We, Datos Health Ltd. including any of our affiliates (collectively, “Datos” or “we“), have created these General Privacy Policy & Terms of Service policies (respectively, the “Privacy Policy” and “Terms of Service” and collectively the “Terms”) in order to let You know what are the terms that govern Your use of Datos’ application (the “Application“), and describe how we use and the way we protect the information that we collect as a result of Your use in the Application.
You, the user, may be a (i) patient with access to our Service (as such term is defined below) as part of Your treatment (and if the patient is a minor or under the care of a lawful guardian – his legal guardian), or (ii) health care organization that has contracted with Datos for the patient’s access to the Service, or caregiver working for such health care organization that has contracted with Datos for the patient’s access to the Service (“You”).
Datos’ Service provides advanced technology tools and solutions for patient generated health data management platform offered and provided by Datos through its Website or Application (collectively the “Service”), subject to the Terms of Service detailed below, and allow You to share and store information that may be sensitive. Such information may become accessible to Datos and such third parties as described in our Privacy Policy set forth below. Thus, we urge You to read the Terms herein carefully and make sure You understand clearly how Datos may collect and use Your information.
By accessing the Service, You hereby provide Your consent to the Terms of Service as provided herein. If You do not agree to these Terms, You may not access or otherwise use any of the Services.
You may use the Service only if You have reached the age of eighteen (18) or the applicable legal age in Your jurisdiction and can form legally binding contracts under applicable law. If You are under 18 or the legal age in Your jurisdiction, or if You have a legal guardian, such guardian must agree to these Terms on Your behalf.
While using Datos’ Service, Datos may ask You to provide it with certain personally identifiable and other information that can be used to contact or identify You, in accordance with the terms provided herein, as well as other personal information You may provide us in the course of using our Service, for example, Your email address, first and last name, address, phone number, location data and other usage data.
Protecting Your information and maintain Your Privacy is very important to Datos. For this reason, Datos complies with the highest privacy standards, including the European Union’s 2016/679 Directive General Data Protection Regulation (“GDPR”), United States’ healthcare-focused privacy law – The Health Insurance Portability and Accountability Act (“HIPAA”) and the California Consumer Privacy Act (“CCPA”). To ensure we provide You with the highest standard of security measures, Datos’ Service runs on the trusted infrastructure of Google, and relies on Google’s security and privacy policy.
This Privacy Policy governs the privacy practices with respect to the collection, use and disclosure of personal information when You use our Service and the choices You have associated with such data.
- WHAT INFORMATION DO WE COLLECT?
- Datos may collects information that may personally identify You, including (the “Personal Information“):
- Your full name and contact details; postal address; telephone numbers (including mobile numbers) and e-mails address;
- Your height, weight, gender, medical history; line of treatment, test results, and other demographic information;
- Your health measurements such as blood pressure, time spent being active, heart rate, etc.;
- Information that You or Your care giver upload to Your Account;
- Your Account’s usernames;
- Your usage of our Service, such as type of device You’re using when You logon to the Service, IP address, time of access, browser type and language, Internet Service Provider (“ISP”), the Web pages that You visit, the content You use and the URL of the Web page You visited before navigating to the Services, and other identifiers which may qualify as Personal Information;
- Your interests, preferences, feedback and survey responses;
- Your device information, including Your hardware model, operating system and version, unique device identifiers, mobile network information (if allowed by the mobile network) or platform information (as allowed by the specific platform type);
- Your location data;
- Your correspondence and communications with Datos.
Please note that the health-related data points made available to Datos through Your or Your care giver’s use of the Service are defined by Your care giver.
- Anonymized Information. Datos also collects certain unidentified information that relates to Your online browsing activities on our Website or through the Service (the Anonymized Information”).
- Datos may collects information that may personally identify You, including (the “Personal Information“):
- HOW DO WE COLLECT YOUR INFORMATION?
Datos obtains access to Your Personal Information and Anonymized Information (together referred to as “Information“), as follows:- Information that You or Your care giver provide to Datos.
- Information that is derived from Your browsing activities or the use in our Service (e.g., when You log into Your Account, how often do You log in);
- Information regarding Your health measurements that is uploaded onto the Application either by You or that is automatically being synchronized with Your Account through add-on device (such as a smart watch);
- Information that Your care provider uploads to the Service through the “care team” designated portal;
- Information which You provide when You complete various questionnaires, which Your care provider asks You to complete;
- Information provided by You while using available Service (e.g., chat and video call functionalities).
- Information Collected Upon Your Use in our Services . When You access or use the Service, Datos may automatically collect Information about You, including:.
- Usage Information. Datos monitors users’ activity in connection with the Service and may collect information about the applications and features You use, the websites You visit, the names of the service providers You use, files You upload, download, share or access while using the Services, the content You access, and any actions taken in connection with the access and use of Your content in the Services.
- Log Information. Datos logs information about You when You access to and use the Services as described in Section 1.1 above.
- Device Information. If You access the Services from a mobile device, Datos may collect information about the device as described in Section 1.1 above.
- Information Collected through “Cookies” or Other Tracking Technologies.
- “Cookies”.
Datos may use “cookies” (small data files which are sent to Your device by a website or other online application, to enable the storing of information which uniquely identifies You such as remembering web pages that You have viewed) to monitor Your browsing behaviour.
If You want to disable or change Your “cookies” settings, You will have to access Your device’s browser settings. Please note that if You disable all cookies, some (or all) of the features and functionality of the Service may not be available to You. Below are links to commonly used web browsers. Information about cookies is usually found in the “Help” section of the web browser.
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Safari (Desktop)
- Safari (Mobile)
- Android Browser
- Opera
- Opera Mobile
For other browsers, please consult the documentation that Your browser developer provides.
Please note that the above information may change if and when the applicable manufacturers update its systems. Also note, that Your device may use another platform, not described above. In that case, please consult the manufacturer documentation for further instructions.
You can also learn more and turn off certain third party targeting and advertising cookies by visiting the following third-party webpages such as:
- Third party cookies The use of “cookies” by third parties You may sign-in from into the Services and/or third-party applications, is not covered by our Privacy Policy. We do not have access or control over such cookies.
- Information Collected by Other Tracking Technologies
Other than cookies, Datos may use various technologies to collect information, which may include a use of web beacons (also known as “tracking pixels”). Web beacons are electronic images (also called “gifs”) that may be used in the Services or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.Datos may also obtain information from third parties and combine that with the Information it collects through the Services. For example, Datos may have access to certain information from a third-party Application Tracking Systems (“ATS”) service if You create or log into Your online account through the service or otherwise provide it with access to information from the service. Any access that Datos may have to such information from a third-party ATS service is in accordance with the Privacy Policy and authorization procedures determined by the ATS service. Datos protects data obtained from third parties according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data.
- “Cookies”.
- Information that You or Your care giver provide to Datos.
- HOW DO WE USE THE INFORMATION?
- Datos may use the Information collected about You for the limited purpose of providing the Service and related functionality, or as otherwise specifically described in this Privacy Policy and as permitted by applicable laws. Such limited purposes include circumstances where it is necessary for Datos to provide or complete Services requested by, or for, You, or where You have given Datos Your express consent. Your Information may be used to perform a variety of purposes, including
- Provide, operate, maintain, improve and audit the Service.
- Enable Your access and use the Services and identify You, so that we can provide and deliver Your Service’s requests, process and complete transaction.
- Send You technical notices, updates, security alerts and support and administrative messages and generally communicate with You in accordance with these Terms, including, responding to Your comments, questions, and requests and provide customer service and support in connection with the Services, features, surveys, and provide other news or information about Datos and our select partners.
- Continue developing, improving and customizing the Service and the user experience. Such use may include prevention of bugs and errors in the Service, the development of new services to our clients, the aggregation of statistical data in an unidentified manner and monitoring of the use in our Service, monitoring and analysing trends, usage, and activities in connection with the Services for research, purposes.
- Personalize and improve the Service, and provide content, features, and/or advertisements that match Your interests and preferences or otherwise customize Your experience on the Services.
- Promote safety and security of the Information and our systems. Such use may include verification of the authenticity of the user who is connecting to the Service, investigating and preventing fraudulent transactions, unauthorized access to the Service, and other illegal activities, accommodating for Cybersecurity needs, fraud detection and misuse of the Service.
- Managing insurance claims and internal record keeping.
- Sharing Your Information with Third Parties
Datos may share the Information collected about You with third parties for the limited purpose of providing the Service or as otherwise described herein as follows:- Where it has a legal right or duty – to use or disclose Your Information (for example in relation to an investigation by a public authority or in a legal dispute).
- Transferring Your Information to Your care provider as well as Your health organization.
- Datos restricts the access to Your Information to those employees or service providers of Datos with a need to know it in order to carry out their functions and make the Service available to You. Datos ensures that all such employees, consultants, and independent contractors sign confidentiality and nondisclosure agreements.
- Datos may also share Your Information with its legal counsels and accountants, potential business partners, investors, or the public or in connection with a potential merger, acquisition, or sale of all or substantially all of its assets, in all cases subject to confidentiality and nondisclosure restrictions.
- Datos may provide to third parties with unidentifiable Information collected as a result of Your use and/or access to the Service, including, in combination with unidentified information of other users. For example, we might inform third parties regarding the number of users of our Service or the activities they conduct while on browsing or using the Service.Datos may (or may not) charge such third parties for such unidentifiable Information. Datos may also choose not to limit such third parties’ use in such unidentifiable Information, provided that, if we choose to do so we shall require that such third parties undertake not attempt to deanonymize such information by combining it with other databases or performing similar actions.
- How is Information Shared with Your Health Organization?
- The Information uploaded to the Service by You (whether as a patient or a care giver) is shared with Your health organization through the Service. Datos may also share Your Information for the purpose of complying with any applicable law, legal process, governmental request, to enforce any of our legal rights, defend against legal claims, to investigate any illegal use, abuse, violations of our terms and any other similar uses.
- Datos may disclose Anonymized Information obtained through Your use of the Service in an anonymized format, which shall not allow a reasonable person to identify You, except when it is permitted under the Terms, or as necessary to enforce them, or when it is required under the law or a court order, or for any of the following purposes:
- Datos may use service providers for technical aspects of operating and supporting the Application, those third parties might be exposed to information collected based on Your activities within the Service.
- If Datos receives a judicial order that requires it to share or disclose Your information or information about You to a third party.
- In any dispute, claim, prosecution or legal proceedings of any kind arises between You and Datos.
- If Datos re-organizes the operation of the Service within a different corporation, or if Datos merges into or with other entities or merges the operation of the Service with a third party, Datos shall be entitled to transfer to the new entity a copy of the Information about You collected from the Service, provided however, that those entities agree to be bound by the provisions of this policy. If those entities do not agree to be bound by the provisions of this policy, You shall be given with a proper 30 days prior notice within the Service and with the opportunity to delete Your Account Information altogether before the policy changes take effect.
- Except as provided in this Privacy Policy, Datos will not share any identifiable Information with third parties with respect to You and Your use of the Service.
- Aggregated and Analytical Information Datos may also use standard analytics tools such as Google Analytics, to learn more about how You and other users’ use our Service, and how we should improve our user experience. These tools maintain their own privacy practices in accordance with their own privacy policies to provide their service. Further information about how Google uses data when You use our Service, can be found here.
- Our cloud service providers
The server(s) on which the Service are hosted and/or through which any of the Service are processed are within the State of Israel, United States and Europe, however, some of the Information may be managed by third parties, in accordance with the place of business of the caregiver through which You have received access to Datos’ Services. This includes the following:
Cloud Service Provider
Caregiver Place of BusinessAmazon Web Services (AWS) Google Cloud Platform (GCP) Microsoft AZURE USA Servers are located in N. Virginia, US. Servers are located in Moncks Corner, South Carolina, North America, US. Servers are located in the State of Virginia, US. IL Servers are located in Frankfurt, Germany. Servers are located in St. Ghislain, Belgium, Europe Servers are located in Frankfurt, Germany. Servers are located in Sydney, Australia, APAC. Servers are located in Sydney, Australia, APAC. Servers are located in Sydney, Australia, APAC. Servers are located in Victoria, Australia. EU Servers are located in Frankfurt, Germany. Servers are located in St. Ghislain, Belgium, Europe. Servers are located in Frankfurt, Germany. Singapore Servers are located in Singapore. Servers are located in Jurong West, Singapore, APAC. Servers are located in Seoul, South Korea. - Amazon Web Service(AWS) technology, whose mailing address is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal. You can find more details on AWS’ Privacy Policy here.
- Google Cloude Platform (GCP), whose mailing address is 1600 Amphitheatre PkwyMountain ViewCA 94043, ATTN: Google Legal Investigations Support. You can find more details on GCP’s Privacy Policy here.
- Microsoft Azure, whose mailing address is: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Telephone: +1 (425) 882 8080 / Microsoft Ireland Operations Limited, ATTN: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 1 706 3117.You can find more details on Azure’s Privacy Policy here and here.
- Datos may use the Information collected about You for the limited purpose of providing the Service and related functionality, or as otherwise specifically described in this Privacy Policy and as permitted by applicable laws. Such limited purposes include circumstances where it is necessary for Datos to provide or complete Services requested by, or for, You, or where You have given Datos Your express consent. Your Information may be used to perform a variety of purposes, including
- DATA RETENTION
- All Your information is stored via the Google Cloud, which is HIPAA certified. Nothing of the information which You upload is saved on the Application.
- You can see all information uploaded to the Application. You can add additional information, but You can’t delete information which has been uploaded. You may delete the Application in any time, however, please note that even if You choose to do so, Your Information shall not be automatically deleted and shall remain stored on the Google Cloud, unless we are instructed to delete such Information by Your health organization or as otherwise required under the applicable law.
- Datos will retain Your Information for as long as Your account is active or as needed to provide our Service. If You need assistance with deactivating Your account please contact us via privacy@datos-health.com. However, please note that we may retain and use Your Information as necessary to comply with our legal obligations, resolve disputes, and enforce these Terms.
- Notwithstanding the aforementioned, please note that Datos will not retain Your data for longer than necessary for the purposes set out in this Privacy Policy. Different retention periods apply for different types of data, however the longest we would normally maintain Personal Information is ten (10) years.
- When You send an email or other communication to privacy@datos-health.com or any other correspondence that You have with us, we may retain those communications in order to process and respond to Your requests and improve our Service.
- Please DO NOT send us any communication which contains confidential or sensitive information, since we are unable to evaluate whether Your content constitutes as confidential or sensitive information, or not, and we may retain or use such communication as described hereinabove, and such retention or use shall not be deemed as a breach of any of our obligations pursuant to this Privacy Policy.
- SPECIFIC PROVISION FOR CALIFORNIA RESIDENTS
This Section 5 applies to You only if You are a resident of the State of California, United States. Datos adopted the following provisions to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Section 5.
- The following categories reflect to type of personal information which Datos has collected within the last twelve (12) months:
- Electronic network activity information, including, but not limited to, browsing history and any additional information related to Your interaction with our Service etc.
- Electronic network activity information, including, but not limited to, browsing history and any additional information related to Your interaction with our Service etc.
- Geolocation data
- Audio, electronic, visual or similar information.
- Inferences
- information categories as listed in the California Customer Records statute.
- Datos has obtained such information as set forth in Section 5.1 above and Personal Information as provided under Section 1.1 above (for the purpose of this Section 5, the “Personal Data”).
- Datos may use the Personal Data it collects or receives for its legitimate interests (as set out in Section 3 above), which Datos believes are not overridden by Your fundamental rights. Datos may also disclose such Personal Data to third parties for its legitimate purposes as described in Section 3 above.
- In the preceding twelve (12) months, Datos has not disclosed any of Your Personal Data.
- In the preceding twelve (12) months, Datos has not sold any of Your Personal Data.
- Your rights as a California Resident. You are entitled to request the following specific rights under the CCPA, solely with respect to Personal Data related to You:
- Request to know (a) what categories and specific components of Personal Data we collect about You and from which sources; (b) categories of Personal Data that we disclosed for the purpose described in Section 3 above, and the categories of third parties with whom we have shared any particular category of Your Personal Data. If we disclose any of Your Personal Data to a third-party, we will provide You, after authenticating Your identity, with a list that will identify the specific category of Your Personal Data which was disclosed.
- Request that we delete any Personal Data we collect about You. After authenticating Your identity, we will delete (and direct our service providers to delete) any Personal Data related to You from our records, unless an exception applies. Please note that if we need to delete any Personal Data related to You following Your request, it can take time until we completely delete residual copies of Personal Data from our servers and backup systems.
- Instruct us not to sell any Personal Data related to You that was collected by us.
- You have the right not to be discriminated against by Datos, for exercising Your rights under the CCPA.
- If You have any concerns about how we process Personal Data related to You, or if You wish to withdraw Your consent, for any reason, kindly let us know by sending an email to privacy@datos-health.com. Please note that exercising this right will not affect the lawfulness of any previous processing activities based on consent that was lawfully obtained before its withdrawal. Also, please note that Datos shall not charge You for requesting to exercise any of the rights set forth in this Section 5.
- The following categories reflect to type of personal information which Datos has collected within the last twelve (12) months:
- SPECIFIC PROVISIONS FOR EU-RESIDENTS
This Section 6 applies to You only if You are a resident of the European Economic Area (EEA). Datos adopted the following provisions, to comply with the EU 2016/679 Directive General Data Protection Regulation (“GDPR”), pursuant to which Datos will be considered as a “Data Controller” with respect to our use of Personal Information of residents of the European Union.
- Legal Basis. Datos bases its processing activities of any Personal Information related to You as “Data Controllers” based on the following lawful grounds:
- Datos relies, primarily, on Your consent to the terms of this Privacy Policy and the terms set forth under our Terms of Use, as a legal basis for processing any Personal Information related to You or communicating any other promotional material.
- Datos may collect and use Your Personal Information when it is necessary for one of the legitimate uses set out in Section 3 above, which we believe are not overridden by Your fundamental rights.
- We may process Your Personal Information to comply with a legal obligation and to protect our users’ vital interests.
- If, at any time, You wish to exercise Your rights in accordance with the provisions provided by law (including as provided under this Section 6 of this Privacy Policy) You may send us an email to privacy@datos-health.com and request, under certain circumstances as provided by the GDPR:
- To access Your Personal Information together with information about how, and on what basis, such information is being processed. Should You desire to receive such information in a different format than the one that was provided to You, You can contact us via privacy@datos-health.com and we shall use commercially reasonable efforts to accommodate Your request, if applicable.
- To rectify any of the Personal Information being held when such information is inaccurate.
- To delete or restrict access to Your Personal Information in limited circumstances as described under the GDPR. Please note that if we need to delete any Personal Information related to You, as per Your request, it can take time until we completely delete residual copies of such data from our servers and backup systems.
- To withdraw Your consent to the processing of Your Personal Information. However, please note that exercising this right will not affect the lawfulness of any previous processing activities based on consent that was lawfully obtained before its withdrawal.
- To obtain and reuse Your Personal Information for Your own purposes across different services, as part of Your right to data portability.
- By accessing or using the Service or otherwise providing Information to us, You consent to the processing and transfer of information in and to the European Economic Area (EEA) and other countries and territories, which may have different privacy laws from Your country of residence, as further described in Section 7 below.
- Please note that You have the right to complain to a Data Protection Authority about our collection and use of Your Personal Information. For more information, please contact Your local data protection authority in the European Economic Area (EEA)
- If You have any concerns with respect to our methods of processing any Personal Information related to You, or if wish to withdraw Your consent, for any reason, kindly let us know by sending an email to privacy@datos-health.com or notify Your care giver.
- Datos shall not charge You for requesting to exercise any of the aforementioned rights.
- Legal Basis. Datos bases its processing activities of any Personal Information related to You as “Data Controllers” based on the following lawful grounds:
- INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
Your Personal Information may be collected, transferred to and stored by Datos and by our affiliates and such third parties to which Datos discloses Your Information in accordance with the provisions of Section 3 above, that are based in Israel, the United States the EEA and in other countries. Accordingly, You should note that Your Personal Information may be processed outside of Your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or the applicable local legislature or regulator in Your jurisdiction, and may not provide for the same level of data protection as Your jurisdiction. However, please note that Datos takes measures to ensure that any processing of Your Personal Information by Datos, its affiliates and such third parties to which Datos discloses Your Information in accordance with the provisions of Section 3 above, are governed by adequate level of protection and security contractual obligations and, where applicable, such obligations include the standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission or other applicable regulators or legislators. By agreeing to the terms of this Privacy Policy, You provide Datos with Your consent to collect, transfer and/or store Your Personal Information outside of Your jurisdiction, to the extent that such consent is require under any applicable law.
- INFORMATION SECURITY
- Please be advised that the confidentiality of any communication transmitted to You or by You via the Internet (including our Websites and Applications, e-mail, and text message) can never be fully guaranteed. Accordingly, we (and if You are a patient – then also Your health care organization) are not responsible for the security of Information transmitted via the Internet (including our Websites and Applications, e-mail, and text message). However, should we become aware of a security breach, we will notify any affected user, so that they can take appropriate protective steps. Such notification shall be issued by Datos in accordance with the applicable (local) laws and regulations, as well as Datos’ internal policies.
- Download of the Application is free and available in the Google Play and App Store. As a user, You should be aware of Application updates and download them as soon as published. Although Datos uses secured platforms such as GCP, You are responsible to secure Your mobile and physical environment. Therefore, and in order to keep access to data safe, we recommend You implement the following information security requirements as demanded by HIPAA as well as the following guidelines:
- Do not leave Your password unattended and do not give it to an unauthorized person.
- Set a screen saver after at least 20 minutes of inactivity of Your mobile device.
- Install an antivirus or end point security client.
- You are responsible to inform Datos (either personally or through Your care team) in the event of any security breach to any device through which You access the Service (e.g., mobile phone, computer, etc.) or to Your portal account immediately after You become aware of such breach.
- You shall be fully and solely responsible for any and all data and information which is uploaded to the Application.
- HOW CAN YOU HELP TO PROTECT YOUR INFORMATION?
First, please remember that Datos will never ask You to confirm Your account password, bank account or credit card details via email or text message. If You receive such communicating asking You to provide such information, please ignore it and do not respond. If You are using a device in a public location, we highly recommend that You always log out and close the browser after completing Your session.
- CHANGES TO THIS POLICY
We reserve the right to change this Policy from time to time, so please review it frequently. If we make material changes to this Policy, and You are a registered user of the Service, we will notify You by email when we make any changes.
- GOVERNING LAW
- If the Service was obtained from Datos Inc. or any of its resellers, all disputes arising out in this Policy will be subject to the governing law of New York, NY, United States of America and the exclusive jurisdiction of the competent courts located in the city of New York, NY, United States of America.
If the Service was obtained from Datos Health Ltd. or any of its resellers, all disputes arising out of this Policy will be subject to the governing law of the state of Israel and the exclusive jurisdiction of the competent courts located in the city of Tel Aviv – Jaffa, Israel. - You agree to submit to the personal and exclusive jurisdiction and venue of these courts, except that nothing will prohibit either party from instituting an action in any court of competent jurisdiction to obtain injunctive relief or protect or enforce its intellectual property rights. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to these Terms.
- If the Service was obtained from Datos Inc. or any of its resellers, all disputes arising out in this Policy will be subject to the governing law of New York, NY, United States of America and the exclusive jurisdiction of the competent courts located in the city of New York, NY, United States of America.
- MISCELLANEOUS
If You believe that we have not adhered to our Privacy Policy, please notify us by email to privacy@datos-health.com and we will use all commercially reasonable efforts to promptly determine and correct the problem. We reserve the right to change this Privacy Policy from time to time, so please review it frequently. If we make material changes to this policy, and You are a registered user of the Service, we will notify You by email.
We will advise You before of any material change to this Privacy Policy and give You the opportunity to review such revised policy before deciding if You would like to continue to use the Service.
If You have any question about our Privacy Policy, please contact us via privacy@datos-health.com.