UPDATED: May 25, 2018
1) The information we collect, why we need it, and how use it.
2) What choices you can make about how we use your information.
3) The measures we take to protect the security of the information and maintain regulatory compliance for HIPAA, GDPR, and other data regulations.
Please reach out to us at firstname.lastname@example.org if you have any questions.
We may collect the following types of personal information from users of our Services, and store it on your mobile device, and/or in the secure Eko databases and/or our payment processor databases and/or in with our affiliates:
When you register to use the Service or create an Eko account, we may collect your name and all other information provided to us, such as your email address, password, date of birth, gender, or National Practitioner ID (NPI) We also collect any information uploaded or otherwise input by you while using the Service, including, but not limited to, information related to medications you are taking and other health-related information about you. You may add information to your profile such as Patient ID, and information about your activity level, medical conditions, and medications.
Physiologic and Usage Data
We collect certain information through your use of the Eko products connected to the Service, such as but not limited to: heart sound data, lung sound data, ECG data, diagnosed condition, mobile device accelerometer data, average heart rate, the location on the body where the recording was taken, local time, time zone and geographic location of data acquisition. We may collect such information from patients or from physicians.
Customer Support Inquiries.
If you contact us directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide. Contact us at email@example.com if you have any questions.
When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
Cookies and Analytics Technologies.
When you visit our Service or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Sites through a web browser. However, if you do that, the Sites may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers.
We currently use Google Analytics and MixPanel to collect and process certain website usage data. To learn more about Google Analytics and how to opt out, please visit google.com/policies/privacy/partners/. To learn more about MixPanel, please visit https://mixpanel.com/privacy/.
How We Use the Information We Collect
|Does Eko Share?||Can You Limit This Sharing?|
|To You||We must disclose your Personal Information to you, as described in the “Your Rights” section of this notice.||Yes||Yes|
|To members of our group||We may share your Personal Information with any members of our group, including the parent company, affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the data processing purposes described in this notice.||Yes||Yes|
|For Payment||We may use and disclose your Personal Information to obtain payment for services provided to you. We may disclose your Personal Information to payment service providers. We may also disclose your Personal Information to a health care provider or plan may obtain payment of a claim or engage in other payment activities.||Yes||Yes|
|For Treatment||We may use and disclose your Personal Information to provide and manage diagnostic services for you. Our use and disclosure may include consulting with other health care providers about the diagnostic services we provide. For example, we will release the results of diagnostic services to your prescribing physician treating you, or in a medical emergency, if applicable. To assist us in providing these services, third party suppliers and service providers may have access to or process your Personal Information.||Yes||No|
|For Health Care Operations||We may use or disclose your Personal Information to conduct quality assessment and improvement activities, to conduct fraud and abuse investigations, to engage in care coordination or case management, to communicate with you about health related benefits and services or treatment alternatives that may be of interest to you, and to communicate with your health care provider or health plan. If you are located in the U.S., we may disclose your PHI to a health care provider or health plan subject to federal privacy laws, as long as the provider or plan has or had a relationship with you and the PHI is disclosed only for certain health care operations of that provider or plan. We may also disclose your Personal Information to other entities with which we have contracted to perform or provide certain services on our behalf (e.g., business associates).||Yes||No|
|For Business Operations||We may use both De-Identified and Limited Data Sets (a data set that, per the Health Insurance Portability and Accountability Act of 1996 regulations, has had patient-identifiable data removed except for dates of service) for development of future products, devices or services.|
Once information is De-Identified through an approved method, the data is stripped of individual identifiers, at which point Eko may share this information without restriction externally to support research, market development, trend analysis, etc.
Information containing Limited Data Sets may be provided externally to support market and product development. However, Eko will obtain the required data use agreements when transferring Limited Data Sets to external parties.
|For Public Health And Safety||We may use or disclose your Personal Information to the extent necessary to avert a serious and imminent threat to the health or safety of you or others. We may also disclose your Personal Information for public health and government health care oversight activities and to report suspected abuse, neglect or domestic violence to government authorities||Yes||No|
|For Process And Proceedings||We may disclose PHI in response to a court or administrative order, subpoena, discovery request or other lawful process.||Yes||No|
|As Required By Law||We may use or disclose your Personal Information when we are required to do so by law.||Yes||No|
|For Process And Proceedings||We may disclose your Personal Information in response to a court or administrative order, subpoena, discovery request or other lawful process.||Yes||No|
|In case of a reorganization, merger, sale or similar proceeding||We may disclose your Personal Information to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.||Yes||Yes|
|For Law Enforcement||We may disclose your Personal Information to a law enforcement official with regard to crime victims and criminal activities.||Yes||No|
|Special Government Functions||We may disclose the Personal Information of military personnel or inmates or other persons in lawful custody under certain circumstances. We may disclose Personal Information to authorized officials for lawful national security activities, as permitted under applicable law.||Yes||No|
|For Research, Death, And Organ Donation||We may use or disclose your Personal Information in certain circumstances related to research, death or organ donation.||Yes||No|
|For Workers’ Compensation||We may disclose your Personal Information as permitted by workers’ compensation and similar laws.||Yes||No|
We are required to obtain your written authorization before we (1) use and disclose Personal Information for marketing purposes, (2) sell Personal Information to other.
Information not described in this notice will also only be made with your written authorization. If you give us such authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect.
|Access||Subject to applicable law, you have the right to receive information about, and review in person, or obtain copies of, the Personal Information we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.|
|Amendment or Deletion||Subject to applicable law, you have the right to request that we amend or delete your Personal Information.|
|Disclosure Accounting||Subject to applicable law, you have the right to request and receive a list of certain disclosures made of your Personal Information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.|
|Use/ Disclosure Restriction or Objection||You have the right to request that we restrict our use or disclosure of your Personal Information for certain purposes. Subject to applicable law, you also have the right to object to the processing of your Personal Information. We may not be required to agree to a requested restriction or objection. We will agree to restrict use or disclosure of your Personal Information provided that the law allows and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still disclose your Personal Information in a medical emergency and use or disclose your Personal Information for public health and safety and other similar public benefit purposes permitted or required by law.|
|Withdraw Consent||If you are located in the EEA, you may at any time withdraw your consent to our processing of your Personal Information.|
|Confidential Communication||If you are located in the U.S., you have the right to request that we communicate with you in confidence about your PHI at an alternative address. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the privacy officer. Eko will not ask you the reason for the request and will accommodate all reasonable requests. The request must specify how or where you wish to be contacted.|
|Privacy Notice||You have the right to request and receive a copy of this notice at any time. For more information or if you have questions about this notice, please contact us using the information listed at the end of this notice.|
Provide and Improve our Services.
We use information to provide, evaluate, and improve the Service, including to provide you with the heart sound analysis, lung sound analysis, and ECG analysis services and reports based on the analysis of your health-related information, including your physiologic data, data collected via your use of Eko devices, and data from third-party devices and services; to analyze our products and their usage to enhance and improve our existing Service; to develop new products and services; manage our communications; and perform accounting, auditing and other internal functions.
Communicate with You
We may send you emails, text messages, and push notifications to your mobile device if they are enabled, to verify your account and for informational and operational purposes, such as account management, instructions, alerts, reminders, customer service, system maintenance, and other Service-related purposes. We may also permit users, such as health care providers, to use the Service to send you emails, text messages, and push notifications.
We use your information to facilitate transactions, deliveries, and payments with our third-party service providers.
Marketing and Data Analysis
To the extent permitted by applicable law, we may use information to provide online advertising on the Service and to send you newsletters, offers, surveys, and other promotional information related to Eko products and services. Where required under applicable law, we will obtain appropriate consent to send you marketing communications. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at firstname.lastname@example.org.
We may use information to protect against, identify, and prevent fraud and other unlawful activity, claims and other liabilities. We also may use information to comply with and enforce applicable legal requirements, relevant industry standards, and our policies.
Information We Share
We May Share Information collected through Eko among Physicians and Staff at a Healthcare Practice or Group.
Physicians and staff using Eko as part of a health care practice or group have access to patient information stored by Eko for that practice or group. This permits physicians and staff to access information in Eko when patients see different physicians and staff at the practice or group.
We May Share Information Collected through Eko with Your Physician or Healthcare Provider through our Physician Facing Service.
If your physician or healthcare provider uses an Eko account, you may also choose to connect to your physician or healthcare provider through the Service.
If you connect to your physician or healthcare provider through the Service, we may share any of the information listed above through the Service with them.
Your physician or healthcare provider will handle any data it receives through the Service in accordance with their/its own privacy policies.
Vendors and Service Providers.
We may share any information we receive with vendors and service providers we use to help us provide the Service. Examples of these vendors and service providers include entities that process credit card payments, fulfill orders, and provide analytics and web hosting services. We require our vendors and service providers by contract to only use or disclose the information they process on our behalf as necessary to perform certain services on our behalf or comply with legal requirements.
Members of our Group.
We may share your information with any members of our group, which includes our affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.
Third-Party Devices and Services.
If you permit the Service to integrate with or connect to third-party devices and services, with your permission we will share some health-related information with them. Such third-party devices and services may provide additional controls to limit the information the Service provide to them. If you connect your Eko account to a third-party device or service, you may be asked to share your information with that application. We will not share your information without your permission.
We do not rent, sell, or share personal information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may work with third party advertising partners to show ads for our Service that we think may interest you after you visit our Service. These third-party partners collect information from you when you visit our Service and other online services. Where required under applicable law, we will request your consent to such collection and use of your information. You may be able to opt out of receiving personalized advertisements from us and our advertising partners.
Legal and Similar Disclosures.
We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law, or protect your, our, or others’ rights, property, or safety.
Merger, Sale, or Other Asset Transfers.
We may disclose information in other ways when we have consent to do so, such as provided in other agreements we may have with patients and providers.
Eko processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:
All data collected by Eko will be stored exclusively in secure hosting facilities. Eko has a data processing agreement in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations.
Your Rights and Choices
We offer you certain choices in connection with the information we collect about you.
Subject to applicable law, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information blocked or deleted, as appropriate. If you wish to request access or an update to the information that we have concerning you, please email us at email@example.com.
Your rights to your information may be limited in some circumstances by local legal requirements. You also have the right to withdraw your consent to the collection of your information. Note however that if you exercise your right of blocking or deletion, if you decline to share certain information with us, or if you withdraw your consent, we may not be able to provide to you some of the features and functionalities of the Service.
If you receive Promotional Emails from us, you may unsubscribe at any time by following the opt-out instructions contained within the message. Even after you opt-out of receiving promotional messages from us, you may continue to receive administrative messages from us regarding the Service.
Eko users may also contact us to:
Stop the sharing of your information with a specific provider;
Request information about any disclosures of your information that we have made;
Update your email preferences or ask us to remove your information from our mailing lists; or
Submit another type of request.
We will retain information (1) submitted by an Eko user or (2) provided to a physician or healthcare provider from an Eko user, in accordance with any agreements we have with such healthcare provider or physician. When a Eko user terminates his/her Eko account, we will delete the user’s information that was not otherwise provided to a physician or healthcare provider. When we delete any information, it will be deleted from the active database, but may remain in our archives. You may terminate your account at any time by following the procedures detailed on the Service or by contacting customer support at firstname.lastname@example.org.
We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App or software to remove information stored on your device.
Data Sharing Confirmation
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while Eko uses reasonable efforts to protect your information, we cannot guarantee its absolute security.
Data Retention and Deletion
Eko will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
How We Protect Personal Information
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We hold ourselves to the highest data protection standards and follow all HIPAA technical and administrative safeguards for protect health information.
Links to Other Websites and Applications
Eko Devices, Inc.
Attn: Privacy Officer
2600 10th Street, Suite 260
Berkeley, CA 94710
How to Contact Us
Eko has a Data Protection Officer and Privacy Officer who is responsible for matters relating to privacy and data protection.
Eko Devices, Inc.
Attn: Privacy Officer
2600 10th Street, Suite 260
Berkeley, CA 94710
If you are an EEA customer and are unable to reach Eko at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.
ITS 002 Rev A