Last Revised: June 7, 2016
The Services are directed solely to persons 18 years of age or older, and we do not knowingly gather Personal Information from visitors who are under 18. If we become aware that we have gathered Personal Information from a person under 18, then we will attempt to delete such information as soon as possible. If you believe that we have gathered Personal Information from a person under 18, please contact us at [email protected].
Collection of Information
Personal Information. By their nature, the Services track certain data that may be used to identify you individually. Currently, such information consists of your (i) Biometric Information, (ii) SNS Information, and (iii) mobile device data such as your phone’s unique device id number. When registering to use the Services and creating an account (“Cardiogram Account”), we may also ask you to provide certain information about yourself, such as your name, email address, social media username, and user name and password (“Personal Contact Information”). Your Personal Contact Information, together with any other information we gather through the Services that may be used to identify, contact, or locate you individually, is collectively referred to herein as your “Personal Information.”
Data, Diagnostic & Login Information. You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Some of this Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version, and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).
Biometric Information. Certain features of the Services may actively record biometric information about yourself as you use the Services. This tracking is accomplished through integration with your mobile device’s health tracking technology, such as Apple’s HealthKit API or Google Fit. Such information is referred to as “Biometric Information.”
Information You Provide to Social Networking Sites. You can link your Cardiogram Account to your accounts on Social Networking Sites (“SNS”) such as Facebook when using the Services. By linking your Cardiogram Account with your account on Facebook or another SNS, you are allowing us to access your information on that SNS. The information that we collect from your SNS account may depend on the privacy settings you have with that SNS. Therefore, you may be able to control the information that we collect from your SNS account by adjusting your privacy settings on that SNS. You can also de-link your SNS account from the Services at any time via your Cardiogram Account settings. The information we collect from your SNS account(s) is referred to as “SNS Information.”
Usage and Analytics Information. As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include information regarding your mobile device (such as your device model and unique device id number), browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Usage and Analytics Information.”
Geo-Location Information. We do not collect any information regarding your real-time geo-location while using the Services. However, we may do so at some point in the future. We will request your permission before collecting such information.
Use of Information
|Personal Information & SNS Information|
We use your Personal Information and SNS Information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, to send you administrative notifications (such as security, support or maintenance advisories), for service improvement, and to address issues like malicious use of the Services.
We may also use your Personal Information (excluding Biometric information) to notify you about new features in the Services, and to send you general information about us and/or our partners.
We do not actively collect Personal Information or SNS Information for the purpose of sale of such information in a way that specifically identifies the individual (i.e. we don’t sell customer lists).
|Data, Diagnostic Information and Login Information||We use this information for the purpose of administering and improving our Services to you.|
We use this information to administer and improve our Services to you, such as by providing you with health-related feedback. We may also use your Biometric Information in a de-identified, aggregated, and anonymous way to monitor and analyze use of the Services, to increase the Services’ functionality and user-friendliness, and for the purpose of medical research.
We do not disclose to third parties user data gathered from the HealthKit APIs or from health-related human subject research for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research. We do not use or disclose to third parties your Biometric Information for the purpose of advertising or marketing in any way.
We do not share user data acquired via the HealthKit or CareKit APIs with third parties without user consent.
|Usage and Analytics Information||We use this information to administer and improve our Services to you. We may also use your Usage and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.|
Disclosures & Transfers
Our service providers
From time to time we may need to employ third parties to help us provide the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to provide the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is absolutely necessary to assist us in providing the Services.
Law and Order
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of us or our users; or (d) protect our property rights.
Successors and Assignees
These Services are hosted in the United States and are intended primarily for visitors located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you may be transferring your Personal Information outside of those regions to the United States for storage and processing. By providing your Personal Information through the Services, you consent to such transfer, storage, and processing.
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.
For any security-related issues, please email us at [email protected].
Sharing Information with Third Parties
Access and Accuracy
You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: [email protected].
We are not an entity that is covered by the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rules apply to health plans, health care clearinghouses, to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA and their service providers. This means that the information that you provide to us is not protected by the HIPAA privacy rules and regulations.
You can help by keeping us informed of any changes such as a change of your Personal Contact Information. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at [email protected]. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.