of your Account will result in all Personal Data being stripped of identifying information, such that any remaining data collected through your use of the Services, Application, or Website will be converted to Anonymized Data. You can request all your Personal Data and account deletion at any time from support.us@cardiosignal.com. By doing so you can no longer access your data, and the username is removed from the database so that the identification of Personal Data is no longer possible. We may retain and continue to use and disclose Anonymized Data for any commercial purpose, including sharing with Third Parties.
Our Application or Website may contain links to services we do not own or control, including social media websites, AppStore rating, or other similar services hosted by third-party providers. We are not responsible for the privacy practices of any Third Parties who do not act as our Third-Party service providers, or for linked content.
This Privacy Policy does not apply to these third-party websites or applications accessible from or referenced on our services.
Occasionally, we may change or update this Privacy Policy to allow us to use or share your previously collected Personal Data for other purposes. If CardioSignal were to use your Personal Data in a manner materially different from that stated at the time of its collection, we will provide you with a notice on our Website or our Application indicating that the Privacy Policy has been changed or updated. You can also always find the latest version of our Privacy Policy on the Website.
This document was updated February 20, 2023.