Your privacy is important to Qardio. This policy explains the what, how and why we collect, use, manage, transfer, export, store, and delete your information, and what choices you have with respect to your information.
When we refer to “Qardio”, we mean the Qardio entity that acts as the controller or processor of your information, as explained in more detail in the “Data Controller and Contacting Qardio” section below.
“Personal Data” is information relating to an identified or identifiable natural person.
To make sure your personal information is secure, we communicate our privacy and security guidelines to Qardio employees and strictly enforce privacy safeguards within the company.
Why Qardio collects data
You may be asked to provide your personal information anytime you are in contact with Qardio. You are not required to provide personal information that we have requested, but, if you chose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have. We use the information we collect from all our services for the following purposes:
- We use your information to deliver basic components of our services, like visualizing a chart of your blood pressure readings, helping you share data with your doctor, or shipping your product.
- We also use your information to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us. And we use your information to make improvements to Qardio’s services.
- We use the information we collect in existing services to help us develop new ones.
- We use the information we collect to customize our services for you, including personalized content, and basic functionalities like tracking which language you speak.
- We use data for analytics to understand how our services are used. For example, we analyze data about your visits to our sites to do things like optimize product design.
- We use information we collect, like your email address, to interact with you directly. For example, we may send you a notification to let you know about upcoming changes or improvements to our services. And if you contact Qardio, we’ll keep a record of your request in order to help solve any issues you might be facing.
- When you share your content with family and friends using Qardio Services, or send gift certificates and products, or invite others to interact with Qardio services, Qardio may collect the information you provide about those people such as name, mailing address, email address, and phone number. Qardio will use such information to fulfill your requests, or provide the relevant Services.
- We use information to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, loss prevention, and technical issues that could harm Qardio, our users, or the public.
- If you enter into a sweepstake, contest, or similar promotion we may use the information you provide to administer those programs.
- We use information to bill and collect money owed to us for our products. This includes sending you emails, invoices, receipts, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties process your orders and credit card payments.
Qardio may collect data and information in a variety of ways when you use the Services:
- Account Information. Some information is required to create an account on our Services, such as your name, email address, password, date of birth, gender, height, weight, and in some cases your mobile telephone number. This is the only information you have to provide to create an account with us. You may also choose to provide other types of information, such as a profile photo. This information is treated as personally identifiable information.
- User Data. Users routinely submit User Data to Qardio when using the Services. This information is treated as personally identifiable information. To the extent that information we collect is health data, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your Qardio device(s) to your account, grant us access to your health or activity data from another service. You can withdraw your consent at any time, including changing your account settings, stopping use of a feature, removing our access to a third-party service, un-pairing your device, or deleting your data or your account.
- Usage Information.
- Services Metadata. When Users interact with the Services, metadata is generated that provides additional context about the way Users use our services. For example, Qardio logs the number of times you access your app and the time of the day. This type of information is only collected in anonymized or aggregated format, and is not personally identifiable.
- Device information. Qardio collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings. This type of information is only collected in anonymized or aggregated format, and is not personally identifiable.
- Log data. As with most technology services and websites delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about your devices and, language preferences and cookie data. This information is treated as personally identifiable information.
- Location information. We receive information from you, and other third-parties that helps us approximate your location. Unless you provide consent specifically for a location-based service, this type of information is only collected in anonymized or aggregated format, and is not personally identifiable. We may, for example, use an IP address received from your browser or device to determine your approximate location. Qardio may also collect location information from devices in accordance with the consent process provided by your device.
- Third Party Services for basic services. At times Qardio may make certain personal information available to strategic partners that work with Qardio to provide products and services, or that help Qardio market to customers. These companies are obligated to protect your information and may be located wherever Qardio operates. For example, when you purchase your QardioArm, you authorize Qardio to exchange the information you provide during the purchase process to carry out the product shipping service. When your product is shipped, your data will be governed by Qardio and the shipping courier’s respective privacy policies. Personal information will only be shared by Qardio to provide or improve our products, services and promotional messages; it will not be shared with third parties for their marketing purposes.
- Third Party Services for data sharing. User can choose to permit or restrict Third Party Services for their data. Typically, Third Party Services are software that integrate with Qardio Services, and Users can permit its Users to enable and disable these integrations for their data on the Qardio platform. Once enabled, the provider of a Third Party Service may share certain information with Qardio. Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to Qardio. When a Third Party Service is enabled, Qardio is authorized to connect and access other information made available to Qardio in accordance with our agreement with the Third Party Provider. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services, or share passwords with them.
- Third Party Data. Qardio may receive data about organizations, website visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
- Additional Information Provided to Qardio. We receive other information when submitted to our Websites or mobile apps if you participate in a contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Qardio.
Here are some examples of situations in which you transmit data to us:
- When you visit and use our websites and services. We collect certain data when you use our website or when you take part in our events or reply to our questionnaires. Certain information is collected even if you do not have a Qardio account. This may happen when you view pages, take part in surveys, competitions or events, write a comment on our website, share a page on a social network, order a product, etc.
- When you order a product on our website, we have to retain certain data relating to your order, such as your delivery and billing address, even if you choose the option allowing you to order without creating an account.
- When you create or use a Qardio account. Creating a Qardio account allows you to use Qardio’s services and applications. You will therefore need to provide us with certain data to identify yourself. Your Qardio account is the core component of our services. It allows you to access and control your Personal Data. Data are collected and used during account and/or user profile creation, when logging on to your account, ordering a product from your account, adding a photograph, etc., or biometric data measured by Qardio devices.
- When you use our applications. Using our applications requires an account. Through applications, you can use Qardio products and services, interact with them and access all features/offered by Qardio. To that end, certain data are communicated to us when you download, install and use features of the application. This is the case when you share information, take measurements, respond to questionnaires or complete a field in the application, etc. It is also through the application that your data is communicated to us when you install and synchronize your Qardio product. Through the application you may activate certain optional features such as geolocation through your smartphone.
- When you activate and use a Qardio product. Qardio’s products, services, and applications collect data, enabling monitoring by their accumulation. When you activate a Qardio product, you will be asked to download the Qardio application and create an account. Certain features are only accessible by connecting your product and the application.
Cookies and other technologies
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.
In some of our email messages, we use a “click-through URL” linked to content on the Qardio websites. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Health and Wellness Data Sharing with Partners
You can choose to exchange your Qardio health and wellness data with third party partners. This data exchange might be done via our API system, or via Apple HealthKit API:
- We only exchange your health and wellness data with your express consent.
- We never share your data with advertising platforms, data brokers or information resellers.
- Your data, whether originating from use of Qardio products and services or from third party partners or from Apple HealthKit, is not used for marketing and advertising purposes.
- All our third-party partners are subject to requirements preventing them from using and/or sharing your data for marketing and advertising purposes.
Email and Other Communications
From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Qardio, you may not opt out of receiving these communications.
We might want to contact you with information about product announcements, software updates and special offers, and we may want to contact you with information about products and services from our business partners. This type of communication requires your consent, and you may opt out of such communications at any time by clicking the “unsubscribe” link found within Qardio email updates, reaching out to our Customer Support team, or by changing the settings in the Qardio mobile apps.
Sharing Your Information
This section describes how Qardio may share and disclose Information. You determine your own practices for the sharing and disclosure of Information, and Qardio does not control how you or any other third parties choose to share or disclose Information.
- Customer’s Instructions. Qardio will solely share and disclose user Personal Data in accordance with your instructions, including any applicable terms in the Terms and Conditions and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process other information and support our business. These third parties may, for example, provide virtual computing and storage services.
- Third Party Services. You may elect to share their data with Third Party Services. When enabled, Qardio may share other information with Third Party Services. Third Party Services are not owned or controlled by Qardio and third parties that have been granted access to other information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions, and see the paragraph” Health and Wellness Data Sharing with Partners” above for more details.
- Corporate Affiliates. Qardio may share other information with its corporate affiliates, parents and/or subsidiaries, please refer to the paragraph “International Data Transfers” below for more details.
- During a Change to Qardio’s Business. If Qardio engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Qardio’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all other information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data. We may disclose or use aggregated or de-identified other information for any purpose. For example, we may share aggregated or de-identified other information with prospects or partners for business or research purposes, such as telling a prospective Qardio customer the average number of blood pressure measurements taken by Qardio users in a week.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Qardio or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. Qardio may share other information with third parties, when we have consent to do so.
Qardio takes the security of your personal information very seriously. We protect your personal information during transit using encryption such as Transport Layer Security (TLS) or secure socket layer (“SSL”) technology. When your Personal Data is stored by Qardio, we protect our computer systems using a combination of administrative, physical and logical security safeguards. Your personally identifiable data is always stored in encrypted form including. Qardio is committed to protecting the security of your information and takes reasonable precautions to protect it. However, Given the nature of communications and information processing technology, Qardio cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others. If a security breach causes an unauthorized intrusion into our system that materially affects you, then Qardio will notify you as soon as possible and later report the action we took in response.
International Data Transfers
Generally, if you are based in the United States or Canada, or any other location outside of the European Union, any information you provide, including any personal information, will be transferred to and processed by a computer server located within the United States, and if you are based in the European Economic Area or Switzerland, any information you provide, including any personal information, will be transferred to and processed by a computer server located within the European Union.
Qardio is a multi-national business. To offer our products, apps and services, we may need to transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Qardio transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
- Any transfers of Personal Data from the European Economic Area (“EEA”) or Switzerland to the United States are done pursuant to European Commission approved Model Contractual Clauses: E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, Qardio, Inc. (“Qardio US”) self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Data from the European Union and Switzerland to the United States. For more information, including the types of Information covered, see Qardio US’s Privacy Shield Notice. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.
Attn: Corporate Counsel
115 Sansome St., Suite 1005
San Francisco, CA 94104
Qardio has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Contests and Sweepstakes
We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively, “Our Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer Our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our affiliates and other organizations or service providers in line with this policy and the rules posted for the Promotion.
To the extent prohibited by applicable law, Qardio does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please contact us and we will take steps to delete such information.
Your rights to export, update, and delete your data
If you reside in the European Economic Area, you have the right under the General Data Protection Regulation to request from Qardio access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data, and the right to lodge a complaint with a supervisory authority.
To request access to or rectification, portability or erasure of your Personal Data, or to delete your Qardio account, use our mobile apps or contact our customer support team.
To the extent that Qardio’s processing of your personally identifiable data is subject to the General Data Protection Regulation, Qardio relies on its legitimate interests, described above, to process your data. With your consent, Qardio may also process other information that constitutes your Personal Data for direct marketing purposes and you have a right to object to Qardio’s use of your Personal Data for this purpose at any time.
Data Controller and Contacting Qardio
If you reside in the United States, Canada or anywhere else outside of the European Economic Area and Switzerland, then the Personal Data collected by Qardio is controlled by Qardio, Inc., 115 Sansome street, #1005, San Francisco, CA 94104, United States, and you can reach us by email at email@example.com.
If you reside in the United Kingdom, then your Personal Data collected by Qardio is controlled by Qardio Europe Limited, 14-16 Dowgate Hill, London EC4R 2SU, United Kingdom, and you can reach us by email at firstname.lastname@example.org.
If you reside in a country in the European Economic Area or in Switzerland (other than the United Kingdom), then your Personal Data collected by Qardio is controlled by Qardio Netherlands B.V., Van Hogendorpstraat 93, Amsterdam 1051 BK, The Netherlands, and you can reach us by email at email@example.com
EU Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict Qardio’s use of other information that constitutes your personal identifiable data and (ii) lodge a complaint with your local data protection authority or the Dutch Data Protection Commissioner, which is Qardio’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
Dutch Data Protection Commissioner:
Postbus 93374 2509
AJ DEN HAAG, The Netherlands
Phone: (+31) 708 88 85 00
Fax: (+31) 708 88 85 01
California Privacy Statement
Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us at firstname.lastname@example.org