PRIVACY POLICY
At AliveCor your privacy is important to us. Our Privacy Policy describes the information we collect, how we collect information, and the reasons we collect information. This Privacy Policy also describes the choices you have with the information we collect, including how you can manage, update, or request to delete information.
Please take a moment to review this Privacy Policy. You may scroll through this Privacy Policy or use the links below to navigate to specific sections. It is important that you understand this Privacy Policy. By using our website, mobile app, software, and/or services, you are agreeing to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, you may Contact Us at any time.
Table of Contents
II. Key Terms & Definitions and Our Privacy Policy
When does our Privacy Policy apply?
When does our Privacy Policy not apply?
Our Privacy Policy and Terms of Service.
What is Personal Information?
What types of Personal Information do we collect?
How do we collect your Personal Information?
How do we use your Personal Information?
How do we share your Personal Information?
Your choices about how we share your Personal Information.
How do I access and correct my Personal Information?
VI. Does AliveCor respond to Do Not Track signals?
VIII. California Privacy Rights - Notice to California Residents
Collection of Personal Information.
Categories of Sources from which we have collected Personal Information.
Use of Personal Information collected from California Residents.
Sharing the Personal Information of California Residents.
Disclosures of Personal Information for Business Purposes.
Access Request Rights.
Deletion Request Rights.
Exercising Access and Deletion Rights.
Non-Discrimination.
IX. California's Shine the Light Law.
X. European Economic Activity Zone Users
Consent to Processing of Personal Information.
What rights do I have?
Automated Decision Making.
XI. Changes to our Privacy Policy
I. Who is AliveCor?
Our mission is to save lives and transform cardiology by delivering intelligent, highly-personalized heart data to clinicians and patients anytime, anywhere.
AliveCor is not a medical group or a health care provider. AliveCor provides its users with the ability to obtain a telemedicine consultation provided by independent medical practitioners including, but not limited to, Florida Cardiac Health Medical Group, P.A. d/b/a Cardiac Health Medical Group and members of its Affiliated Covered Entity (collectively “Cardiac Health Medical Group”), an independent medical group with a network of United States based health care providers (each, a “Provider”). Cardiac Health Medical Group (or your own medical provider if you do not use a Cardiac Health Medical Group Provider) is responsible for providing you with a Notice of Privacy Practices describing its collection and use of your health information, not AliveCor.
II. Key Terms & Definitions and Our Privacy Policy
It is helpful to start by explaining some of our key terms and definitions used in this Privacy Policy.
Key Term | Definition |
---|---|
“Affiliated Covered Entities” | Is a group of independent medical practices providing licensed cardiac medical services exclusively to users and/or members of Kardia, Kardia+ and KardiaComplete services. |
our “App(s)” | Kardia™, KardiaComplete, KardiaStation, and/or KardiaPro |
our “Devices” | KardiaMobile®; KardiaMobile 6L; or KardiaMobile Card |
Personal Information | Any information relating to an identified or identifiable individual and any information listed here. |
Privacy Policy | This privacy policy. |
our “Services” | Our Website, our App, our Software and any services provided through our Website, our App, or our Software. Services also includes membership in the KardiaCare, KardiaCare+ or KardiaComplete services. |
our “Software” | KardiaPro, our software |
our “Terms of Service” | Our terms of service located here. |
our “Website(s)” | Our websites, including: |
AliveCor, we, us, or our | AliveCor, Inc., Cardiolabs, Inc (d/b/a AliveCor Labs), AliveCor Labs, LLC, and AliveCor Services, LLC (collectively, “AliveCor”). |
When does our Privacy Policy apply?
This Privacy Policy describes the types of information we may collect from you when:
-
You visit or use our Websites;
-
You visit or use our Apps, including your use, subscription to or membership in KardiaCare, KardiaCare+ or KardiaComplete services;
-
You use our Software;
-
You use our Devices and connect them to a mobile device running our App;
-
We communicate in e-mail, text message, and other electronic messages between you and us; and
-
We communicate in person, such as on the phone or through a telehealth visit.
When does our Privacy Policy not apply?
This Privacy Policy does not apply to information collected by any other website operated either by us or by a third party, unless the website is listed above or links to this Privacy Policy. It also does not apply to any website that we may provide a link to or that is accessible from our Services.
Our Privacy Policy and Terms of Service.
This Privacy Policy is incorporated into our Terms of Service, which also apply when you use our Services.
III. Personal Information
What is Personal Information?
Personal information is information from and about you that may be able to personally identify you. We treat any information that may identify you as personal information. For example, your name and e-mail address are personal information.
What types of Personal Information do we collect?
We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):
Categories of Personal Information | Specific Types of Personal Information Collected |
---|---|
Personal Identifiers | a real name, birth date, e-mail address, shipping address, or Patient ID. |
Information that identifies, relates to, describes, or is capable of being associated with a particular individual | name, username or online identifier, physical characteristics or description, shipping address, telephone number, credit card number, debit card number, or any other financial information, health or medical information, weight, body mass index (BMI), whether you are a smoker or non-smoker, medical conditions, family medical history, medications currently taking or prescribed, electrocardiogram (“ECG” or “EKG”) measurement data, average heart rate, location on your body where a EKG was taken (e.g. finger tips, chest, limbs, etc.), heart rate, step count, distance traveled, glucose and oxygen saturation levels, active and resting energy levels, sleep analysis, blood pressure readings, workout history, your activity levels, and accelerometer data. |
Characteristics of protected classifications under California or federal law. | Race, Color, Age, National origin, or Disability |
Biometric information | Photos, video, and voice |
Internet or other electronic network activity information | IP address, device mode, device ID, OS version, device language, operating system, browser type, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. |
Geolocation data | Physical location or movements, local time, and local time zone. |
User Generated Content | You may use your mobile device to add notes, tags, or voice memos to EKG recording you make with our Devices. For example, you may add a note to an EKG recording to describe how you were feeling at the time of the recording, what you were doing, or your diet related to specific health conditions. We will automatically transcribe any voice memos and include them with the EKG recordings. |
How do we collect your Personal Information?
We collect most of this Personal Information directly from you. For example, when you set up an account through the App or sign up for Services, we may speak to you by phone, text message, and e-mail. Additionally, we will collect information from you when you visit our Website or App and fill out forms, use our Software or our Devices, or purchase or use our Services.
We may also collect Personal Information in the following ways:
-
From your mobile device or smart watch.
-
From third-party apps you choose to connect your mobile device to, such as Apple Health or Google Fit.
-
When You Use A Premium Feature. When you choose to participate in a premium service from AliveCor (e.g., KardiaCare, KardiaCare +, and KardiaComplete), we collect additional information from you related to those services. Some premium features are paid services.
-
When you make payments through the Service. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
-
When You Use the KardiaPro Service. When healthcare professionals enroll in the KardiaPro service, we ask the healthcare professional to provide his or her National Provider Identifier (NPI) number. When a healthcare provider submits patient information through the KardiaPro service, based on permissions from both the patient and the healthcare professional, we receive patient profile information including: name, e-mail address, telephone number, birthdate, gender, medical record number, and any notes, tags, or voice memos submitted by the healthcare professional.
-
When You Use The Clinical Review or Telehealth Services. If you use the clinical review or telehealth services through the App or participation in KardiaCare, KardiaCare+ or KardiaComplete services we will receive the results of your clinical analysis and deliver those results to you through the App. The clinical review and telehealth services are provided by licensed medical professionals from the Affiliated Covered Entities.
-
When You Contact Us. When you contact AliveCor directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
We will also collect information automatically as you navigate through our Website and App. We use the following technologies to automatically collect data:
-
Cookies. We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Services through your computer or mobile device. A “cookie” is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. Some of the cookies we use are "session" cookies, meaning that they are automatically deleted from your hard drive after you close your browser at the end of your session. Session cookies are used to optimize performance of the Website and to limit the amount of redundant data that is downloaded during a single session. We also may use "persistent" cookies, which remain on your computer or device unless deleted by you (or by your browser settings). We may use persistent cookies for various purposes, such as statistical analysis of performance to ensure the ongoing quality of our services. We and third parties may use session and persistent cookies for analytics and advertising purposes, as described herein. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access or use certain parts of our Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or use our App.
-
Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of our Website. Google Analytics uses cookies, to help our Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). For more information, please visit Google and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.
-
Mixpanel. Mixpanel is provided by Mixpanel Inc. (“Mixpanel”). You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of the Mixpanel service please visit Mixpanel's site. For more information on what type of information Mixpanel collects, please visit Mixpanel's terms of use.
How do we use your Personal Information?
We may use your Personal Information for the following purposes:
-
Operate, maintain, supervise, administer, and enhance our Website, our App, and our Software, including monitoring and analyzing the effectiveness of content of the Services, aggregate site usage data, and other usage of the Services such as assisting you in completing the registration process.
-
Provide our products and services to you, in a custom and user-friendly way.
-
Provide you with information, products, or services that you request from us or that may be of interest to you.
-
Promote and market our Services to you. For example, we may use your Personal Information, such as your e-mail address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving these e-mails at any time as described below.
-
To provide you notices or about your account.
-
Contact you in response to a request.
-
To notify you about changes to our Services or any products or services we offer or provide through them.
-
Fulfill any other purpose for which you provide consent.
-
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
-
Anonymize and aggregate information for analytics and reporting.
-
To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
-
Authenticate use, detect fraudulent use, and otherwise maintain the security of our Website, our App, our Software, and the safety of others.
-
To administer surveys and questionnaires.
-
To provide you information about goods and services that may be of interest to you, including through newsletters.
-
Any other purpose with your consent.
We may share Personal Information with third parties in certain circumstances or for certain purposes we do not sell your Personal Information , including:
-
Our business purposes. We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security advisors. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
-
Your healthcare providers or family. With your consent, we may share your information, including information collected from your use of our Devices, with your health care providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
-
Other health-focused mobile apps. With your consent, we may share your profile information and data collected from your connected devices with other health-focused mobile applications installed on your mobile device to help you track your health and wellness information. If you share your information with these apps, your Personal Information, including your health information, will be used in accordance with privacy policies for those separate apps, not this Privacy Policy.
-
With your consent. We may share your Personal Information if you request or direct us to do so.
-
Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
-
Business Transfer. We may share your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
-
To enforce our rights. We may share your Personal Information to enforce any applicable terms and conditions and Terms of Use, and to ensure the safety and security of our Services and our users.
-
De-identified information. We may also disclose de-identified information (cannot be reasonably used to identify any individual) with third parties for marketing, advertising, research, or similar purposes. For example, we may share information such as your gender, height, weight, information about medications you have provided, and data from your connected devices, but we will not share your name or other information that could identify you.
-
To market our products and services. We may share your Personal Information with affiliates and third parties to market our products and services.
-
To market third party products and services. We may share your Personal Information with affiliates and third parties to market their products or services to you if you have not opted out of these disclosures. For more information on opting out, see Your Choices about how we share your Personal Information.
-
Third Party Analytics. We use Google Analytics and Mixpanel to understand and evaluate how visitors interact with our Services. These tools help us improve our Services, performance, and your experience. Users may opt-out of Mixpanel's analytics tracking by visiting https://mixpanel.com/optout. If you choose to use the Mixpanel opt-out, you will need to access the opt-out on each device you use.
.
This section of our Privacy Policy provides details and explains how to exercise your choices. We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Information for our advertising to you, and other targeted advertising. We do not control the collection and use of your information collected by third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes. You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative's (NAI) opt-out page and the Digital Advertising Alliance's (DAA) opt-out page.
Each type of web browser provides ways to restrict and delete cookies. Browser manufacturers provide resources to help you with managing cookies. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
If you do not wish to have your e-mail address used by AliveCor to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any e-mail or other marketing communications you receive from us or logging onto your Account Preferences page. This opt out does not apply to information provided to AliveCor as a result of a product purchase, or your use of our Services. You may have other options with respect to marketing and communication preferences through our Services.
You may also see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based, and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show you advertisements that may be tailored to your individual interests.
How do I access and correct my Personal Information?
You can review and change your Personal Information by logging into our Services and visiting either the “About You” or “Health Details” sections of our Services. You may also notify us through the Contact Information below of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
IV. Who may use the Services?
This Privacy Policy applies to all personal uses of our Services globally and you should not use the Services if you do not agree to the Privacy Policy. This Privacy Policy applies to EEA (European Economic Area) Data Subjects unless the Data Subject is using the Services under direction from a physician where the physician and the Data Subject/patient have an agreement between them covering the use of the Services. In such a case the physician or his/her institution's privacy policy will apply, not this Privacy Policy. If you are located in the United States or a country outside the EEA or Brazil, your information is stored in the United States, and by using or downloading the Service you agree that your Personal Information, including any information about your health that you provide directly to us or that we collect through your use of the Service, may be transferred to and stored in the United States. If you are an EEA or Brazilian user, we store your information in the European Union where all such information is processed in compliance with GDPR.
V. Children's Privacy
Our Services are not intended for children under 18 years of age. We do not knowingly collect or sell Personal Information from children under the age of 18. If you are under the age of 18, do not use or provide any information on or in these Services or through any of its features. If we learn we have collected or received Personal Information from a child under the age of 18 without verification of parental consent, we will delete it. If you are the parent or guardian of a child under 18 years of age whom you believe might have provided use with their Personal Information, you may Contact Us to request the Personal Information be deleted.
VI. Does AliveCor respond to Do Not Track signals?
Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Website and App are not currently set up to respond to those signals.
VII. Data Security
We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.
The sharing and disclosing of information via the Internet is not completely secure. We strive to use best practices and industry standard security measures and tools (e.g., SOC2 and ISO 27001 certifications) to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Website, our App, our Software, our Device, in your operating system, or mobile device.
VIII. California Privacy Rights - Notice to California Residents
If you are a California resident, certain Personal Information that we collect about you is subject to the California Consumer Privacy Act (CCPA).
Please note that the CCPA does not apply to, among other things:
-
Information that is lawfully made available from federal, state, or local government records;
-
Information that is deidentified or aggregated;
-
Medical information governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 46) of Division 1) (CMIA) or protected health information that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services (HHS), Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Public Law 111-5); or
-
A provider of health care governed by the CMIA or a covered entity governed by the privacy, security, and breach notification rules issued by HHS, established pursuant to HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information under CMIA/HIPAA/HITECH Act.
Collection of Personal Information.
Currently and in the last 12 months, we have collected and/or disclosed Personal Information about you when you use our Services, including information about you that you provide to us, and information we automatically collect from you or your computer or devices as you use our Services. Please refer to the section titled Personal Information for additional information and details.
Categories of Sources from which we have collected Personal Information.
We collect Personal Information directly from you, for example when you provide it to us, when you contact us through our Services, when you create an AliveCor account; and indirectly from you automatically through your computer or device as you use our Services. We may also collect Personal Information about you from our advertising partners and service providers.
Use of Personal Information collected from California Residents.
We do not sell your Personal Information and have not done so in the prior 12 months from the effective date of this Policy. We may use or disclose the personal information we collect for our business purposes described elsewhere in this Privacy Policy (for example, please refer to “How do we use your Personal Information?” and “How do we share your Personal Information?"). We do use cookies on our website that collect and share information collected from your browser for behavioral targeting which is a “sale” under the CCPA. We will not do this if you click the “Do Not Sell My Personal Information” link on the website. In addition you can opt out of all collection of your data for behavioral advertising by visiting networkadvertising.org/choices or aboutads.info/choices.
Sharing the Personal Information of California Residents.
AliveCor may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for Business Purposes.
We may disclose your Personal Information for our business purposes, such as your contact information, other information you have provided to us, and unique identifiers that identify you to us or to our service providers, such as companies that assist us with marketing and advertising. Please refer to “What types of Personal Information do we collect?” and “How do we collect your Personal Information?” for additional information and details.
We disclose your Personal Information to certain third parties such as our health care provider partners, service providers, including companies that assist us with marketing and advertising. For additional information please refer to “How do we use your Personal Information?” and “How do we share your Personal Information?".
Access Request Rights.
California residents have the right to request that AliveCor disclose certain information to you about our collection and use of your Personal Information over the past 12 months for the above business and commercial purposes. To submit an access request, see Contact Us. Once we receive and confirm your verifiable consumer request, we will disclose to you:
-
The categories of Personal Information we collected about you.
-
The categories of sources for the Personal Information we collected about you.
-
Our business or commercial purpose for collecting that Personal Information.
-
The categories of third parties with whom we share that Personal Information.
-
The specific pieces of Personal Information we collected about you.
-
If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
-
sales, identifying the Personal Information categories that each category of recipient purchased; and
-
disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
-
Deletion Request Rights.
California residents have the right to request that AliveCor delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless certain exceptions apply. Once the data is deleted you will no longer have access to the data through or by our Services.
Exercising Access and Deletion Rights.
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either calling us at 1-(855) 338-8800 or sending us an e-mail at privacy@AliveCor.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:
-
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
-
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Non-Discrimination.
We will not discriminate against you for exercising any of your CCPA rights. We will not:
-
Deny you goods or services.
-
Charge you different prices or rates for goods or services, including through granting discounts and other benefits, or imposing penalties.
-
Provide you a different level or quality of goods or services.
-
Suggest that you may receive a different price or rate for goods or services or different level or quality of goods or services.
IX. California's Shine the Light Law.
California Civil Code Section 1798.83 (California's “Shine the Light” law) permits users of our Services that are California residents and who provide Personal Information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Information to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared your Personal Information with for the immediately prior calendar year (e.g. requests made in 2021 will receive information regarding such activities in 2020). You may request this information once per calendar year. To make such a request, please Contact Us using the information below.
X. European Economic Activity Zone Users
AliveCor is the Data Controller of the Personal Information you provide on the Services. However, in some cases, this Privacy Policy may not apply to all European Economic Activity (“EEA”) users. This Privacy Policy does not apply to EEA users using the Services under the direction of a physician, where the physician and the patient have an agreement between them covering the use of the Services. In such a case, the physician or his/her institution controls the data collected by the Device and App, and the physician's or his/her institution's privacy policy will apply, not this Privacy Policy. If you are an EEA user, your Personal Information is stored within the EEA.
AliveCor has appointed a Data Protection Officer (Brian Clarke) in compliance with the General Data Protection Regulations. AliveCor and its subsidiary, AliveCor, LTD, and its Data Protection Officer may be contacted in any manner set forth below in Contact Us.
Consent to Processing of Personal Information.
We rely on your consent as a lawful basis to process your Personal Information for the following purposes:
-
Initial collection of Personal Information through the Services; and
-
Providing you with marketing or promotional communications. You may opt-out of such communications at any time by clicking the “unsubscribe” link found within the AliveCor e-mail updates and changing your contact preferences.
We also process Personal Information based on our contractual obligations to provide you the Services as described in How do we share your Personal Information?, including:
-
To enable the Service to function as expected.
-
To communicate with you in response to customer services inquiries, to deliver non-promotional, service-related e-mails, or to administer surveys and questionnaires.
-
To tailor your experience based on your general region. For example, we process clinicianreview requests from EEA-based users through an EEA-based clinicican review partner.
AliveCor may also process Personal Information pursuant to a legal obligation or to protect your vital interests or those of another person.
We will process your Personal Information as necessary for our legitimate interests. Our legitimate interests are balanced against your rights and freedoms and we do not process your Personal Information if your rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between AliveCor and you; detect and correct bugs and to improve our Services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; develop our product and services.
What rights do I have?
Individuals located in the EEA have certain rights with respect to their Personal Information. These rights include:
-
Access and Update. You can review and change your Personal Information by notifying us through the Contact Information below of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
-
Restrictions. You have the right to restrict our processing of your Personal Information under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Information is determined to be unlawful, or if we no longer need your Personal Information for processing but we have retained it as permitted by law.
-
Portability. To the extent the Personal Information you provide AliveCor is processed based on your consent or that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Information in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Information to another controller, when technically feasible.
-
Withdrawal of Consent. To the extent that our processing of your Personal Information is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Information.
-
Right to be Forgotten. You have the right to request that we delete all of your Personal Information. We cannot delete your Personal Information except by also deleting your user account, and we will only delete your account when we no longer have a lawful basis for processing your Personal Information or after a final determination that your Personal Information was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Information as set forth in this policy. In addition, we cannot completely delete your Personal Information as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.
-
Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
-
How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Us below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Information, you may be charged a fee subject to a maximum set by applicable law.
Automated Decision Making.
Our processing of Personal Information may include automated decision making, including profiling, which may produce a legal effect concerning you or similarly significantly affect you. The algorithms used for our automated decision making process classifies and categorizes your health based on data collected by the Devices and Personal Information collected by the Services.
XI. Changes to our Privacy Policy
We may update our Privacy Policy periodically to reflect changes in our privacy practices, laws, and best practices. We will post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on our Website's homepage or our App's home screen. If we make material changes to our practices with regards to the Personal Information we collect from you, we will notify you by e-mail to the e-mail address specified in your account and/or through a notice on the Website's home page or the App's home screen. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically accessing the App or visiting our Website and reviewing this Privacy Policy to check for any changes.
XII. Contact Us
If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on or in our Services.
How to Contact Us:
AliveCor, Inc.
Attn: Privacy
189 Bernardo St
Mountain View, CA 94043
Telephone: 1-(855) 338-8800
E-mail: privacy@AliveCor.com
For EEA Users:
AliveCor, LTD
Herschel House
58 Herschel Street
Slough SL1 1PG
E-mail: Privacy@AliveCor.com
For Indian Users
AliveCor India Private Limited
05-155, WeWork Management Private Ltd, DLF FORUM,
DLF Cyber City, Phase-III, Gurugram Gurgaon HR
122002 IN
E-mail: Privacy@AliveCor.com
For Korean Users
AliveCor Korea Inc.,
(Cheongdam-don) 37, Dosan-daero 81-gil,
Gangnam-gu, Seoul KR
E-mail: Privacy@AliveCor.com