Last modified: August 2, 2021
This policy applies to information we collect:
- On our Website and Application;
- through our Services;
- through telephone, email, video, text, and other electronic messages between you and our Services;
- when you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
- us through any other means, including on any other website operated by iHealth or any third party;
- any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Services.
2. Children Under the Age of 18
3. Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Services, specifically information:
- by which you may be personally identified, such as name, postal address, telephone number, email address, date of birth, gender, health and medical information, credit card or debit card number (for product purchases) (“Personal Data”); and
- about your Internet connection, the equipment you use to access our Website, Application or use our Services and usage details, such as traffic data, logs, referring/exit pages, date and time of your visit to our Website, or use our Application or Services, error information, clickstream data, and other communication data and the resources that you access and use our Website, Application or Services.
We collect this information:
- directly from you when you provide it to us, for example, when you use our remote patient monitoring devices to obtain your biometric information, such as your pulse rate, oxygen saturation, glucose levels, temperature and weight;
- automatically as you navigate through the Website and Application. Information collected automatically may include usage details, IP addresses, and information collected through cookies; and
- From third parties, for example, from your Provider, or a clinic or hospital in which you are receiving health care (a “Facility”).
Information You Provide to Us
The information we collect on or through our Service includes information that you provide to us or grant us access to when you use our Services and the details of transactions you carry out through our Website or Application and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or Application. Your Provider or Facility may provide us with your medical history and communications between you and your Provider, including but not limited to information collected in the course of providing support or monitoring related to an individual’s use of the Services, such as biometric information collected through our digital health technologies, surveys, photographs taken and uploaded to the Services by you, or during the audio or video communications with your Provider.
The information we collect through the Services may be maintained or associated with Personal Data we collect in other ways or receive from third parties, such as your Provider or Facility.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:
- Usage Details
Details of your visits to our Website and Application, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website and use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website and Application;
- Device Information
Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and Application version information;
- Stored Information and Files
Where video files and photographs are submitted through the Application, the Application collects metadata and other information associated with those photographic and videographic images; and
- Real-time Location Data
The Application collects real-time information about the location of your device. If you do not want us to collect this information do not download the Application or delete it from your device.
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies)
- Analytics Services
We use Mixpanel, a web and mobile application analytics service provided by Mixpanel, Inc. (“Mixpanel”) to collect certain information relating to your use of the Application. Mixpanel is integrated into our Application to help us analyze how users use the Application.
Information We Collect From Third Parties
- Account information for third party services
- Information from Providers
We may request from your Provider or a Facility where you are receiving care. Your coverage, benefit, and related information on your behalf in order to provide the Service to you. Such requests do not include reviewing any prior authorization, referral, or medical necessity requirements.
- Information from our service providers
4. How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Data:
- to provide, process, fulfill, support, and administer Services ordered by you or your Provider or Facility;
- to present our Website and Application and their contents to you;
- to provide you with information, devices, products, or services that you or your Provider or Facility requests from us;
- to process, fulfill, support, and administer transactions and orders for devices, products and Services ordered by you;
- to provide you with notices about your iHealth account;
- to administer surveys about our Services;
- to fulfill any other purpose for which you provide it;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us or your Provider or Facility and us, including for billing and collection;
- in any other way we may describe when you provide the information; and
- for any other purpose with your consent.
We may also use your information to contact you about devices, products and Services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications. For more information, see Choices About How We Use and Disclose Your Information.
Some information iHealth collects constitutes protected health information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). As set forth above, your Provider or Facility will provide you with a Notice of Privacy Practices describing its collection, use, and disclosure of your health information. iHealth will use and disclose PHI only as permitted in accordance with the Notice of Privacy Practices and we only collect the PHI we need to fully perform our Services and to respond to you or your Provider or Facility. We may use your PHI to contact you to the extent permitted by law, to provide requested services, to provide information to your insurers, to obtain payment for our services, to respond to your inquiries and requests, and to respond to inquiries and requests from your insurers. We may combine your information with other information about you that is available to us, including information from other sources, such as from your insurers, in order to maintain an accurate record of our participants. PHI will not be used for any other purpose, including marketing, without your consent.
5. Disclosure of Your Information
- to a Provider, Facility and/or healthcare team for healthcare purposes;
- to our affiliates, contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. The services provided by these organizations include providing IT and infrastructure support services;
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by iHealth about the users of our Services are among the assets transferred;
- for any other purpose disclosed by us when you provide the information; and
- with your consent.
We may also disclose your Personal Data:
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request; and
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of iHealth, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
6. Choices About How We Use and Disclose Your Information
We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.
In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
- Tracking Technologies and Advertising
- Promotional Offers from iHealth
If you do not wish to have your email address used by iHealth to promote our own products and Services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to iHealth as a result of a product purchase, warranty registration, product service experience or other transactions.
7. Your Rights Regarding Your Information and Accessing and Correcting Your Information
You can review and change your Personal Data by logging into our Website or Application and visiting the profile page of our Application or Website. You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
With respect to any PHI iHealth may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach. See iHealth’s Notice of Privacy Practices for more information.
8. Do Not Track Signals
Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).
9. Data Security
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.
The safety and security of your information also depends on you. Where you have chosen a password for the use of our Website or Application, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
10. State Specific Privacy Rights
12. Contact Information
How to Contact Us:
iHealth Labs, Inc.
120 San Lucar Ct.
Sunnyvale, CA 94086
iHealth Privacy Addendum for California Residents
Effective Date: August 2, 2021
Last Reviewed on: August 2, 2021
INFORMATION WE COLLECT
Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, iHealth collects and has collected Personal Information through its Services from its consumers, as provided below.
Categories of Personal Information iHealth has collected in the preceding 12 months:
- Identifiers (e.g., name, mailing address, email address, unique personal identifier, online identifier, Internet Protocol address (IP address), or other similar identifiers)
- Personal Information categories listed in the California Customer Records statute (e.g., name, address, telephone number, bank account number, credit card number, debit card number, medical information, or health insurance information. Note, some of this information may overlap with other categories)
- Protected classification characteristics under California or federal law (e.g., age (40 years or older), race, color, ancestry, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions)
- Commercial information (e.g., records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
- Biometric information (e.g., physiological and biological characteristics, or other identifier or identifying information, such as, physical patterns, and sleep, health, or exercise data)
- Internet or other similar network activity (e.g., browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement)
- Geolocation data (e.g., physical location or movements)
Personal Information does not include information that is: (a) publicly available information from government records; (b) deidentified or aggregated consumer information; or (c) certain information excluded from the scope of CCPA, including health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).
Categories of sources from which iHealth has collected Personal Information:
- Directly from you. For example, from forms you complete when using our Services
- Indirectly from you. For example, from our operating systems and platforms
- Service providers
- Business partners who we partner with to offer our Services, such as your Provider or a
- Facility where you are receiving care
USE OF PERSONAL INFORMATION
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example: if you share your name and contact information to ask a question about our products, we will use that Personal Information to respond to your inquiry. We may also save your information to help you check out faster and to provide recommendations for future purchases.
- To provide, support, develop and improve our Services and products.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and to monitor and improve our responses.
- To help maintain the safety, security, and integrity of our Services and products, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- Undertaking internal research for technological development and demonstration.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of iHealth assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by iHealth about our customers are among the assets transferred.
iHealth will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
SHARING PERSONAL INFORMATION
We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate your Personal Information to another organization for monetary or other valuable consideration. However, iHealth may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We share your Personal Information with the following categories of third parties:
- Service providers
- Business partners, such as your Provider or a Facility where you are receiving care
Disclosures of Personal Information for a business purpose:
In the preceding twelve (12) months, iHealth has disclosed the following categories of Personal Information for a business purpose:
- California Customer Records Personal Information categories
- Protected classification characteristics under California or federal law
- Commercial information
- Biometric information
- Internet or other similar network activity
- Geolocation data
We disclose your Personal Information for a business purpose to the following categories of third parties:
- Service providers
- Business partners, such as your Provider or a Facility where you are receiving care
Sales of Personal Information:
In the preceding twelve (12) months, iHealth had not sold Personal Information.
YOUR RIGHTS AND CHOICES
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Access request rights
You have the right to request that iHealth disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion request rights
You have the right to request that iHealth delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access and Deletion Rights
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at (855)-816-7705; or
- Emailing us at support@iHealthlabs.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an “Authorized Representative”), may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Representative. Before completing your request to exercise the below, we will verify that the request came from you by asking you one or more knowledge-based questions about you.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. With few exceptions, we will only review and fulfill a request from your Authorized Representative if (a) you grant the Authorized Representative written permission to make a request on your behalf, (b) you or the Authorized Representative provides us notice of that written permission, and (c) we are able to verify your identity in connection with that notice and the request.
Making a verifiable consumer request does not require you to create an account with us.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to the contact information you provided in that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
We do not sell the Personal Information of consumers and therefore do not provide any opt-in or opt-out capabilities on our Services or otherwise.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
CHANGES TO OUR CALIFORNIA ADDENDUM