Privacy Policy

UPDATED: May 25, 2018

This Privacy Policy describes how Eko Devices, Inc. and its subsidiaries and affiliates (collectively “Eko Devices,” “Eko,” “we,” or “us”) collects, processes, uses, discloses, and secures information through its mobile apps (the “apps”), devices,  software applications, websites, including ekodevices.com and dashboard.ekodevices.com (the “Sites”) (collectively the “Services”). It relates to the immediate user of the Services (“You” or “User”) and individuals such as human patients and/or their parents or guardians, caretakers of veterinary patients and other visitors (collectively “Care Recipients”).

 

Our Privacy Policy explains:

 

1) The information we collect, why we need it, and how use it.

2) What choices you can make about how we use your information.

3) The measures we take to protect the security of the information and maintain regulatory compliance for HIPAA, GDPR, and other data regulations.

 

Please reach out to us at contact@ekodevices.com if you have any questions.

 

The information we collect, why we need it, and how use it.

 

We may collect the following types of personal information from users of our Services, and store it on your mobile device, and/or in the secure Eko databases and/or our payment processor databases and/or in with our affiliates:

 

Account Information

When you register to use the Service or create an Eko account, we may collect your name and all other information provided to us, such as your email address, password, date of birth, gender, or National Practitioner ID (NPI) We also collect any information uploaded or otherwise input by you while using the Service, including, but not limited to, information related to medications you are taking and other health-related information about you. You may add information to your profile such as Patient ID, and information about your activity level, medical conditions, and medications.

 

Physiologic and Usage Data

We collect certain information through your use of the Eko products connected to the Service, such as but not limited to: heart sound data, lung sound data, ECG data, diagnosed condition, mobile device accelerometer data, average heart rate, the location on the body where the recording was taken, local time, time zone and geographic location of data acquisition. We may collect such information from patients or from physicians.

 

Customer Support Inquiries.

If you contact us directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide. Contact us at support@ekodevices.com if you have any questions.


Payment Information.

When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.


Cookies and Analytics Technologies.

When you visit our Service or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Sites through a web browser. However, if you do that, the Sites may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers.

We currently use Google Analytics and MixPanel to collect and process certain website usage data. To learn more about Google Analytics and how to opt out, please visit google.com/policies/privacy/partners/. To learn more about MixPanel, please visit https://mixpanel.com/privacy/.

 

How We Use the Information We Collect

 

Does Eko Share?Can You Limit This Sharing?
To YouWe must disclose your Personal Information to you, as described in the “Your Rights” section of this notice.YesYes
To members of our groupWe may share your Personal Information with any members of our group, including the parent company, affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the data processing purposes described in this notice.YesYes
For PaymentWe may use and disclose your Personal Information to obtain payment for services provided to you. We may disclose your Personal Information to payment service providers. We may also disclose your Personal Information to a health care provider or plan may obtain payment of a claim or engage in other payment activities.YesYes
For TreatmentWe may use and disclose your Personal Information to provide and manage diagnostic services for you. Our use and disclosure may include consulting with other health care providers about the diagnostic services we provide. For example, we will release the results of diagnostic services to your prescribing physician treating you, or in a medical emergency, if applicable. To assist us in providing these services, third party suppliers and service providers may have access to or process your Personal Information.YesNo
For Health Care OperationsWe may use or disclose your Personal Information to conduct quality assessment and improvement activities, to conduct fraud and abuse investigations, to engage in care coordination or case management, to communicate with you about health related benefits and services or treatment alternatives that may be of interest to you, and to communicate with your health care provider or health plan. If you are located in the U.S., we may disclose your PHI to a health care provider or health plan subject to federal privacy laws, as long as the provider or plan has or had a relationship with you and the PHI is disclosed only for certain health care operations of that provider or plan. We may also disclose your Personal Information to other entities with which we have contracted to perform or provide certain services on our behalf (e.g., business associates).YesNo
For Business OperationsWe may use both De-Identified and Limited Data Sets (a data set that, per the Health Insurance Portability and Accountability Act of 1996 regulations, has had patient-identifiable data removed except for dates of service) for development of future products, devices or services.

Once information is De-Identified through an approved method, the data is stripped of individual identifiers, at which point Eko may share this information without restriction externally to support research, market development, trend analysis, etc.

Information containing Limited Data Sets may be provided externally to support market and product development. However, Eko will obtain the required data use agreements when transferring Limited Data Sets to external parties.

YesYes
For Public Health And SafetyWe may use or disclose your Personal Information to the extent necessary to avert a serious and imminent threat to the health or safety of you or others. We may also disclose your Personal Information for public health and government health care oversight activities and to report suspected abuse, neglect or domestic violence to government authoritiesYesNo
For Process And ProceedingsWe may disclose PHI in response to a court or administrative order, subpoena, discovery request or other lawful process.YesNo
As Required By LawWe may use or disclose your Personal Information when we are required to do so by law.YesNo
For Process And ProceedingsWe may disclose your Personal Information in response to a court or administrative order, subpoena, discovery request or other lawful process.YesNo
In case of a reorganization, merger, sale or similar proceedingWe may disclose your Personal Information to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.YesYes
For Law EnforcementWe may disclose your Personal Information to a law enforcement official with regard to crime victims and criminal activities.YesNo
Special Government FunctionsWe may disclose the Personal Information of military personnel or inmates or other persons in lawful custody under certain circumstances. We may disclose Personal Information to authorized officials for lawful national security activities, as permitted under applicable law.YesNo
For Research, Death, And Organ DonationWe may use or disclose your Personal Information in certain circumstances related to research, death or organ donation.YesNo
For Workers’ CompensationWe may disclose your Personal Information as permitted by workers’ compensation and similar laws.YesNo

We are required to obtain your written authorization before we (1) use and disclose Personal Information for marketing purposes, (2) sell Personal Information to other.

Information not described in this notice will also only be made with your written authorization.  If you give us such authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect.

YesYes

 

Your Rights

 

AccessSubject to applicable law, you have the right to receive information about, and review in person, or obtain copies of, the Personal Information we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.
Amendment or DeletionSubject to applicable law, you have the right to request that we amend or delete your Personal Information.
Disclosure AccountingSubject to applicable law, you have the right to request and receive a list of certain disclosures made of your Personal Information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.
Use/ Disclosure Restriction or ObjectionYou have the right to request that we restrict our use or disclosure of your Personal Information for certain purposes. Subject to applicable law, you also have the right to object to the processing of your Personal Information.  We may not be required to agree to a requested restriction or objection. We will agree to restrict use or disclosure of your Personal Information provided that the law allows and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still disclose your Personal Information in a medical emergency and use or disclose your Personal Information for public health and safety and other similar public benefit purposes permitted or required by law.
Withdraw ConsentIf you are located in the EEA, you may at any time withdraw your consent to our processing of your Personal Information.
Confidential CommunicationIf you are located in the U.S., you have the right to request that we communicate with you in confidence about your PHI at an alternative address. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the privacy officer. Eko will not ask you the reason for the request and will accommodate all reasonable requests. The request must specify how or where you wish to be contacted.
Privacy NoticeYou have the right to request and receive a copy of this notice at any time. For more information or if you have questions about this notice, please contact us using the information listed at the end of this notice.

 

Provide and Improve our Services.

We use information to provide, evaluate, and improve the Service, including to provide you with the heart sound analysis, lung sound analysis, and ECG analysis services and reports based on the analysis of your health-related information, including your physiologic data, data collected via your use of Eko devices, and data from third-party devices and services; to analyze our products and their usage to enhance and improve our existing Service; to develop new products and services; manage our communications; and perform accounting, auditing and other internal functions.

 

Communicate with You

We may send you emails, text messages, and push notifications to your mobile device if they are enabled, to verify your account and for informational and operational purposes, such as account management, instructions, alerts, reminders, customer service, system maintenance, and other Service-related purposes. We may also permit users, such as health care providers, to use the Service to send you emails, text messages, and push notifications.

 

Payments

We use your information to facilitate transactions, deliveries, and payments with our third-party service providers.

 

Marketing and Data Analysis

To the extent permitted by applicable law, we may use information to provide online advertising on the Service and to send you newsletters, offers, surveys, and other promotional information related to Eko products and services. Where required under applicable law, we will obtain appropriate consent to send you marketing communications. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at contact@ekodevices.com.

 

Legal Compliance

We may use information to protect against, identify, and prevent fraud and other unlawful activity, claims and other liabilities. We also may use information to comply with and enforce applicable legal requirements, relevant industry standards, and our policies.

 

Information We Share

We may disclose the information we collect about you as described in this Privacy Policy and as permitted in any other agreements we have with you.

 

We May Share Information collected through Eko among Physicians and Staff at a Healthcare Practice or Group.

Physicians and staff using Eko as part of a health care practice or group have access to patient information stored by Eko for that practice or group. This permits physicians and staff to access information in Eko when patients see different physicians and staff at the practice or group.

 

We May Share Information Collected through Eko with Your Physician or Healthcare Provider through our Physician Facing Service.

If your physician or healthcare provider uses an Eko account, you may also choose to connect to your physician or healthcare provider through the Service.

If you connect to your physician or healthcare provider through the Service, we may share any of the information listed above through the Service with them.

 

Your physician or healthcare provider will handle any data it receives through the Service in accordance with their/its own privacy policies.

We encourage you to read your health care provider’s privacy policy. We are not responsible for providers’ activities with respect to the information they receive through the Service.

 

Vendors and Service Providers.

We may share any information we receive with vendors and service providers we use to help us provide the Service. Examples of these vendors and service providers include entities that process credit card payments, fulfill orders, and provide analytics and web hosting services. We require our vendors and service providers by contract to only use or disclose the information they process on our behalf as necessary to perform certain services on our behalf or comply with legal requirements.

 

Members of our Group.

We may share your information with any members of our group, which includes our affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.

 

Third-Party Devices and Services.

If you permit the Service to integrate with or connect to third-party devices and services, with your permission we will share some health-related information with them. Such third-party devices and services may provide additional controls to limit the information the Service provide to them. If you connect your Eko account to a third-party device or service, you may be asked to share your information with that application. We will not share your information without your permission.

 

Advertising Partners.

We do not rent, sell, or share personal information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may work with third party advertising partners to show ads for our Service that we think may interest you after you visit our Service. These third-party partners collect information from you when you visit our Service and other online services. Where required under applicable law, we will request your consent to such collection and use of your information. You may be able to opt out of receiving personalized advertisements from us and our advertising partners.

 

Legal and Similar Disclosures.

We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law, or protect your, our, or others’ rights, property, or safety.

 

Merger, Sale, or Other Asset Transfers.

In the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), such assets likely will include the data we retain. We will use reasonable efforts to direct the transferee to use information you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your information with any inquiries concerning the processing of that information.

 

Other Disclosures.

We may disclose information in other ways when we have consent to do so, such as provided in other agreements we may have with patients and providers.

 

HIPAA Compliance

Notwithstanding anything in this Privacy Policy to the contrary, to the extent we create, receive, maintain, or transmit (collectively, “Process”) “protected health information” (as such term is defined in 45 C.F.R 160.103) in providing the Service, we shall only use and disclose that information in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”). HIPAA also requires us to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the protected health information we Process. Under HIPAA, the covered entity on whose behalf we Process your protected health information is generally required to provide or make available to you a Notice of Privacy Practices (“NPP”). The NPP is intended to provide notice on how the covered entity may use and share your protected health information and inform you about your health privacy rights.

 

Controller

Eko processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:

All data collected by Eko will be stored exclusively in secure hosting facilities. Eko has a data processing agreement in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations.

 

Your Rights and Choices

We offer you certain choices in connection with the information we collect about you.

Subject to applicable law, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information blocked or deleted, as appropriate. If you wish to request access or an update to the information that we have concerning you, please email us at privacy@ekodevices.com.

 

Your rights to your information may be limited in some circumstances by local legal requirements. You also have the right to withdraw your consent to the collection of your information. Note however that if you exercise your right of blocking or deletion, if you decline to share certain information with us, or if you withdraw your consent, we may not be able to provide to you some of the features and functionalities of the Service.


If you receive Promotional Emails from us, you may unsubscribe at any time by following the opt-out instructions contained within the message. Even after you opt-out of receiving promotional messages from us, you may continue to receive administrative messages from us regarding the Service.


You may contact us as indicated in the ‘How to Contact Us’ section of this Privacy Policy to exercise your rights and choices to your information. If we provide you with access to information, we may require you to pay a fee to meet our costs.

Eko users may also contact us to:

Stop the sharing of your information with a specific provider;
Request information about any disclosures of your information that we have made;
Update your email preferences or ask us to remove your information from our mailing lists; or
Submit another type of request.

 

We will retain information (1) submitted by an Eko user or (2) provided to a physician or healthcare provider from an Eko user, in accordance with any agreements we have with such healthcare provider or physician. When a Eko user terminates his/her Eko account, we will delete the user’s information that was not otherwise provided to a physician or healthcare provider. When we delete any information, it will be deleted from the active database, but may remain in our archives. You may terminate your account at any time by following the procedures detailed on the Service or by contacting customer support at contact@ekodevices.com.

We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App or software to remove information stored on your device.

 

Not all Care Recipients are aware of their Rights when using the Services. It is up to You, as the User to inform those Care Recipients of their Rights according to this Privacy Policy.

 

Data Sharing Confirmation

To facilitate secure sharing of data to a health professional, Eko Devices may contact you by email to confirm a request to do so. You have the ability to accept or reject those requests. If you wish to retract sharing of your data, please submit a request via the ‘How to Contact Us’ section of this Privacy policy.

 

Data Transfers

We may transfer personal information we collect about you to countries other than the country in which the personal information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal information. When we transfer your personal information to other countries, we will put in place measures to adequately protect that personal information as described in this Privacy policy so that same level of protection is applied to that personal information as would be required were it processed in the country in which the personal information was originally collected. If you are located in the European Economic Area (“EEA”), please note that we have implemented safeguards to ensure your Personal Information is protected when transferred, in accordance with applicable data transfer restrictions.

 

Data Security

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while Eko uses reasonable efforts to protect your information, we cannot guarantee its absolute security.

 

Data Retention and Deletion

Eko will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.

 

How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We hold ourselves to the highest data protection standards and follow all HIPAA technical and administrative safeguards for protect health information.

 

Links to Other Websites and Applications

The Services may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy policys or policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites’ or applications’ content, any use of the sites or applications, or the privacy practices of the sites or applications.

 

Updates to Our Privacy Policy

This Privacy policy may be updated periodically and without prior notice to you to reflect changes to our information practices. We will post a prominent notice on our Services to notify you of any significant changes to our Privacy policy and indicate at the top of the policy when it was most recently updated. Where required by law, we will seek your explicit consent to specific changes. You agree that Eko Devices will reserve the right to occasionally notify you via email of any important changes to this Privacy policy and/or Terms of Use.

 

Disputes

Eko is committed to resolving complaints about your privacy and our collection or use of your information. If you have any inquiries or complaints regarding this Privacy Policy please contact us at: privacy@ekodevices.com.

 

 

Eko Devices, Inc.

Attn: Privacy Officer

2600 10th Street, Suite 260

Berkeley, CA 94710

privacy@ekodevices.com

 

 

How to Contact Us

Eko has a Data Protection Officer and Privacy Officer who is responsible for matters relating to privacy and data protection.

 

If you have any questions or comments about this Privacy policy, or if you would like us to update information we have about you or your preferences, please contact us by email at contact@ekodevices.com. You also may write to:

 

Eko Devices, Inc.

Attn: Privacy Officer

2600 10th Street, Suite 260

Berkeley, CA 94710

 

If you are an EEA customer and are unable to reach Eko at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.

ITS 002 Rev A