Our Policy strictly applies the regulations in force concerning the protection of personal data established by the Health Insurance Portability and Accountability Act (HIPAA) of August 21st, 1996 and the General Regulation on the Protection of Personal Data (GDPR) N° 2016-679 of April 27th, 2016. This POLICY also undertakes to comply with any law or regulation that may come into force adopted and applied in European Union or in any territory in which Kardiolytics may have to transfer the collection, use and processing of such data.
The purpose of this Policy is to inform you fully about the guarantee of security and confidentiality implemented by Kardiolytics in the protection of your personal data.
Information relating to the data controller - Kardiolytics
The personal data are processed by the company Kardiolytics Inc, whose head office is located at 1415 W37th Street, Chicago, IL 60609
Kardiolytics undertakes to prove that personal data transferred outside the EU of EU resident will be compliant to GDPR. Such transfers must be done : (a) on the basis of an adequacy decision, (b) appropriate safeguards or (c) binding corporate rules (BCR).
You may not use our Services in any jurisdiction where offering, accessing or using our Services would be illegal or unlawful.
Information we process
We may collect and store both anonymous and personally identifiable information about you when you use our Site.
Information you provide
We collect the personal information you voluntarily provide to us.
As is true of most websites, we gather certain information automatically and store it log files. These logs may contain the Internet domain from which you access the site (e.g. search engine); the IP address which is automatically assigned to your computer when you get on the Internet; the type of operating system and browser you use; the time and date you visited; the pages you viewed; and the address of the website you linked from, if any. If you sign on to the Site to use secured features, our logs will also contain an individual identifier and show the services you have accessed. Kardiolytics uses log information to help us identify popular features, to resolve user problems, to design our site and to make the Site more useful to visitors.
We may also occasionally use “web beacons” (also known as “clear gifs,” “web bugs,” “1-pixel gifs,” etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a web page or e-mail that can tell us if you have visited a particular area of the Site. For example, if you have given us your consent to send you emails, we may send you an email urging you to use a certain feature of the Site. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful.
Personal data collected is not subject to assignment, free or onerous, or sharing or communication to third parties except as provided in this Policy.
The main recipients of the personal data processed are the relevant services of Kardiolytics.
Kardiolytic uses several providers as subcontractors such as:
- Google G suite for customers support tickets submission: https://cloud.google.com/security/gdpr/,
- Amazon Web Services for personal data storage (servers): Data processing agreement: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
How we use your personal information
The personal data collected is used as part of the services provided by Kardiolytic through its solution, it's Website and its platforms. Regarding the GDPR data minimization principle, Kardiolytic commits to collect only the personal data strictly necessary for the purposes of the processings.
In general, Kardiolytics uses your personal information to respond to your requests or to aid us in serving you better. We use personal information to perform data analysis and audits, safeguard and protect our Site and related services, enhance, improve and modify the Site, create Accounts, identify usage trends, provide improved administration of our Site and related Services, identify you as a user in our system, send you administrative email notifications, respond to your inquiries, and to provide you the services you request.
We may share some or all of your personal information with our parent company, subsidiaries, joint ventures or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Policy,
We may share your personal information with third party service providers to: provide you with the services that we offer through our Site, to conduct quality assurance testing, to provide technical support, and/or to provide other services to Kardiolytics. In this case, all third parties are committed to approve and strictly apply this Policy. This obligation is provided in the contracts that bind these third parties to Kardiolytics according to data protection rules.
How we protect your information
Kardiolytics’ goal is to protect personal information submitted through its sites. Inteneural maintains technical, administrative and physical safeguards designed to protect against unauthorized disclosure, alteration, use or destruction of the personal information you provide on this Site and in the use of its solution. Kardiolytics implements all the measures at its disposal to create an environment for preserving the quality, security, and integrity of your personal data.
Kardiolytics also employs reasonable technologies to help keep the personal information you provide on this site secure including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices.
However, we cannot ensure or warrant against all risks with regards to the security of that information, so information you choose to transmit to Kardiolytics and which we store is provided to us at your own risk. Kardiolytics does not guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards. In addition, other services or Internet sites that may be accessible through Inteneural have separate data and privacy practices independent of us, and we disclaim any responsibility or liability for their policies or actions.
Storage period of your personal data
Kardiolytics retains your personal data only for the duration necessary for the operations for which they were collected and in compliance with the regulations in force. Your personal data is kept for the duration of the contract and may be kept for an additional three (3) years for purposes of prospection and commercial, without prejudice of the obligations of conservation or the limitation periods. Prospect data is retained for a period of three (3) years from the date of the data collection or from the last contact with Kardiolytics.
Upon your request, we will delete or anonymize your personal data so that you can no longer be identified, unless the law authorizes or compels us to keep certain personal data, especially in the following situations:
If there is an unresolved issue with your account, such as unpaid or unresolved claim or litigation, we will retain the necessary personal data until the issue is resolved,
If we are required to retain personal data as a result of legal, tax, auditing and accounting obligations, we will retain the necessary personal data for the period required by applicable law.
Data subject rights
Except as limited by applicable law, your data subject rights are:
- Right of access: the right to be informed and to request access to the personal data we process,
- Right to rectification: the right to ask us to modify or update your personal data when they are inaccurate or incomplete,
- Right to erasure (right to be forgotten): the right to ask us to permanently delete your personal data,
- Right to restriction of processing: the right to ask us to stop temporarily or permanently the processing of all or part of your personal data,
- Right to object: the right to refuse at any time the processing of your personal data for personal reasons; the right to refuse the processing of your personal data for direct marketing purposes,
- Right to data portability: the right to request a copy of your personal data in electronic format and the right to transmit such personal data for use by a third party service
- Right to not be subject to automated decision-making: the right to not be subject to a decision based solely on automated decision making, including profiling, in the event that the decision would have legal effect on you or would produce a similar significant effect.
Opt-out of marketing emails
We will periodically send you free newsletters and emails that directly promote the use of the Site and our services. When you receive newsletters or promotional communications from us, you are always invited to indicate a preference to stop receiving further promotional communications from us and will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by directly contacting us at the address listed on the Contact Us page of our Site and indicating that you no longer want to receive promotional materials relating to this Site. Despite your indicated email preferences, we may send you service related communications, including notices of any updates to our Terms of Service or this Policy.
Children under 16
We do not knowingly collect or maintain personally identifiable information from persons under 16 years of age, and no part of the Site is directed to persons under 16. If we learn that personally identifiable information of persons less than 16 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete such information.
Changes to this policy
We may revise this Policy from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we do, we will post the changes on the Site and update the last updated date of this Policy. Any revised Policy will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We include a version number on this Policy consisting of the date (month, day and year) it was last revised. We encourage you to periodically review this Policy, to see if there have been any changes to our policies that may affect you.
Questions, contacting Kardiolytics, reporting violations
If you have any questions, concerns or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us.
Kardiolytics will address any discrepancies and grievances of all Users with respect to processing of information expeditiously. Regarding to GDPR, you have the right to lodge a complaint with a supervisory authority in your country.