Terms & Privacy
We refer to each user of our Products and Services, and any parent or guardian acting on behalf of such user, as “you” or as a “User.” We also refer to any company on whose behalf a User is using Companion Products or Services as “you” or a “User.” The Companion Product used by the User for whom the prescription was issued, or outside the United States who is legally authorized to use the Companion Product, is referred to as the “User Device.”
The personal data we receive about you (which we refer to collectively as your “Personal Information”) includes Contact Information, Feedback Information, Data Services Information, Use Information and Derived Information:
- “Contact Information” This information may include your name, address, telephone number, email and other contact information, information regarding payment including your health insurance provider, if any, as well as information regarding your use of Companion Products and Services.
- “Feedback Information”is information you submit to us in connection with your use of Companion Products and Services, whether through our Website, through our Data Services, or otherwise, regarding Companion Products and Services, or other matters relating to us and our business, including the metadata relating to that information.
- “Data Services Information”is information we receive and transmit through our Products and Services.
- “Use Information”includes:
- Information we receive from the computer, mobile phone or other device you use in connection with Companion Products and Services, and information we receive from those Products and Services regarding your use, which may include your IP address and other information regarding your computer, your internet service, the browser you use, and your activities while using Companion Products and Services, such as how often you open Software Apps, your settings and other activity regarding your use of the components of Companion Products and Services;
- Information we receive from you in connection with our request for comments or feedback on third parties;
- Information we may receive from advertisers and other third parties when you click on advertisements or links to third party websites while using Companion Products and Services, including the pages you visit, your activity on those pages and your purchases or other transactions with those third parties.
- “Derived Information”is information that we create by combining and/or analyzing some or all of your Personal Information.
If any of the Personal Information described above does not reveal your specific identity or relate directly to an individual, we may use such “Other Information” for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information.
Your Rights and Responsibilities
- You may update your Contact Information at any time by logging into your account on our Website, and you agree to keep your Contact Information current at all times while your account is active.
- Through your User Account, you can review, update and delete certain Personal Information, and by terminating your User Account you can terminate your use of certain Companion Services. Through the features of certain Data Services, you may be able to review, update and delete certain sharing or use of Personal Information, and you can terminate your use of certain Data Services through the Data Service. You can also terminate your use of a Software App or a Data Service that requires a Software App by removing the Software App from your computer, phone or other device on which it is installed. You may also review, correct, update, suppress, or delete your Personal Information or withdraw your consent previously provided to us. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
What We Do With the Information We Receive
- Contact Information:We use Contact Information to manage your account and Companion Products and Services applicable to you, and as otherwise described below. We also use your email address to contact you regarding your account. We do not make any Contact Information public. We will use your User Account and Contact Information to link your use of Companion Services and Software Apps with your use of Companion Products, and it may be accessible by our personnel providing Companion Services.
- Feedback Information:You are not required to give us any Feedback Information, but if you choose to do so, you are providing it to us for our use as we determine, so long as we do not identify you or include any information that could be used to identify you. Feedback Information may be used by us and provided by us to our customers and third parties, in the form you provide as well as in excerpted, aggregated and anonymized forms, with or without attribution to you as the source. We may also use Feedback Information in our advertising, marketing and other communications with the public and in our business relationships, as well as in our internal communications, in each case without attribution to you as the source. In addition, we may identify you as the source of Feedback Information to the extent you consent to that identification.
- Data Services Information:We collect Data Services Information and store it on our servers, process it using Data Services, and transmit it to the User and each Designated Recipient and Designated Third Party Service, where applicable for Companion Products and Services that are requested by you. We may use Data Services Information in connection with our provision of Data Services and for our operations, administration and product development, maintenance and support in line with applicable data protection laws.
- Personal Information and Solicitations:As permitted by applicable law, we may use Personal Information of you and your Designated Recipients, if applicable, to determine which emails and notices we send to you and your Designated Recipients, if applicable, including emails and notices regarding opportunities relating to our Products and Services (we refer to these emails as “Solicitations”). As permitted by applicable law, we may share your email address or other Contact Information with third party service providers acting on our behalf with which we contract for the purpose of providing you with Solicitations we think may be of interest to you
- Personal Information and Your Companion Experience:We may use Personal Information belonging to you and your Designated Recipients, if applicable, to tailor to you and your Designated Recipients, if applicable, the experience when using Companion Products or Services and the content viewed when using Companion Products or Services. We may use Personal Information in accordance with applicable data privacy laws to manage our Products and Services, including the Website, to improve our business and provide new website and product and service features, and to otherwise manage our business.
- Other Third Parties:In the ordinary course of our business, we will use providers to perform services or functions on our behalf. We will not authorize those third parties to keep, use or disclose your Personal Information except for providing the services we have asked them to provide. We may provide your Personal Information to another company in conjunction with a corporate sale, merger, acquisition or dissolution involving Companion.
- De-Identification:We may “de-identify” your Personal Information by removing information that could identify you, and we may use such de-identified information for any purpose, except where we are required to do otherwise under applicable law.
What Happens to Information You Share With Others
- We have no control over Designated Recipients, and once a Designated Recipient receives your Data Services Information, use by the Designated Recipient is between you and the Designated Recipient. We do not verify the contact information you provide for each Designated Recipient. Once you provide such contact information, until you terminate the designation, we will send Data Services Information to the contact information you have provided, and you are responsible for the accuracy of that information.
Cookies and Other Technologies
Our Products and Services do not currently have the ability to recognize or honor browser do-not-track signals.
- Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some of our Products and Services to, among other things, track the actions of users (including email recipients), measure the success of our marketing campaigns, and compile statistics about use and response rates.
- Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies: We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Products and Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Paneland following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
Interest Based Advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Products and Services and other websites or online services, based on information relating to your access to and use of the Products and Services and other websites and services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit the Network Advertising Initiative opt out site and the Digital Advertising Alliance Self-Regulatory Program.
- We may receive certain health information of yours that is “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). When we receive protected health information, such information will be subject to the requirements under HIPAA and the HITECH Act, and the regulations effective under each of those Acts.
- When you elect to share your protected health information with a Designated Third Party Service, you are electing to provide your data to a third party that may not be subject to the requirements of HIPAA, the HITECH Act and the regulations effective under each of those Acts. You control the information that is provided, and your authorization continues until you revoke it through the app, Companion Service or other component where you made the election. What the Designated Third Party Service may do with your protected health information is determined by the terms applicable to the Designated Third Party Service, and we do not control that use. You understand that your revocation will not affect information previously provided to the Designated Third Party Service, but will terminate further provision of information. Whether or not you elect to share your protected health information with a Designated Third Party Service will not have any effect on the Companion Products and Services you may have the right to use.
More on Privacy
- Children’s Online Privacy Protection:Companion does not permit any person under 18 to subscribe directly to Companion Services or Software Apps or to directly purchase Companion Products. A parent or legal guardian may subscribe for a User who is under 18, but no person under 18 is permitted to use Companion Products or Services without the express agreement of a parent or legal guardian to the terms of the Agreement which require, among other things, that the parent or legal guardian is responsible for designating Designated Recipients, connecting the User Device to Companion Services or Software Apps, interacting in all ways with Companion Services and Software Apps, and ensuring that all communications with us come from the parent or legal guardian and not from the person under 18.
- Adults With Guardians, Conservators or Other Legal Supervision:Companion does not permit any person to subscribe directly to Companion Services, or Software Apps or to directly purchase Companion Products if that person lacks the legal competence to enter into a contract and be bound to the terms of the Agreement. A legal guardian, conservator or other person with the legal right to do so may subscribe for a User who lacks the legal competence to enter into a contract and be bound to the terms of the Agreement, but no such User is permitted to use Companion Services or Software Apps without the express agreement of a legal guardian, conservator or other person with the legal right to provide such agreement to the terms of the Agreement, which require, among other things, that such legal guardian or other person is responsible for designating Designated Recipients, connecting the User Device to Companion Services and Software Apps, interacting in all ways with Companion Services and Software Apps, and ensuring that all communications with us come from the such legal guardian or other person and not from the User who lacks legal competence.
- Phishing:We do not and will not, at any time, request Contact Information in a non-secure or unsolicited email or telephone communication. Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a priority for us. For more information about phishing, visit the Federal Trade Commission website.
- Security:Companion uses commercially reasonable standards of technology and operational security to protect Personal Information within our organization. Personal Information transmitted through Companion Products and Services is transmitted in encrypted form. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.
- Do Not Track Disclosure:In accordance with the Do-Not-Track amendments to the California Online Privacy Protection Act, we inform you that we do not currently respond to “do not track” signals or similar messages from your browser.
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Companion Products and Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country. For personal information of customers that Companion, Inc. receives from Affiliates and companies in the European Union, the European Economic Area, and Switzerland, Companion, Inc. has committed to handling such personal information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield, further described below.
Companion may receive Personal Information of residents of the countries of the European Economic Area (“EEA”), which includes the 28 European Union Member States plus Norway, Iceland and Liechtenstein from third parties or directly from those residents, including name, address, email and telephone number, ordering information and information regarding medical or health conditions that is considered sensitive information. We refer to such Personal Information as “European Personal Information.” We recognize that the laws of the European Community restrict companies in the EEA from transferring European Personal Information to the United States unless there is “adequate protection” for such European Personal Information. To provide such adequate protection where we do not have in place other protections for European Personal Information meeting the requirements of applicable data privacy laws, as we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we will adhere to the E.U.-U.S. Privacy Shield Framework (the “Privacy Shield”) published by the U.S. Department of Commerce (www.privacyshield.gov) with respect to European Personal Information that we receive. For example, we may agree in a specific circumstance to a model contract approved by the European Commission (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm), and the terms of that model contract would apply in that circumstance.
Privacy Shield Principles
We participate in the Privacy Shield. The Privacy Shield List is available at the website maintained by the U.S. Department of Commerce: https://www.privacyshield.gov/list.
We will also disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also collect and process human resources European Personal Information in reliance on the Privacy Shield.
In accordance with the requirements of the Privacy Shield, we will offer to persons whose European Personal Information is in our possession the opportunity to choose (opt out) whether the person’s European Personal Information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the person.
For sensitive information, we will obtain affirmative express consent (opt in) from persons if their European Personal Information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We will treat as sensitive any European Personal Information we receive from a third party where the third party identifies and treats it as sensitive.
Accountabilty For Onward Transfer
To transfer personal information to a third party acting as a controller, we will comply with the Notice and Choice Principles. We will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide at least the same level of protection as the Privacy Shield and will notify us if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, we will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Privacy Shield; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.
With regard to the Principle of Accountability for Onward Transfer, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We will take reasonable and appropriate measures to protect European Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and nature of the European Personal Information.
Data Integrity and Purpose Limitation
Consistent with the Privacy Shield, European Personal Information will be limited to the information that is relevant for the purposes of processing. We will not process European Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person. To the extent necessary for those purposes, we will take reasonable steps to ensure that European Personal Information is reliable for its intended use, accurate, complete, and current. We will adhere to the Privacy Shield Principles for as long as we retain European Personal information.
European Personal Information will be retained in a form identifying or making identifiable the person only for as long as it serves a purpose of processing or other purpose permitted by the Privacy Shield. We will take reasonable and appropriate measures in complying with this provision.
A person whose European Personal Information is in our possession will have the right to access, to correct, amend or delete that European Personal Information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except where the Privacy Shield permits otherwise.
Recourse, Enforcement and Liability
We will maintain robust mechanisms for assuring compliance with the Privacy Shield in accordance with the requirement of the Privacy Shield.
Companion has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
We are obligated to arbitrate claims and follow the terms set forth in Annex I to the Privacy Shield located at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
U.S.-Swiss Safe Harbor
Human Resources Data
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Companion, and your inquiry or complaint involves human resource European Privacy Information, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel (“DPA Panel”) established by the EU data protection authorities (“DPAs”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Companion agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the Swiss FDPIC.
Companion Medical, Inc.
ATTN.: Privacy Concerns
16486 Bernardo Center Drive, Suite 300
San Diego, CA 92128, USA