Effective date: December 20, 2022
While we collect and process information related to your health, we are not a covered entity subject to HIPAA. HIPAA requirements do not apply to the health information we collect and process through the Services.
The Information We Collect
When you use or access the Services, we may collect certain information directly from you, automatically from your use of the Services, from devices you connect to the App, and from third-party applications that you choose to integrate with our App.
Information We Collect Directly from You
When you use or access the Services, we may collect personal information that you directly provide us, such as the following:
- Profile information, such as your name, email address, birth date, height, weight, gender, and teams with which you link your profile.
- Health information you enter into the Services, such as energy level, soreness, sleep duration, sleep quality, mood, stress level, height, weight, blood glucose, and blood ketones.
- Workout and fitness information you enter into the Services, such as your self-reported fitness level and exercise activity, activity duration, and activity intensity information.
- Authentication information, such as your username and password.
- Payment information when you make a purchase, such as payment card numbers, expiration dates, associated security codes, and billing address.
- Professional and employment-related information and education information you submit when you apply for a job with us, such as your resume, links to social media profiles, responses to application questions, and any other information you provide in your employment inquiries or applications.
- Biometric identifiers and information, such as finger or facial scanning information, we collect when you use App functions designed to estimate your heart rate variability and other biomarkers through images captured through your mobile device’s camera. These App functions are not designed to identify you, but rather to provide inputs that the App uses to estimate heart rate variability and other biomarkers.
- Information about your team or organization when you create or join a team in Team Dashboard, such as the name and type of organization associated with your team.
- Any other information you submit when you contact us through the Website or App, including any information you provide in a submission through our contact form.
We may also collect personal information from you if you respond to surveys we deliver through the Services, or by email or over the phone. Depending on the nature of the questions and your responses, this information may include health and behavior information, and any other personal information you provide through your survey question responses.
Information We Collect Automatically from Your Use of the Services
We also may collect certain other information automatically when you use or access the Services, such as the following:
- Browser and Device Information.
Certain information may be automatically collected by most browsers or devices, such as information about user devices (such as IP addresses and MAC addresses), operating systems, and browsers.
- Information Stored in Cookies and Web Beacons.
- Pixel Tags and Log Files.
The Services may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
- Information Collected in Connection with Analytics Technology.
- Location Information.
When you use the Services, we may collect information about your location, including general location information that may be associated with your device’s IP address, and, if you allow your device to share information about your location with the App, the geolocation of the device you use to access the App, which may indicate your precise geolocation.
Information We Receive from Devices You Connect to the App
If you choose to connect the CorSense HRV monitor or a third-party heart rate monitor to the App, we may also receive health information, including heart rate and heart rate variability information, from the device you connect to the App.
Information We Receive from Third-Party Applications You Choose to Integrate with the App
We may also receive personal information from third-party applications that you choose to integrate with the App. Depending on your integration selections, the personal information we receive from such third parties may include workout information, such as exercise activity and duration information, and health information such as sleep duration and quality.
How We Use Your Information
As a general matter, we use, disclose, transmit, transfer, store, and otherwise process your personal information when we have an appropriate legal basis. We may process the information we collect from you for the following purposes.
- For our legitimate interests, consistent with your rights and appropriate to the context, including for:
- Providing, developing, maintaining, personalizing, protecting, and improving the Services, including delivering analytics, visualizations, and other reports based on the information you provide to the Services.
- Processing payments for your purchases through the Services, such as when you subscribe to the Personal Pro or Team Dashboard.
- Operating, evaluating, debugging, identifying and repairing errors, effectuating similar functional enhancements, and improving our Services.
- Understanding how you and other users use our Services, performing analytics, analyzing and reporting on usage and performance of the Services and marketing materials, and determining what features and functionality may interest you and other users.
- Communicating with you and others, including responding to your requests and providing promotional information.
- Recruitment and hiring purposes, including evaluating and processing your employment application.
- Storing information about your preferences, recognizing you when you use the Services, and customizing your experience.
- Creating aggregate or de-identified information.
- Legal and safety purposes, such as maintaining the safety, security, and integrity of our Services, other technology assets, services, and our organization; preserving or enforcing our legal rights and property; protecting our users, our employees, and others; and complying with industry standards.
- Protecting against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
- Evaluating or participating in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
- Such other purposes as you may authorize.
- To perform obligations pursuant to contractual terms you have accepted, such as our terms and conditions.
- To the extent you provide your consent, including for our processing of your health information, biometric information, and biometric identifiers. If you consent to our collection and processing of health information, we will process that information for the purposes to which you consent, which may include delivering analytics, visualizations, and other reports to enable you to assess your health and performance. Similarly, if you consent to our collection and processing of biometric information and identifiers, we may use such information for the purposes to which you consent, which may include using your mobile device’s camera to conduct facial and finger scans designed to estimate your heart rate variability and other biomarkers so we can deliver analytics, visualizations, and other reports to enable you to assess your health and performance based on your heart rate and heart rate variability.
- To comply with applicable law and legal obligations.
Disclosure of Your Information
We may disclose personal information we collect about you:
- To other users, such as other participants in teams with which you link your profile or information.
- To our contractors, service providers, and other third parties we use to support our organization, which may include support of any of the data uses described above.
- To comply with applicable law, other legal requirements, and industry standards.
- To investigate or prevent unlawful activities or misuse of the Services.
- To protect against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
- To operate, evaluate, debug, identify and repair errors, effectuate similar functional enhancements, and improve our Services and offerings.
- To protect the legal rights, property, safety, and security of us, our users, our employees, and others.
- To an actual or potential buyer, successor, or other organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
- To such other parties as you may authorize.
We may also publish summaries of aggregate and de-identified information created from our users’ data in our blog posts and white papers.
Storage and Retention of Your Information
We retain personal information other than biometric information for as long as we reasonably need it to fulfill the purposes for which it was collected, including provision of the Services and to comply with law, resolve disputes, and enforce our agreements, as applicable. For example, if you register on our Services, we will store your information for as long as needed to maintain your account, provide you the Services or other functionality as you request it, enforce any applicable terms that govern your use of the Services, and maintain appropriate records to reflect our delivery of Services to you.
Unless otherwise required by a valid warrant or subpoena issued by a court of competent jurisdiction, we will securely destroy or erase biometric information upon the earlier of (i) fulfilling the purpose for which we collected the biometric information, such as providing you access to estimates of your heart rate variability based on facial or finger scanning, or (ii) three years from your last interaction with us. We will securely destroy or erase biometric information in accordance with the reasonable standards of care applicable to our industry designed to destroy or erase the relevant information such that it cannot be practicably read or reconstructed.
Your Rights and Choices
You may choose not to provide the personal information we request through the Services. However, not providing information we request may restrict your ability to use certain features of the Services. For example, you may choose not to connect devices to the App or choose not to integrate the third-party applications with the App, but doing so may prevent you from receiving or using analytics, visualizations, and other reports through the Services that use personal information received from connected devices or third-party application integrations.
Similarly, you may also be able to restrict the collection of personal information through the Website through your device’s operating system or by disabling cookies, but doing so may prevent you from using the functionality of the Website. Some Internet browsers have a “do-not-track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, the Website does not respond to browser “do-not-track” signals.
For information about interest-based advertising, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative (NAI) opt out tool (https://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Self-Regulatory Program for Online Behavioral Advertising (https://youradchoices.com/), or, for users in Europe, the EDAA’s opt-out page (https://youronlinechoices.eu/). Please note that any opt-out choice you exercise through these programs will apply to interest-based advertising by the third parties you select, but will still allow the collection of data for other purposes, including research, analytics, and internal operations. You may continue to receive advertising, but that advertising may be less relevant to your interests.
The Services may include links to or options to integrate with third-party websites, applications, information, and services provided by third parties. We are not responsible for the privacy policies or practices of those third parties. We encourage you to review the applicable privacy policies of such third parties if you elect to follow the links provided or integrate our Services with third party applications and services.
How We Protect Your Information
We maintain safeguards that are reasonably designed to protect the information collected through the Services. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is 100% secure.
We operate internationally and your personal information may be transferred outside the jurisdiction you are located. The data protection laws in other jurisdictions may differ from the jurisdiction where you are located and may not provide the same level of protection compared to the laws in the jurisdiction in which you are located.
When we transfer personal information subject to the data protection laws of the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland outside of the EEA, UK, or Switzerland, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.
Additional Information for Individuals Located in the EEA, UK, and Switzerland
If you are located in the EEA, UK, or Switzerland, you may have additional rights to withdraw consent, request access to, correction of, erasure of, or the transfer of your personal information, or object to or restrict the processing of your personal information. You may exercise these rights, if applicable, by contacting us as described in the “Contacting Us” section of this Policy. Individuals located in the EEA, UK, or Switzerland may also have the right to lodge a complaint with an EEA, UK, or Swiss supervisory authority, as applicable.
Additional Information for Residents of California
This section applies only to residents of the State of California and generally describes how we collect, use, and disclose the personal information of California residents and their households (“California Personal Information”). However, California Personal Information does not include, and this section does not apply to:
- Personal information reflecting a communication or a transaction between us and a California resident acting as a representative of an organization that relates to the organization obtaining products or services from us.
- Personal information, emergency contact information, and benefits administration information we collected about a California resident in the course of that California resident acting as our job applicant, our employee, our owner, our director, our officer, our medical staff member, or our contractor to the extent we use that information within the context of that California resident’s role as our job applicant, our employee, our owner, our director, our officer, our medical staff member, or our contractor.
- Other personal information excluded or excepted from requirements of the California Consumer Privacy Act of 2018 (“CCPA”).
Additionally, this section applies only to the extent we direct the purposes and means of California Personal Information processing and otherwise qualify as a business subject to the CCPA.
California Personal Information We Collect
We may collect, and may have collected in the preceding 12 months, the following categories of California Personal Information, as described in more detail above in “The Information We Collect” section:
- Identifiers, including online identifiers.
- Commercial information.
- Internet and other electronic activity information.
- Inferences drawn from your activity.
- Geolocation data.
- Biometric information.
- Other categories of personal information described in California law.
Sources of California Personal Information We Collect
We collect California Personal Information from the sources described in the “Information We Collect About You” section of this Policy.
Purposes for Which We Use California Personal information
We may collect and use the categories of California Personal Information described in the “California Personal Information We Collect” section above for one or more of the business and commercial purposes described in the “Uses and Purposes for Processing Your Information” section above.
Disclosures of California Personal Information for a Business Purpose
In the preceding 12 months, we may have disclosed the categories of California Personal Information listed below to the categories of third parties identified below for a business purpose:
- Identifiers, including online identifiers—with our service providers.
- Commercial information—with our service providers.
- Internet and other electronic activity information—with our service providers.
- Inferences drawn from your activity—with our service providers.
- Geolocation data—with our service providers.
- Biometric information—to such third parties as you may authorize.
- Other categories of personal information described in California law—with our service providers.
Sales of California Personal Information
In the preceding 12 months, we have not sold California Personal Information. We do not sell California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.
California Personal Information Rights and Choices
The CCPA provides California residents with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.
Access to Specific Information and Data Portability Rights.
California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:
- The categories of California Personal Information we collected about you.
- The categories of sources for the California Personal Information we collected about you.
- Our business or commercial purpose for collecting California Personal Information about you.
- The categories of third parties with which we share your California Personal Information.
- The specific pieces of California Personal Information we collected about you.
- If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.
Deletion Request Rights.
California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.
Exercising Access, Data Portability, and Deletion Rights.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. In order to verify your request, we may require you to provide additional information, including account profile information such as your Services email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.
Subject to certain exceptions, you have the rights to not receive discriminatory treatment for exercising your access, data portability, opt-out, and deletion rights described above.
Notice of Financial Incentive.
From time to time we may offer opportunities to participate in programs designed to incentivize your use of the Services, such as allowing you to enter into a gift giveaway if you take a specified number of measurements using the App within a designated time period. Under California law, these programs may be considered a financial incentive provided in exchange for the collection of personal information. We will provide you additional information regarding specific programs when we offer them.
Changes to this Policy
We may update this Policy to reflect changes in our privacy practices at any time and without prior notice to you. When we do so, we will update the Effective Date of the Policy, above. We encourage you to periodically review this Policy for the latest information on our privacy practices.
If you have any questions or comments about this Policy or our privacy practices, or you would like to ask for access to or amendment of deletion of your personal information, please contact us at: email@example.com orElite HRV Inc, 125 S Lexington Ave, Suite 101, PMB 28, Asheville, NC 28801