PRIVACY POLICY
Thank you for using Qardio or visiting one of our websites.
Your privacy is important to Qardio. This policy explains the what, how and why we collect, use, manage, transfer, export, store, and delete your information, and what choices you have with respect to your information.
When we refer to “Qardio”, we mean the Qardio entity that acts as the controller or processor of your information, as explained in more detail in the “Data Controller and Contacting Qardio” section below.
“Personal Data” is information relating to an identified or identifiable natural person.
To make sure your personal information is secure, we communicate our privacy and security guidelines to Qardio employees and strictly enforce privacy safeguards within the company.
Effective date
The Effective Date of this Privacy Policy is January 22, 2024.
This Privacy Policy supersedes any prior agreements or earlier versions of this Privacy Policy between you and Qardio for the use of the Services.
Applicability of this Privacy Policy
This Privacy Policy applies to Qardio’s platform, including its associated devices and Qardio mobile applications (collectively, the “Services”), qardio.com, qardiomd.com and other Qardio websites (collectively, the “Websites”) and other interactions (e.g., customer service inquiries, online stores, etc.) you may have with Qardio. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Qardio’s business.
Other Qardio websites, apps and products that do not include a link to this Privacy Policy and include a link to a different Qardio privacy policy are governed by that privacy policy. In addition, one or more separate agreement governs delivery, access and use of the Services (the “Terms and Conditions”), including the processing of any data or information submitted through Services accounts (collectively, “User Data”).
This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the Qardio platform (“Third Party Services”), or any other third party products, services or businesses, as explained in more detail in the “Health and Wellness Data Sharing with Partners” section below.
Why Qardio collects data
You may be asked to provide your personal information anytime you are in contact with Qardio. You are not required to provide personal information that we have requested, but, if you chose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have. We use the information we collect from all our services for the following purposes:
- We use your information to deliver basic components of our services, like visualizing a chart of your blood pressure readings, helping you share data with your doctor, or shipping your product.
- We also use your information to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us. And we use your information to make improvements to Qardio’s services.
- We use the information we collect in existing services to help us develop new ones.
- We use the information we collect to customize our services for you, including personalized content, and basic functionalities like tracking which language you speak.
- We use data for analytics to understand how our services are used. For example, we analyze data about your visits to our sites to do things like optimize product design.
- We use information we collect, like your email address, to interact with you directly. For example, we may send you a notification to let you know about upcoming changes or improvements to our services. And if you contact Qardio, we’ll keep a record of your request in order to help solve any issues you might be facing.
- When you share your content with family and friends using Qardio Services, or send gift certificates and products, or invite others to interact with Qardio services, Qardio may collect the information you provide about those people such as name, mailing address, email address, and phone number. Qardio will use such information to fulfill your requests, or provide the relevant Services.
- We use information to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, loss prevention, and technical issues that could harm Qardio, our users, or the public.
- If you enter into a sweepstake, contest, or similar promotion we may use the information you provide to administer those programs.
- We use information to bill and collect money owed to us for our products. This includes sending you emails, invoices, receipts, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties process your orders and credit card payments.
Your Information
Qardio may collect data and information in a variety of ways when you use the Services:
- Account Information. Some information is required to create an account on our Services, such as your name, email address, password, date of birth, gender, height, weight, and in some cases your mobile telephone number. This is the only information you have to provide to create an account with us. You may also choose to provide other types of information, such as a profile photo. This information is treated as personally identifiable information.
- User Data. Users routinely submit User Data to Qardio when using the Services. This information is treated as personally identifiable information. To the extent that information we collect is health data, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your Qardio device(s) to your account, grant us access to your health or activity data from another service. You can withdraw your consent at any time, including changing your account settings, stopping use of a feature, removing our access to a third-party service, un-pairing your device, or deleting your data or your account.
- Usage Information.
- Services Metadata. When Users interact with the Services, metadata is generated that provides additional context about the way Users use our services. For example, Qardio logs the number of times you access your app and the time of the day. This type of information is only collected in anonymized or aggregated format, and is not personally identifiable.
- Device information. Qardio collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings. This type of information is only collected in anonymized or aggregated format, and is not personally identifiable.
- Log data. As with most technology services and websites delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about your devices and, language preferences and cookie data. This information is treated as personally identifiable information.
- Location information. We receive information from you, and other third-parties that helps us approximate your location. Unless you provide consent specifically for a location-based service, this type of information is only collected in anonymized or aggregated format, and is not personally identifiable. We may, for example, use an IP address received from your browser or device to determine your approximate location. Qardio may also collect location information from devices in accordance with the consent process provided by your device.
- Cookie Information. Qardio uses cookies and similar technologies in our Websites, mobile apps and Services that help us collect other information. This type of information is only collected in anonymized or aggregated format, and is not personally identifiable. The Websites, mobile apps and Services may also include cookies and similar tracking technologies of third parties, which may collect other Information about you via the Websites and Services and across other websites and online services.
- Third Party Services for basic services. At times Qardio may make certain personal information available to strategic partners that work with Qardio to provide products and services, or that help Qardio market to customers. These companies are obligated to protect your information and may be located wherever Qardio operates. For example, when you purchase your QardioArm, you authorize Qardio to exchange the information you provide during the purchase process to carry out the product shipping service. When your product is shipped, your data will be governed by Qardio and the shipping courier’s respective privacy policies. Personal information will only be shared by Qardio to provide or improve our products, services and promotional messages; it will not be shared with third parties for their marketing purposes.
- Third Party Services for data sharing. User can choose to permit or restrict Third Party Services for their data. Typically, Third Party Services are software that integrate with Qardio Services, and Users can permit its Users to enable and disable these integrations for their data on the Qardio platform. Once enabled, the provider of a Third Party Service may share certain information with Qardio. Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to Qardio. When a Third Party Service is enabled, Qardio is authorized to connect and access other information made available to Qardio in accordance with our agreement with the Third Party Provider. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services, or share passwords with them.
- Third Party Data. Qardio may receive data about organizations, website visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
- Additional Information Provided to Qardio. We receive other information when submitted to our Websites or mobile apps if you participate in a contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Qardio.
Here are some examples of situations in which you transmit data to us:
- When you visit and use our websites and services. We collect certain data when you use our website or when you take part in our events or reply to our questionnaires. Certain information is collected even if you do not have a Qardio account. This may happen when you view pages, take part in surveys, competitions or events, write a comment on our website, share a page on a social network, order a product, etc.
- When you order a product on our website, we have to retain certain data relating to your order, such as your delivery and billing address, even if you choose the option allowing you to order without creating an account.
- When you create or use a Qardio account. Creating a Qardio account allows you to use Qardio’s services and applications. You will therefore need to provide us with certain data to identify yourself. Your Qardio account is the core component of our services. It allows you to access and control your Personal Data. Data are collected and used during account and/or user profile creation, when logging on to your account, ordering a product from your account, adding a photograph, etc., or biometric data measured by Qardio devices.
- When you use our applications. Using our applications requires an account. Through applications, you can use Qardio products and services, interact with them and access all features/offered by Qardio. To that end, certain data are communicated to us when you download, install and use features of the application. This is the case when you share information, take measurements, respond to questionnaires or complete a field in the application, etc. It is also through the application that your data is communicated to us when you install and synchronize your Qardio product. Through the application you may activate certain optional features such as geolocation through your smartphone.
- When you activate and use a Qardio product. Qardio’s products, services, and applications collect data, enabling monitoring by their accumulation. When you activate a Qardio product, you will be asked to download the Qardio application and create an account. Certain features are only accessible by connecting your product and the application.
Cookies and other technologies
To help analyze how you and other visitors navigate the Qardio websites, compile aggregate statistics about site usage and response rates, help diagnose any problems with Qardio’s servers and administer the Qardio Store website, we, with assistance from third-party analytics service providers, collect certain information when you visit our site. This information includes IP address, geographic location of the device, browser type, browser language, date and time of your request, time(s) of your visit(s), page views and page elements (e.g., links) that you click. We may use cookies, pixel tags, web beacons, clear GIFs or other similar tools on our site or in our email messages to assist us in collecting and analyzing such information. We use this information to provide better, more relevant content on our site, to identify and fix problems, and to improve your overall experience on our site.
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.
If you reside in the European Union or other jurisdiction that requires us to obtain your consent to use cookies on our sites, then you will have an opportunity to manage your cookie preferences on the sites; except that certain cookies are required to enable core site functionality, and you cannot choose to disable those cookies (for example, to keep track of the language preferences you select).
In some of our email messages, we use a “click-through URL” linked to content on the Qardio websites. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Health and Wellness Data Sharing with Partners
You can choose to exchange your Qardio health and wellness data with third party partners. This data exchange might be done via our API system, or via Apple HealthKit API:
- We only exchange your health and wellness data with your express consent.
- We never share your data with advertising platforms, data brokers or information resellers.
- Your data, whether originating from use of Qardio products and services or from third party partners or from Apple HealthKit, is not used for marketing and advertising purposes.
- All our third-party partners are subject to requirements preventing them from using and/or sharing your data for marketing and advertising purposes.
- If you choose to share your Qardio data with a third party service, the information you provide to the third party services is governed by the third party’s Terms and Conditions and Privacy Policy. If you choose to share your Qardio data with Apple HealthKit, the information you provide to HealthKit is governed by the Apple Terms and Conditions and Privacy Policy.
Email and Other Communications
From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Qardio, you may not opt out of receiving these communications.
We might want to contact you with information about product announcements, software updates and special offers, and we may want to contact you with information about products and services from our business partners. This type of communication requires your consent, and you may opt out of such communications at any time by clicking the “unsubscribe” link found within Qardio email updates, reaching out to our Customer Support team, or by changing the settings in the Qardio mobile apps.
Data retention
Qardio will retain User Data in accordance with a User’s instructions, including any applicable terms in any service Terms and Conditions, Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. The deletion of User Data and other use of the Services by the User may result in the deletion and/or de-identification of certain associated other information. Qardio may retain other information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your other information after you have deactivated your account for the period of time needed for Qardio to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Sharing Your Information
This section describes how Qardio may share and disclose Information. You determine your own practices for the sharing and disclosure of Information, and Qardio does not control how you or any other third parties choose to share or disclose Information.
- Customer’s Instructions. Qardio will solely share and disclose user Personal Data in accordance with your instructions, including any applicable terms in the Terms and Conditions and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process other information and support our business. These third parties may, for example, provide virtual computing and storage services.
- Third Party Services. You may elect to share their data with Third Party Services. When enabled, Qardio may share other information with Third Party Services. Third Party Services are not owned or controlled by Qardio and third parties that have been granted access to other information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions, and see the paragraph” Health and Wellness Data Sharing with Partners” above for more details.
- Corporate Affiliates. Qardio may share other information with its corporate affiliates, parents and/or subsidiaries, please refer to the paragraph “International Data Transfers” below for more details.
- During a Change to Qardio’s Business. If Qardio engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Qardio’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all other information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data. We may disclose or use aggregated or de-identified other information for any purpose. For example, we may share aggregated or de-identified other information with prospects or partners for business or research purposes, such as telling a prospective Qardio customer the average number of blood pressure measurements taken by Qardio users in a week.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Qardio or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. Qardio may share other information with third parties, when we have consent to do so.
Data security
Qardio takes the security of your personal information very seriously. We protect your personal information during transit using encryption such as Transport Layer Security (TLS) or secure socket layer (“SSL”) technology. When your Personal Data is stored by Qardio, we protect our computer systems using a combination of administrative, physical and logical security safeguards. Your personally identifiable data is always stored in encrypted form including. Qardio is committed to protecting the security of your information and takes reasonable precautions to protect it. However, Given the nature of communications and information processing technology, Qardio cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others. If a security breach causes an unauthorized intrusion into our system that materially affects you, then Qardio will notify you as soon as possible and later report the action we took in response.
Qardio makes it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
International Data Transfers
Generally, if you are based in the United States or Canada, or any other location outside of the European Union, any information you provide, including any personal information, will be transferred to and processed by a computer server located within the United States, and if you are based in the European Economic Area or Switzerland, any information you provide, including any personal information, will be transferred to and processed by a computer server located within the European Union.
Qardio is a multi-national business. To offer our products, apps and services, we may need to transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Qardio transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
- Regardless of where your information is processed, we apply the same protections described in this policy, and all Qardio companies are required to follow the privacy practices set forth in this Privacy Policy.
- Any transfers of Personal Data from the European Economic Area (“EEA”) or Switzerland to the United States are done pursuant to EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). To comply with European Union and Swiss data protection laws, Qardio, Inc. (“Qardio US”) self-certified under the E.U.-U.S. DPF and the Swiss-U.S. DPF. These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Data from the European Union and Switzerland to the United States.
- In the context of an onward transfer of data, Qardio retains responsibility for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf, and shall remain liable if its agent processes such personal information in a manner inconsistent with the EU-US and Swiss-US DPF Principles, unless we prove that we were not responsible for the event giving rise to the damage.
In compliance with the EU-US and Swiss-US DPF Principles, Qardio commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Qardio at:
Qardio, Inc.
Attn: Corporate Counsel
℅ Industrious
440 N Barranca Ave #7120
Covina, CA 91723
United States
legal@qardio.com
Qardio has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US DPF Principles to an independent dispute resolution mechanism, the BBB Data Privacy Framework, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.
Qardio complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Qardio has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Qardio has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Qardio is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Contests and Sweepstakes
We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively, “Our Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer Our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our affiliates and other organizations or service providers in line with this policy and the rules posted for the Promotion.
Age limitations
To the extent prohibited by applicable law, Qardio does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please contact us and we will take steps to delete such information.
Your rights to export, update, and delete your data
If you reside in the European Economic Area, you have the right under the General Data Protection Regulation to request from Qardio access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data, and the right to lodge a complaint with a supervisory authority.
To request access to or rectification, portability or erasure of your Personal Data, or to delete your Qardio account, use our mobile apps or contact our customer support team.
To the extent that Qardio’s processing of your personally identifiable data is subject to the General Data Protection Regulation, Qardio relies on its legitimate interests, described above, to process your data. With your consent, Qardio may also process other information that constitutes your Personal Data for direct marketing purposes and you have a right to object to Qardio’s use of your Personal Data for this purpose at any time.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@qardio.com. If requested to remove data, we will respond within a reasonable timeframe.
Data Controller and Contacting Qardio
Please feel free to contact Qardio if you have any questions about this Privacy Policy or Qardio’s practices, or if you are seeking to exercise any of your statutory rights.
If you reside in the United States, Canada or anywhere else outside of the European Economic Area and Switzerland, then the Personal Data collected by Qardio is controlled by Qardio, Inc., ℅ Industrious 440 N Barranca Ave #7120 Covina, CA 91723, United States, and you can reach us by email at privacy@qardio.com.
If you reside in the United Kingdom, then your Personal Data collected by Qardio is controlled by Qardio Europe Limited, 85 Great Portland Street, First Floor, London W1W 7LT, United Kingdom, and you can reach us by email at euprivacy@qardio.com.
If you reside in a country in the European Economic Area or in Switzerland (other than the United Kingdom), then your Personal Data collected by Qardio is controlled by Qardio Netherlands B.V., Van Hogendorpstraat 93, Amsterdam 1051 BK, The Netherlands, and you can reach us by email at euprivacy@qardio.com
EU Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict Qardio’s use of other information that constitutes your personal identifiable data and (ii) lodge a complaint with your local data protection authority or the Dutch Data Protection Commissioner, which is Qardio’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
Dutch Data Protection Commissioner:
Autoriteit Persoonsgegevens
Postbus 93374 2509
AJ DEN HAAG, The Netherlands
Phone: (+31) 708 88 85 00
Fax: (+31) 708 88 85 01
California Privacy Statement
Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us at privacy@qardio.com
Modifications
We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy which were in effect on each respective date you visited the Website.