Last Revised: 06 March 2019
Introduction
We at LabStyle Innovation Ltd, also doing business as DarioHealth Corp. (“us”, “we” or the “Company”) respect your privacy and are committed to protect the privacy of our users (“user” or “you”).
This Privacy Policy outlines our practices with respect to collecting, using and disclosing your information through the use of our website (“Site”), mobile applications (“App”) and other services made available by us (collectively, the “Services”). Our Services are designed to give our users a complete solution for personal diabetes management.
Privacy Act Notice (AUS): This policy is drafted to comply with the Australian Privacy Principles (“APPs”) established under the Privacy Act 1988 (Cth) (“PA”), and other relevant Australian laws. This includes obtaining your informed consent to the collection, use and disclosure of your Personal Information where this is legally required and taking reasonable steps to secure that information. Under the PA, you have the rights to access and correct your Personal Information as well as to make a complaint to the Office of the Australian Information Commissioner about the handling of your Personal Information. However, if you are unhappy with or have any further questions about the handling of your Personal Information is handled, we encourage you to raise your concerns with us at support@mydario.net.au.
HIPAA Privacy Notice (US): We are committed to protect the privacy of our users’ personal health information. Part of that commitment is complying with the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which requires us to take additional measures to protect Protected Health Information (“PHI”) and to inform our users about those measures. This Privacy Policy describes how we may use and disclose your PHI which is collected by our Site, App and by all of our Services and how our users can get access to this information.
GDPR Privacy Notice (EU): As part of our commitment to protect the confidentiality, data privacy and security of our users, we have drafted this Privacy Policy to comply with the requirements of the EU General Data Protection Regulation (“GDPR”), including providing the contact information of our Data Protection Officer and an explanation of our users’ rights regarding their Personal Information.
This Privacy Policy is a part of our Terms of Use and is incorporated therein by reference.
We encourage you to read this Privacy Policy carefully and use it to make informed decisions. By using our Services, you agree to the terms of this Privacy Policy and your continued use of the Services constitutes your ongoing agreement to this Privacy Policy.
In this Privacy Policy you will read about:
- What types of information we collect and how we collect it
- How we use the information we collect
- With whom we share the information, and for what purpose
- For how long we retain the information we collect
- How we safeguard your information
- How we use the information for marketing purposes
- How to contact us
- How this Privacy Policy may be amended from time to time
What type of information we collect
We collect two types of data and information from our users.
The first type of information is un-identified and non-identifiable information pertaining to a user(s), which may be made available or gathered via the user’s use of the Services (“Non-Personal Information”). We are not aware of the identity of the user from which the Non-Personal Information was collected. Non-Personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time and the domain name of the website from which you linked to the Services; etc.), which we use in order to enhance the functionality of our Services.
You agree that our collection, use and disclosure of any Non-Personal Information of yours is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation and for any purpose, including but not limited to selling that information.
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”). This includes:
- Registration information: In order to use our Services, you will be required to register for the Services. As part of the registration process, we will collect your full name, gender, e-mail address, phone number and birth date.
When you register for our Services with your social network account (e.g. a Facebook account) we will have access to basic information about you from that account, such as your name, email address, photo, as well as any other information which you have made publicly available on such an account or have otherwise agreed to share with us.
- Financial information: In order to make purchases through our Site and carry out transactions, you may be required to share with us relevant payment information, including your PayPal account, Credit card number, etc.
- Health information: As part of the registration process, you will be required to share with us your diabetes type. Additionally, as part of our Services, you may provide us with additional sensitive Personal Information which is related to your health. Such information may include blood tests (i.e. glucose level), medicines (e.g. insulin), nutrition, carbs consumption, weight, as well as exercise activity and motion (e.g. steps, cardio activity). We will collect this information when you manually upload your health information to our Site or App, when you perform a synchronization between our Site or App and the results of our “Glucose Meter” or when you allow us to access the information available through your Apple HealthKit account (see detailed information below, under “Information shared through HealthKit”). We take our responsibility to protect your health information seriously and we will take all reasonable steps to protect it as required under relevant laws as they are applicable, including the Privacy Act and HIPAA.
By providing sensitive Personal Information to us (e.g. health information), you explicitly consent to the collection, use and disclosure of your sensitive Personal Information in accordance with this Privacy Policy.
- Voluntary information: We also collect information which you provide us voluntarily. For example, when you respond to communications from us, contact our support, communicate with us via email or the Services or share additional information about yourself or about others through your use of the Services.
- Device and Usage Information: We may also collect Personal Information from your device (e.g. geolocation data, IP address) and information on your activity on the Services (e.g. pages viewed, online browsing, clicks, actions etc). Within our App, we may use Software Development Kits (“SDKs”) provided by third parties. If you grant us your explicit consent to such use and integration (through the App), we may gather additional Personal Information about your activities, location and behaviour, such as Wi-Fi, Bluetooth, accelerometer, gyroscope, GPS, etc. For additional information about SDKs we advise you to visit the third parties’ website(s) to learn more.
If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
We may anonymize or de-identify the information collected by the Services or via other means so that the information cannot, on its own, personally identify you. Such de-identified information is Non-Personal Information and you agree that our use and disclosure of such de-identified information is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation and for any purpose, including selling this information.
You may refuse to disclose certain information, but please bear in mind this may result in preventing you from using the Site and Services to some extent, and in some cases may result in your inability to use the Site and Services.
Cookies
A cookie is a small data file that is sent to your device when you first visit a website. Cookies usually include an identification number that is unique to the device you are using. Such identifier can help us better understand our users and how they are using the Site and the Services. Cookies also enable recognition of a user when they re-visit the Site, keeping their settings and preferences and ability to offer customized features.
The Services may implement the following types of cookies: (i) cookies implemented by us for the purposes described above (“First Party Cookie”); and (ii) third party cookies which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access or online advertisers on our Services. Ads appearing on our Site and/or through the Services may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by us alone and does not cover the use of cookies by any advertisers.
You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.
We may from time to time contract with third parties for the purpose of analysing user’s data, optimizing the Services and communications, etc. To do this, we may use web beacons, pixels etc. provided by such third parties. The information collected will also allow us to learn how to improve the Services for the benefit of our users.
How we use the information we collect
We use and share Personal Information in the manners described in this Privacy Policy. In addition to the purposes listed above, the Personal Information we collect is used for the following purposes:
- To set up your account and to provide our Services;
- To optimize the Site, our Services and your experience;
- To allow our users to obtain relevant information about their health and provide them tools to manage it;
- To personalize our recommendations for better management of your diabetes, nutrition, medicines, etc. (including through our community learning tools, Apple’s HealthKit, etc.);
- To send you reminders based on your location and activity (including through SDKs);
- To allow users to make purchases through the Services and carry out transactions which they requested;
- To identify and authenticate your access to certain features of the Services;
- To communicate with you in order to keep you informed of our latest updates and features;
- To perform research or to conduct analytics in order to improve and customize our Services to our users’ needs and interests;
- To market our products and services to you;
- To detect and prevent illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;
- To support and troubleshoot our Services, to respond to your queries and communicate with you;
- To comply with our obligations under relevant laws including but not limited to the Privacy Act 1988, the General Data Protection Regulation and the Health Insurance Portability and Accountability Act of 1996;
- To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.
If you are a registered user on our Services and have supplied your email address or phone number, we may occasionally send you an e-mail or contact you via your phone number, including by SMS, telephone call or push notifications in order to provide you the Service (for example, for the purpose of sending you verification code to confirm user login, tracking info on this shipping package, and link to download the App). You hereby consent and authorise us to contact you accordingly.
With whom we share the information we collect
We do not disclose your Personal Information to third parties except as described in this Privacy Policy.
We may transfer or disclose Personal Information to our subsidiaries, affiliated companies, subcontractors, the owners of SDKs, or such other trusted third party service providers or partners, who are located in different jurisdictions across the world, for the purpose of: (a) storing or processing such information on our behalf (e.g. on cloud computing services) or to assist us with our business operations, to authenticate your access and to provide and improve our Services; (b) performing research, technical diagnostics, analytics or statistical purposes; (c) marketing, in accordance with our marketing policy.
In addition, under your specific acknowledgment and consent, we may share your Personal Information (including information related to your health) with third party service providers in the healthcare ecosystem, such as hospitals, physicians, insurance companies and others to allow them to obtain a holistic view of your needs and interests. Please note that under such consent, we may disclose to third party service providers in the healthcare ecosystem all relevant Personal Information which you share with us ongoingly through the Services.
We may also disclose Personal Information, or any information you submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
Information shared through HealthKit
You may instruct us to share information (including Personal Information) with systems such as Apple’s HealthKit and to access and collect information from those systems, for the purpose of improving the Services which we provide to you. Before you allow us to share or collect such information, you should also review the applicable privacy policy of that system (e.g. Apple’s privacy policy can be found here).
We do not use or disclose to third parties any information gained through the use of the HealthKit for advertising or similar services, other than for purposes of improving health or for purposes of health or medical research.
Third party collection of information
Our policy only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties via our Services (e.g. by clicking on a link to any other website or location) or via other sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them.
You agree that we shall have no liability whatsoever with respect to such third-party sites and services and your usage of them.
User’s rights and retention
We respect your privacy rights and strive to comply in all aspects with the Health Insurance Portability and Accountability Act of 1996. For example, you have the right under HIPAA to inspect or get copies of your PHI contained in a designated record set. Generally, a “designated record set” contains medical records we may have about you. Therefore you may contact us at any time and request:
- to access, delete, change or update any Personal Information and PHI relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected or deleted); or
- that we will cease any further use of your Personal Information and PHI (for example, you may ask that we will stop using or sharing your Personal Information with third parties) or that we shall remove your Personal Information (subject to any other legal obligation that may require us to keep the information).
For EU users: Please note that the following rights specifically apply regarding your Personal Information: (1) Receive confirmation as to whether or not personal information concerning you is being processed, and access your stored Personal Information, together with supplementary information; (2) Receive a copy of Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format; (3) Request rectification of your Personal Information that is in our control; (4) Request erasure of your Personal Information; (5) Object to the processing of Personal Information by us; (6) Request to restrict processing of your Personal Information by us; (7) Lodge a complaint with a supervisory authority.
If you wish exercise any of the above mentioned rights or to raise a complaint on how we have handled your Personal Information or PHI, please contact us directly at dpo@mydario.com
If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws, you can complain to the applicable data protection authority. In addition, if you believe your privacy rights have been violated, or if you are dissatisfied with our privacy practices or procedures regarding your PHI, you may file a complaint with the Secretary of the U.S. Department of Health and Human Services.
For Australian Users: Under the Privacy Act 1988, Australian users have rights to access and amend their Personal Information under APPs 12 and 13 as well as to make complaints to the Office of the Australian Information Commissioner concerning any apprehended breaches of the APPs. Consequently, you may also contact us at any time to request such access or amendment or to raise a complaint about the handling of your information in the way outlined above.
Please note that while you may withdraw your consent to some use or disclosure of your Personal Information at any time, this may result in your being prevented you from using the Site and Services to some extent, and in some cases may result in your inability to use the Site and Services altogether.
We will retain your Personal Information for the duration required to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. This may include retaining the Personal Information of past users in case they return to the Services. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
How do we safeguard and transfer your information?
We take great care in implementing and maintaining the security of the Services and your information in accordance with the requirements of all applicable laws (including the requirements under the Security Rule of the Health Insurance Portability and Accountability Act of 1996 and APP 11 of the Privacy Act 1988). We employ industry standard procedures and policies to ensure the safety of our users’ information and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Services, and we make no warranty, express, implied or otherwise, that we will prevent such access.
As an additional safeguard to Your Information, the Company employs a Data Protection Officer (“DPO”). The DPO has the power to insist on company resources for information protection matters and has as a deep knowledge of Information protection regulation and law privacy requirements. The DPO’s responsibility includes, among other things: privacy and security compliance advice, notify authorities of a data breach incident, conducting awareness and training programs, etc.
Since we operate globally, it may be required to transfer your Personal Information to countries outside the European Union. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to your Personal Information. You hereby consent to transfer of your Personal Information to countries outside the European Union.
If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse our Services or acted in an inappropriate manner, please contact us directly at dpo@mydario.net.au
Likewise, for Australian users, it may be necessary to transfer your Personal Information to countries outside Australia. Since we operate globally and may change our arrangements from time to time, we cannot indicate in advance which countries this might include. However, where the overseas recipient of this information is not subject to a law or binding scheme which has the effect of protecting information in a way that is overall substantially similar to the way the APPs protect information, then we will abide by APP 8.1 by taking reasonable steps to ensure that any overseas recipient to whom we disclose your PI does not breach the APPs (except APP 1). You hereby consent to the transfer of your Personal Information to countries outside Australia and agree that we have no further obligation in respect of such disclosures beyond taking those reasonable steps.
Please note that the Services do not constitute medical advice. By using the Services you agree that in collecting, using and disclosing your Personal Information, including your sensitive health information, we assume no obligation to maintain its confidentiality other than to take reasonable steps to secure it, as required by law and outlined in this Policy. You agree that you assume all risks associated with any disclosure of your Personal Information, except to the extent that it is caused by a failure to take such reasonable steps. In some jurisdictions, certain warranties or other implied obligations may not be able to be legally excluded and nothing in this Policy operates to attempt exclude the application of any such obligation applying to you. This disclaimer constitutes an essential term of this agreement.
Affiliates and corporate transaction
We may share your information, including your Personal Information, with any subsidiaries, joint ventures, or other companies under a common control (collectively “Affiliated Companies”). We may share Information, including Personal Information, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Minors
The Services are not designed for the use of any children under 16 years of age. If you have reason to believe that a child under the age of 16 has provided Personal Information to the Company through the use of any of the Services without the consent of their parent or legal guardian, you should immediately contact us and we will endeavour to delete that information from our records.
Additionally, no information should be submitted to or posted to any of the Services by users under 18 years of age without the consent of their parent or legal guardian. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Information and PHI on any of the Services without their permission.
Marketing
We may use your Personal Information, such as your email address and mobile phone number ourselves or by using our third-party subcontractors for the purpose of providing you with promotional material, which we believe may interest you. You hereby consent and authorize us to contact you in accordance with the above.
Out of respect to your right to privacy, at any time, you may request to unsubscribe and discontinue receiving marketing offers by contacting us at support@mydario.net.au, or by using the unsubscribe link provided within any such communication.
If you unsubscribe we will remove your email address and phone number from our marketing distribution list. Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications.
California “Do Not Track” Disclosure
In case you are using our Services in the state of California, United States, we inform you that the Company does not respond to Do Not Track requests or signals at this time in accordance with the California Online Privacy Protection Act (“CalOPPA”) Amendment of 2013.
Updates or amendments to the Privacy Policy
We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on our Site (as reflected in the “Last Revised” heading). We encourage you to review this Privacy Policy regularly for any changes. In case of material changes we will notify you through our Services or by email. For existing users, amendments to this Privacy Policy will take effect at the earlier of: (a) 30 days after you have received notice of the amendments (for example, at your nominated email address or via the App), or (b) your continued use of the Site, App, Services or Device, or (c) on being prompted, your acceptance of the amendments. You will have an opportunity to terminate your subscription if you do not agree to the amendments.
How to contact us
If you have any general questions about the Services or the information that we collect about you and how we use it, please contact us at support@mydario.net.au
Details of Company
142 W. 57th Street, 11th Floor