noscript

CARDIOCOMM SOLUTIONS, INC. PRIVACY NOTICE

Last Revised: 24/4/2019

This Privacy Notice describes how CardioComm Solutions, Inc. and its subsidiaries and affiliates (collectively “CCS,” “we,” “us”) collects, processes, uses, discloses, and secures information through its HeartCheck™ ECG Devices, associated GEMS™ Home, GEMS™ Home Flex and GEMS™ Mobile ECG app (the “App”), the SMART Monitoring ECG readings service and its website https://cardiocommsolutions.com (the “Site”) (collectively the “Services”).

The Services provide multiple options associated with the use of the Services. In order to deliver the Services to you, we require you to consent to the collection and processing of your personal information when you initially begin using them. Your information is stored in two locations in order to provide you with the Services: the device you have loaded the App onto and the CCS SMART Monitoring ECG reading service managed cloud server. As you use our Services, we want you to be clear about how we are using information and the ways in which you can protect your privacy.

Our Privacy Notice explains:

  • What information is collected and why it is collected.
  • How the information is used.
  • The choices offered regarding use of the information.
  • Measures taken to protect the security of the information.
  • How to contact us.

If you’re not familiar with terms used in this Privacy Notice such as cookies, IP addresses, pixel tags and browsers, then read about these key terms first.  Your privacy matters to CCS, so whether you are new to CCS or a long-time customer, you can get to know our practices below, and contact us at info@cardiocommsolutions.com if you have any questions.

Information Collected

The Services may collect the following types of personal information from users of our Services, and store it on the system the App is loaded onto and within the SMART Monitoring ECG reading service:
Contact information (such as name, postal address, email address, and mobile or other telephone number) of individuals such as medical professionals, human patients and/or their parents or guardians, and other visitors; Username and password; Information in customer support inquiries; Human patient demographics such as date of birth and gender; Human patient medical data such as medications and ailments; Payment information (such as payment card number, expiration date, delivery address, and billing address); Information about your device, such as its model and operating system version; and Information collected by the Services, including personal information (such as human electrocardiography (‘’ECG”) data, including the ECG measurement itself, mobile device accelerometer data, average heart rate, the location on the body where the ECG recording was taken (e.g. hand or chest), local time, time zone and geographic location of ECG acquisition).

Cookies

When you visit our Services or open our emails, we may collect certain information by automated means, such as cookies, web beacons and web server logs. The information we collect in this manner includes IP address, browser characteristics, device characteristics, operating system version, language preferences, referring URLs, information on actions taken on our Services, and dates and times of website visits. The information does not identify you. If you continue to use our Services, we will assume that you permit this collection. If you want to use the Services without cookies you may; however, without cookies you may not be able to use all of the features of our Services.

A ‘cookie’ is a file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A ‘web beacon’ (also known as an Internet tag, pixel tag or clear GIF) links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. Through these automated collection methods, we obtain ‘clickstream data,’ which is a log of the links and other content on which a visitor clicks while browsing a website and identifies the prior website used to access the Services. As the visitor clicks through the Services, a record of the action may be collected and stored. We may link certain data elements we have collected through automated means with other information we have obtained about you to let us know, for example, whether you have opened an email we sent to you.

We use cookies, web beacons, web server logs and other automated means for purposes such as (i) customizing users’ visits to our Site, (ii) delivering content tailored to users’ interests and the manner in which users browse our Sites, and (iii) managing our Site and other aspects of our business.

We may use third-party web analytics services on our Services, such as those of Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to collect usage information matched to an IP address, but not your personal information, to help us analyze how visitors use the Site and improve the overall experience of the Site. The analytics providers may also collect information about your use of other websites over time, if those websites also use the same analytics providers. To learn more about Google Analytics and how to opt out, please visit http://www.google.com/analytics/learn/privacy.html.

We may use third-party services on our Services, such as MixPanel, to collect usage data in order to understand and continue improving our products and services. To learn more about MixPanel, please visit https://mixpanel.com/privacy/.

How We Use the Information We Collect

We may use the information we collect to:
Create and manage accounts; Provide products and services, and give access to the ECG analysis service; Deliver and manage customer support and respond to inquiries; Process payments; Send promotional materials or other communications, communicate about, and administer participation in, special events, programs, offers, surveys and market research; Perform data analyses (including de-identification and aggregation of personal information); Operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analyzing our products; and performing accounting, auditing and other internal functions); Aggregate and anonymise information and images and use and share the resulting data for business purposes (for example, to provide beneficial health-related data not limited to statistics, trending and services to CCS affiliates); Protect against identify and prevent fraud and other unlawful activity, claims and other liabilities; and Comply with and enforce applicable legal requirements, relevant industry standards and our policies. We will retain your personal information even if you cease using the Services until such time as you notify us, as indicated in the ‘How to Contact Us’ section of this Privacy Notice, of your intention to cease using the Services indefinitely. Even after you notify us of your intention to cease using the Services indefinitely, we will retain and continue to use aggregated and anonymized information and images.

Information We Share

We do not sell or otherwise disclose personal information we collect about you, except as described in this Privacy Notice. We do not rent, sell, or share personal information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission.

We share your information with other users, such as healthcare providers, if you explicitly give permission for them to access your ECGs through the Services or you choose to email them your ECGs.

We also may share personal information with vendors and service providers who perform services for us in connection with the provision of the Services based on our instructions. Examples of these vendors and service providers include entities that analyze ECG data to detect cardiac rhythms, process credit card payments, fulfill orders and provide web hosting services. We do not authorize these vendors or service providers to use or disclose the personal information except as necessary to perform services on our behalf or comply with legal requirements.

In addition, we may access, preserve, and disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, and (iv) to protect your, our, or others’ rights, property or safety.

In the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), such assets likely will include the data we retain. We will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that personal information.

Your Rights and Choices

We offer you certain choices in connection with the personal information we collect from you, such as how we use the personal information and how we communicate with you. To update your email preferences, ask us to remove your personal information from our mailing lists or submit a request, please contact us as indicated in the ‘How to Contact Us’ section of this Privacy Notice.
Users with online accounts may be able to update or delete certain personal information using the Services. You may request access to the personal information we maintain about you or request that we correct, amend, delete or block the information by contacting us as indicated below by submitting a request via the ‘How to Contact Us’ section of this Privacy Notice. Any access request may be subject to a fee of $100 USD to meet our costs in providing you with details of the personal information we hold about you. You may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward. To exercise any of these rights, please submit a request via the ‘How to Contact Us’ section of this Privacy Notice.

Data Sharing Confirmation

To facilitate secure sharing of data to a health professional, CCS may contact you by email to confirm a request to do so. You have the ability to accept or reject those requests. If you wish to retract sharing of your data, please submit a request via the ‘How to Contact Us’ section of this Privacy Notice.

It is your health professional’s responsibility to ensure a sharing request is accepted by contacting you independently of any CCS Services. Your ECG history will not be shared automatically; your health professional will only see new recordings from the time you accepted the request to share such information.

Data Transfers

We may transfer personal information we collect about you to countries other than the country in which the personal information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal information. All your data will be maintained and processed in Canada. If we transfer your personal information to other countries, we will put in place measures to reasonably protect that personal information as described in this Privacy Notice so that same level of protection is applied to that personal information as would be required were it processed in the country in which the personal information was originally collected.

How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Links to Other Websites and Applications

The Services may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites’ or applications’ content, any use of the sites or applications, or the privacy practices of the sites or applications.

Updates to Our Privacy Notice

This Privacy Notice may be updated periodically and without prior notice to you to reflect changes to our information practices. We will post a prominent notice on our Services to notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. Where required by law, we will seek your explicit consent to specific changes. You agree that CCS will reserve the right to occasionally notify you via email of any important changes to this Privacy Notice and/or Service agreements.

How to Contact Us

If you have any questions or comments about this Privacy Notice, or if you would like us to update information we have about you or your preferences, please contact us by email at info@cardiocommsolutions. You also may write to:

HeartCheck ECG
c/o CardioComm Solutions, Inc.
Privacy Officer
18 Wynford Drive, Suite 305
North York, Ontario
Canada M3C 3S2

Privacy complaints can be made here:

https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/