Privacy Notice

 

NOTICE OF PRIVACY PRACTICES AND PRIVACY SHIELD NOTICE

THIS NOTICE DESCRIBES HOW PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

About Companion Medical.

This Notice of Privacy Practices and Privacy Shield Notice (“Notice”) is published by Companion Medical, Inc., a Delaware corporation (“We” or “Companion Medical”). Companion Medical produces certain medical products (“InPen”) for use by individuals who have diabetes (“Users”) and other products and services (collectively, “Companion Medical Products and Services”). The InPen includes smart technology which tracks insulin dosage information and transmits it to software or mobile applications (“Software Apps”) on smartphones, tablets, computer, mobile phone or other devices obtained and operated by Users and Designated Recipients (as defined below) (“Mobile Devices”). We provide the data services which provide and permit the access, collection, storage, processing, analysis and/or transmission of data generated by a Device or Software App (“Data Services”).

Users may choose to register their health care providers, family members or other individuals involved in their care or support (“Designated Recipients”) to receive their information using the Data Services and Software Apps. Users and Designated Recipients may then use the Data Services and Software Apps to share and review this information.

Our Services include a website located at www.companionmedicalmedical.com (Our “Website”), including subpages or microsites of the Company which are connected to the Website. Among the Services offered through the Website is User and Designated Recipient accounts to provide access to information services and educational and informational content and to communicate with Users and Designated Recipients (“Accounts”). Our Website Services may also provide information services and educational and informational content for interested individuals who are not Users or Designated Recipients (“Consumers”), including forms or other methods for Consumers to communicate with Companion Medical.

Why Did We Publish this Notice?

We published this Notice to give notice to Users, Designated Recipients and Consumers how We use, disclose and protect Personally Identifiable Information, as defined below.

While the InPen is used to support Users’ health care, Companion Medical is not a “Covered Entity” or “Business Associate” as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH) and the HIPAA Administrative Simplification Rules, 45 CFR Parts 160, 162 and 164. We have nonetheless chosen to publish this Notice and to follow policies and procedures consistent with these laws with respect to Personally Identifiable Information, as defined and described in this Notice. We believe this is the right thing to do to meet Our Users’, Designated Recipients’ and Consumers’ privacy expectations.

Companion Medical Products and Accounts may also be made available outside the United States (“US”). We have therefore designed this Notice and our policies and procedures to meet the requirements of the US – European Union (“EU”) Privacy Shield framework (“Privacy Shield”), for purposes of the transfer of Personally Identifiable Information from the EU to the US.

We believe that the requirements and expectations of HIPAA and the Privacy Shield can and should be harmonized, and the obligations and requirements discussed in this Notice are intended to be consistent with both HIPAA and the Privacy Shield.

What Types of Information Does this Notice Cover?

This information covered by this Notice includes the following types of Personally Identifiable Information:

  • InPen Data. InPen Data is data about insulin doses dispensed by an InPen, including amounts, date and time of each injection, as well as information and analyses derived from such data. This data is associated with InPen Metadata.
  • InPen Metadata. When the information from a InPen is transmitted to a Mobile Device using the Data Services, it becomes associated with information about the Mobile Device, the Data Services it utilizes, the Software Apps in which it is received and stored, and the individual who owns the Mobile Device. This is InPen Metadata.
  • Contact Information. Contact Information is information used to contact Users, Designated Recipients and Consumers. It may include name, address, telephone number, email or other contact information, and information regarding User health care providers or health insurance if applicable.
  • Use Information. User Information includes (i) InPen Metadata, (ii) other information We receive from the use of Companion Medical Products and Services, Software Apps and Data Services regarding their use, which may include IP address and other information regarding the Mobile Device or computer used, the internet service used, the browser used, and (iii) activities engaged in while using Companion Medical Products and Services, Software Apps, Data Services, an Account or the Website, such as how often Software Apps are opened, settings and pages viewed; and (iii) Information Companion Medical may receive from advertisers and other third parties when a User, Designated Recipient or Consumer clicks on advertisements or links to third party websites while using Companion Medical Products and Services, Software Apps, Data Services, an Account or the Website, including the pages visited, activity on those pages, and purchases or other transactions with those third parties.
  • Feedback Information. Feedback Information means information a User, Designated Recipient or Consumer submits to Companion Medical in connection with the use of Companion Medical Products and Services, Software Apps, Data Services, an Account or the Website, or other matters relating to Us or our business, including the metadata relating to that information.
  • Derived Information. Derived Information means information that we create by combining and/or analyzing some or all of the Personally Identifiable Information of a User, Designated Recipient or Consumer, including but not limited to information from which all information which could reasonably identify or be used to identify an individual has been removed (“De-identified Information”).

The above types of information may be applicable to different categories of individuals as follows:

  • User Information may include InPen Data, InPen Metadata, Contact Information, Use Information, Feedback Information, and Derived Information.
  • Designated Recipient Information may include InPen Metadata, Contact Information, Use Information, Feedback Information, and Derived Information.
  • Consumer Information may include Contact Information, Use Information, Feedback Information, and Derived Information.

In this Notice, We will use the term “Personally Identifiable Information” to refer to User Information, Designated Recipient Information, and Consumer Information.

Links to Third Party Sites.

Companion Medical Products and Services may contain links to third-party websites, applications or other items. We assume no responsibility for the information practices of those websites, applications or other items, and the inclusion of a link does not imply our endorsement of the linked site or service. In addition, this Notice does not apply to the privacy, information, or other practices of any third parties, including any third party operating any site or service to which Companion Medical Products or Services link or any third-party provider of an app, social media platform, operating system, wireless service or device. We encourage you to review each third-party’s privacy policy before disclosing any personal information to any third party or using its products or services.

How Does Companion Medical Use Cookies and Other Information Gathering Technologies?

Cookies. User, Designated Recipient and Consumer Information may include information recorded by use of cookies or similar technologies (“cookies”). If You are a resident of the European Union, please see table below for information about our use of cookies and other tracking technologies with respect to your use of Companion Medical Products and Services.

Cookie Name Description Persistent or session cookie?

When do persistent cookies expire?

1St or 3rd party cookie?
_ga Analyze browsing activity across sites to establish user profile Persistent, 2 years 1st party cookie, Google.com, see Google Analytics, How Google Uses Cookies, and Google Analytics Opt-Out Browser Add-on

If you are a resident of the United States or any other jurisdiction outside of the European Union, below is a description of how we use cookies and other similar technologies in connection with Companion Medical Products and Services:

  • Cookies. Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Website or using Companion Medical Products and services, pages visited, language preferences, and other anonymous traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize Your experience while using Companion Medical Products and Services. We also use cookies to gather statistical information about use of the Companion Medical Products and Services in order to continually improve their design and functionality, to understand how they are used, and to assist us with resolving questions regarding them. Cookies further allow Us to select which of our advertisements or offers are most likely to appeal to You and display them while You use Companion Medical Products and Services.
  • If You do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to click here for more information. If, however, You do not accept these cookies, You may experience some inconvenience in your use of Companion Medical Products and Services. For example, We may not be able to recognize Your computer, and You may need to log in every time You visit. Companion Medical Products and Services do not currently have the ability to recognize or honor browser do-not-track signals.

Analytics. We may use third-party analytics, such as Google Analytics, in connection with Companion Medical Products and Services. Such third-party services may use cookies and similar technologies to collect and analyze information about use of the Products and services and to report on activities and trends. Such services may also collect information regarding the use of other websites, apps and online services. For more information regarding Google Analytics, please click here. You can download the Google Analytics optout browser add-on by clicking here.

Pixel Tags and Similar Technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Companion Medical Products and Services to, among other things, track the actions of users (including email recipients), measure the success of our marketing campaigns, and compile statistics about use and response rates.

Adobe Flash technology and Similar Technologies. We may use Flash Local Shared Objects (“Flash LSOs”) and other similar technologies to, among other things, collect and store information about your use of Companion Medical Products and Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.

Interest Based Advertising. We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when You access and use Companion Medical Products and Services and other websites or online services, based on information relating to Your access to and use of Companion Medical Products and Services and other websites and services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit the Network Advertising Initiative opt out site and the Digital Advertising Alliance Self-Regulatory Program.

Do Not Track Disclosure. In accordance with the Do-Not-Track amendments to the California Online Privacy Protection Act, we inform you that we do not currently respond to “do not track” signals or similar messages from your browser.

How Do We Use and Disclose Personally Identifiable Information?

The purposes for which We may use and disclose Personally Identifiable Information depends upon the type of information.

InPen Data. Companion Medical does not use or disclose InPen Data. The use and disclosure of InPen Data is controlled by the InPen User. The InPen User is responsible for controlling physical and technical access to the User’s InPen and Mobile Device, and authorizing Designated Recipients who can receive InPen Information. Users may also use and disclose InPen Data for other purposes if they choose or are required to by law. By implementing the transmission of InPen Data to a Designated Recipient, the User initiates a disclosure of that information to the Designated Recipient, and authorizes Us to implement the Data Services to execute that disclosure. Once a Designated Recipient receives InPen Data, use or further disclosure by the Designated Recipient is not subject to monitoring or control by Companion Medical. Designated Recipients may use or disclose InPen Data as they choose or if required by law, subject to applicable law if they are regulated entities such as health care providers, and to agreement with the User.

User and Designated Recipient Information.  We may use or disclose User and Designated Recipient Information as follows:

  • We may use or disclose InPen Metadata, Contact Information and Use Information to administer Your Account, for purposes of Companion Medical’s management and administration, and to fulfill Companion Medical’s legal responsibilities.
  • We may use or disclose Your InPen Metadata, Contact Information and Use Information to identify and provide You with educational information, services, activities or classes related to Companion Medical Products and Services, diabetes care alternatives and related issues, and to create Derived Information.
  • We may use or disclose Your InPen Metadata and Use Information for purposes of research and analysis, and to assess or improve Companion Medical’s Products and Services and the efficiency and effectiveness of their administration and distribution.
  • We will not disclose Your InPen Metadata, Contact Information or Use Information for third-party marketing purposes without Your consent.
  • We will not knowingly disclose Your Personally Identifiable Information to Your employer, health insurance company or health plan, health care provider or family member, or other third party without Your consent, except as permitted by this Notice.
  • We may use or disclose Your Feedback Information or Derived Information as described below.
  • We will disclose Your Personally Identifiable Information as We are required to do by applicable law, including laws outside your country of residence, and may disclose Personally Identifiable Information when requested by law enforcement authorities or regulatory agencies, court orders or subpoenas, including public and government authorities outside your country of residence, or when we determine that such disclosure is appropriate under the circumstances; in each case in accordance with applicable data protection laws. We may use and disclose Personally Identifiable Information to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others; to protect our operations or those of any of our affiliates; to enforce this Notice; and to allow us to pursue available remedies or limit the damages that we may sustain; in each case in accordance with applicable data protection laws.

Consumer Information.  We may use or disclose Consumer Information as follows:

  • We may use or disclose Your Consumer Information for purposes of Companion Medical’s management and administration, and to fulfill Companion Medical’s legal responsibilities.
  • We may use or disclose Your Consumer Information to identify and provide educational information, services, activities or classes related to Companion Medical Products and Services, diabetes care alternatives and related issues, and to create Derived Information.
  • We may use or disclose Your Consumer Information for purposes of research and analysis, and to assess or improve Companion Medical’s Products and Services, and the efficiency and effectiveness of their administration and distribution.
  • We will not knowingly disclose Your Personally Identifiable Information to Your employer, health insurance company or health plan, health care provider or family member, or other third party, except as permitted by this Notice.
  • We may use or disclose Your Feedback Information or Derived Information as described below.
  • We will disclose Your Personally Identifiable Information as We are required to do by applicable law, including laws outside your country of residence, and may disclose Personally Identifiable Information when requested by law enforcement authorities or regulatory agencies, court orders or subpoenas, including public and government authorities outside your country of residence, or when we determine that such disclosure is appropriate under the circumstances; in each case in accordance with applicable data protection laws. We may use and disclose Personally Identifiable Information to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others; to protect our operations or those of any of our affiliates; to enforce this Notice; and to allow us to pursue available remedies or limit the damages that we may sustain; in each case in accordance with applicable data protection laws.

Feedback Information. You are not required to give us any Feedback Information, but if You choose to do so, You are providing it to us for Our use as We determine, so long as We do not identify You or include any information that could reasonably be used to identify You. Feedback Information may be used by Us and provided by Us to our customers and third parties, in the form You provide as well as in excerpted, aggregated and anonymized forms, without attribution to You as the source. We may also use Feedback Information in Our advertising, marketing and other communications with the public and in our business relationships, as well as in Our internal communications, in each case without attribution to You as the source. In addition, We may identify you as the source of Feedback Information to the extent You consent to that identification.

Derived Information and Solicitations. We may use Derived Information to determine information, including emails and notices regarding opportunities relating to Companion Medical Products and Services (We refer to these emails and notices as “Solicitations”), to be sent to You, the public or to targeted groups, for Our business purposes in accordance with the applicable provisions of this Notice. As permitted by applicable law, We may use Your Personally Identifiable Information to determine which emails and notices We send to You, including Solicitations. As permitted by applicable law, We may share your email address or other Contact Information with third party service providers acting on Our behalf with which We contract for the purpose of providing You with Solicitations We think may be of interest to You.

Services Providers and Transactions. In the ordinary course of our business, We will use providers and vendors to perform services or functions on Our behalf. We will not authorize those third parties to keep, use or disclose your Personally Identifiable Information except for the purposes for which We make such information available to them. We may provide your Personally Identifiable Information to another company in conjunction with a corporate sale, merger, acquisition or dissolution involving Companion Medical.

Cross-Border Transfer. Your Personally Identifiable Information may be stored and processed in any country where We have facilities or in which We engage service providers. By using the Companion Medical Products and Services, You consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of Your country. For personal information of customers that Companion Medical receives from affiliates and companies in the European Union, the European Economic Area, and Switzerland, We are committed to handling such personal information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield, further described below.

European Personal Information. Companion Medical may receive Personally Identifiable Information of residents of the countries of the European Economic Area (“EEA”), which includes the 28 European Union Member States plus Norway, Iceland and Liechtenstein from third parties or directly from those residents, including name, address, email and telephone number, ordering information and information regarding medical or health conditions that is considered sensitive information. We refer to such Personally Identifiable Information as “European Personal Information.”

We recognize that the laws of the European Community restrict companies in the EEA from transferring European Personal Information to the United States unless there is “adequate protection” for such European Personal Information. To provide such adequate protection where We do not have in place other protections for European Personal Information meeting the requirements of applicable data privacy laws, as We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we will adhere to the E.U.-U.S. Privacy Shield Framework (the “Privacy Shield”) published by the U.S. Department of Commerce (www.privacyshield.gov) with respect to European Personal Information that we receive. For example, We may agree in a specific circumstance to a model contract approved by the European Commission (http://ec.europa.eu/ justice/data-protection/international- transfers/transfer/index en.htm), and the terms of that model contract would apply in that circumstance.

For more information please see the Privacy Shield Notice section of this Notice.

Other Use and Disclosures. We may use or disclose Your Personally Identifiable Information for purposes other than those permitted in this Notice but only if You consent to such use.

How Long Will Companion Medical Retain Personally Identifiable Information?

We will retain your Personally Identifiable Information for the period necessary to fulfill the purposes for which We obtained it, and will destroy all such information within a reasonable period of time after that purpose has ended unless it is not feasible to do so. It may not be feasible to destroy Personally Identifiable Information at that time if a different retention period is required by law, for potential use in regulatory or other legal proceedings, or for purposes of prudent risk management. If Personally Identifiable Information is retained because its destruction is not feasible, it will be destroyed within a reasonable period of time after the condition which caused it to be retained has ended.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

May I Request Additional Restrictions on Companion Medical’s Use and Disclosure of Personally Identifiable Information?

Whether You may request restrictions on Our use and disclose of Personally Identifiable Information in addition to those stated in this Notice (“Additional Restrictions”) depends upon the type of information.

InPen Data. Companion Medical does not control the use or disclosure of InPen Data. InPen Users may choose not to share information with others at their discretion.

Users and Designated Recipients. You may request Additional Restrictions on Our use and disclosure of Your User or Designated Recipient Information. We are not required to accept such requests but may do so at Our discretion. For information and to request Additional Restrictions please contact Our Privacy Officer.

Consumer Information. Due to limitations on the information We may receive which is Consumer Information We are not necessarily able to identify the individual whose activity has been recorded. We therefore cannot accept requests for Additional Restrictions on Consumer Information.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

May I Request Confidential Communications from Companion Medical?

Whether You may request that Companion Medical communicate with You by an alternative means (for example, by first class mail instead of email) or at an alternative location (for example, at an email address different from the one You provided at registration) (“Confidential Communications”) depends upon the type of information.

InPen Data. Companion Medical does not communicate through the InPen, Software Apps or Data Services, so You may not request confidential communications from Companion Medical with respect to InPen Data.

Users and Designated Recipients. You may request Confidential Communications with respect to Your User or Designated Recipient Information. We are not required to accept such requests but may do so at Our discretion. You may also change Your preferred address and/or email address following Our standard procedures. For information and to request Confidential Communications please contact Our Privacy Officer.

Consumer Information. Due to limitations on the information We may receive which is Consumer Information We are not necessarily able to identify the individual whose Consumer Information has been recorded. We therefore cannot accept requests for Confidential Communications with respect to Consumer Activity Information.

May I Request Access to or a Copy of Companion Medical’s Records of My Personally Identifiable Information?

Whether You may request access to or a copy of Our records of Your Personally Identifiable Information depends upon the type of information.

InPen Data. Companion Medical does not receive or maintain records of InPen Data. InPen Data is stored on the InPen, Software Apps and Mobile Devices. Users may access and copy InPen Data at their discretion.

User and Designated Recipient Information. A User or Designated Recipient may view or copy his or her Contact Information through his or her Account following Our standard procedures. A User or Designated Recipient may also request a copy of his or her other Personally Identifiable Information. We are not required to accept such requests but may do so at Our discretion. For information and to request access to or a copy of User Information please contact Our Privacy Officer.

Consumer Information. Due to limitations on the information We may receive which is Consumer Information We are not necessarily able to identify the individual whose activity has been recorded. We therefore cannot accept requests for access to or copies of Consumer Information.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

May I Request the Amendment of Companion Medical’s Records of My Personally Identifiable Information?

Whether You may request amendment of Our records of Your Personally Identifiable Information depends upon the type of information.

InPen Data. Companion Medical does not receive or maintain records of InPen Data. InPen Data is stored on the InPen, Software Apps and Mobile Devices. Users may amend InPen Data at their discretion, subject to the technical limitations of the InPen, Software Apps and Mobile Device.

User and Designated Recipient Information. A User may amend Your Contact information through Your account following Our standard procedures. A Designated Recipient must request that the User amend the Designated Recipient’s Contact Information. A User or Designated Recipient may also request amendment of other his or her other Personally Identifiable Information. We are not required to accept such requests but may do so at Our discretion. For information and to request amendment of User Information please contact Our Privacy Officer.

Consumer Information. Due to limitations on the information We may receive which is Consumer Information We are not necessarily able to identify the individual whose activity has been recorded. We therefore cannot accept requests for access to or copies of Consumer Information.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

May I Request an Accounting of Disclosures of Companion Medical’s Records of My Personally Identifiable Information?

Whether You may request a record of the disclosures We have made of Your Personally Identifiable Information (“Accounting of Disclosures”) depends upon the type of information.

InPen Data. Companion Medical does not disclose InPen Data. InPen Data is stored on the InPen, Software Apps and Mobile Device. InPen Users control the disclosure of their InPen Data from their InPen and their Mobile Device at their discretion, and may track and record their disclosures of such information if they wish. Designated Recipients control the disclosure of InPen Data from their Mobile Device, and may track and record their disclosures of such information if they wish, or by agreement with the User.

User and Designated Recipient Information. A User or Designated Recipient may request an Accounting of Disclosures of his or her Personally Identifiable Information. We are not required to accept such requests but may do so at Our discretion. For information and to request an Accounting of Disclosures please contact Our Privacy Officer.

Consumer Information. Due to limitations on the information We may receive which is Consumer Information We are not necessarily able to identify the individual whose activity has been recorded. We therefore cannot accept requests for an Accounting of Disclosures of Consumer Information.

What Are Companion Medical’s Obligations to Maintain the Privacy of Personally Identifiable Information?

We are required to comply with the terms of this Notice, as well as U.S. Federal Trade Commission (“FTC”) and Privacy Shield requirements as implemented through this Notice. We have provided this Notice as Our notice of these obligations to protect the privacy of Personally Identifiable Information. We are required to comply with this Notice as long as it is in effect.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

What Are Companion Medical’s Obligations to Maintain the Security of Personally Identifiable Information?

Companion Medical uses commercially reasonable standards of technology and operational security to protect Personally Identifiable Information within our organization. Personal Information transmitted through Companion Medical Products and Services is transmitted in encrypted form. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.

Phishing.

We do not and will not, at any time, request Contact Information in a non-secure or unsolicited email or telephone communication. Identity theft and the practice currently known as “phishing” are of great concern to Us. Safeguarding information to help protect you from identity theft is a priority for Us. For more information about phishing, visit the Federal Trade Commission website.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

What Are a User’s Responsibilities?

As a User, You are responsible for:

  • Providing complete and accurate Contact Information, and keeping it current.
  • Maintaining Your InPen, Software Apps and Mobile Device in good working condition.
  • Keeping Your InPen and Mobile Device physically secure from access by any individual You do not wish to have potential access to Your InPen Data.
  • Keeping Your InPen and Mobile Device technically secure by maintaining a robust password or other authentication token, which You do not share with anyone else.
  • Notifying Us immediately if Your password or other authentication token has been obtained by someone else or Your InPen or Mobile Device has been stolen or lost.
  • Notifying Us of any individual You wish to be one of Your Designated Recipients, and providing Us with accurate and complete contact information for him or her.
  • Notifying Us when You wish to terminate a Designated Recipient’s status.
  • Maintaining the administrative, physical and technical security of any Mobile Device or computer You use to access Your Account.

What Are a Designated Recipient’s Responsibilities?

As a User, You are responsible for:

  • Providing complete and accurate Contact Information, and keeping it current.
  • Maintaining Your Software Apps and Mobile Device in good working condition.
  • Keeping Your Mobile Device physically secure from access by any individual Your User does not wish to have potential access to Your User’s InPen Data.
  • Keeping Your Mobile Device technically secure by maintaining a robust password or other authentication token, which You do not share with anyone else.
  • Notifying Us immediately if Your password or other authentication token has been obtained by someone else or Your Mobile Device has been stolen or lost.
  • Disclosing or sharing InPen Data only as authorized by Your User.
  • Maintaining the administrative, physical and technical security of any Mobile Device or computer You use to access Your Account.

Privacy Shield Notice

Companion Medical complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Companion Medical has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Notice of Participation. We participate in the Privacy Shield. The Privacy Shield List is available at the website maintained by the U.S. Department of Commerce: https://www.privacyshield.gov/list. We will also disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also collect and process human resources European Personal Information in reliance on the Privacy Shield.

Choice. In accordance with the requirements of the Privacy Shield, We will offer to persons whose European Personal Information is in our possession the opportunity to choose (opt out) whether the person’s European Personal Information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the person. For sensitive information, We will obtain affirmative express consent (opt in) from persons if their European Personal Information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We will treat as sensitive any European Personal Information We receive from a third party where the third party identifies and treats it as sensitive.

Accountability for Onward Transfer. To transfer personal information to a third party acting as a controller, We will comply with the Notice and Choice Principles. We will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide at least the same level of protection as the Privacy Shield and will notify us if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.

To transfer European Personal Information to a third party acting as an agent, We will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with Our obligations under the Privacy Shield; (iv) require the agent to notify Us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.

With regard to the Principle of Accountability for Onward Transfer, We remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless We prove that we are not responsible for the event giving rise to the damage.

Security. We will take reasonable and appropriate measures to protect European Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and nature of the European Personal Information.

Data Integrity and Purpose Limitation. Consistent with the Privacy Shield, European Personal Information will be limited to the information that is relevant for the purposes of processing. We will not process European Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person. To the extent necessary for those purposes, We will take reasonable steps to ensure that European Personal Information is reliable for its intended use, accurate, complete, and current. We will adhere to the Privacy Shield Principles for as long as we retain European Personal information. European Personal Information will be retained in a form identifying or making identifiable the person only for as long as it serves a purpose of processing or other purpose permitted by the Privacy Shield. We will take reasonable and appropriate measures in complying with this provision.

Access. A person whose European Personal Information is in Our possession will have the right to access, to correct, amend or delete that European Personal Information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except where the Privacy Shield permits otherwise.

Recourse, Enforcement and Liability. We will maintain robust mechanisms for assuring compliance with the Privacy Shield in accordance with the requirement of the Privacy Shield. In compliance with the EU-US Privacy Shield Principles, Companion Medical commits to resolve complaints about your privacy and our collection or use of your European Personal Information. European Union individuals with inquiries or complaints regarding this Notice should first contact Companion Medical’s Privacy Officer at the contact information listed below.

Companion Medical has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

We are obligated to arbitrate claims and follow the terms set forth in Annex I to the Privacy Shield located at: https: //www.privacyshield.gov/article?id=ANNEX- 1-introduction.

U.S.-Swiss Safe Harbor

Companion Medical complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Companion Medical has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this Notice and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/swiss.

In compliance with the US-Swiss Safe Harbor Principles, Companion Medical commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this Notice should first contact Companion Medical through our Privacy Officer at the contact information below. Companion Medical has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Human Resources Data. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Companion Medical, and your inquiry or complaint involves human resource European Privacy Information, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel (“DPA Panel’) established by the EU data protection authorities (“DPAs”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Companion Medical agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.

Can Companion Medical Change the Terms of this Notice?

We do reserve the right to change and update this Notice or publish a new notice as appropriate to address legal matters, User preferences, changes in technology, changes to Companion Medical Products and Services or the Website, or other matters affecting Our privacy practices. If We do change this Notice We will post a notice of the amendment on the home page of the Website, with a link to the amended Notice. Any change in provisions may be applied to Personally Identifiable Information We obtained before the effective date of the change.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

Is There a Governmental Agency I Can File a Complaint with If I Believe Companion Medical May Have Violated My Privacy Rights?

Residents of the United States may file a complaint with the FTC, and may also be able to file a complaint with the Attorney General of the State of California, where Companion Medical is located. You may also be able to file a complaint with the Attorney General of the state in which You reside.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

Who Should I Contact to Get More Information About Companion Medical’s Privacy Practices or Submit a Complaint?

If You would like more information about Our privacy practices or would like to submit a complaint about them please contact Our Privacy Officer. Our Privacy Officer may be contacted using Our contact information provided below.

How Are Disputes About Issues Under This Notice Resolved?

Any legal dispute about issues covered by this Notice will be resolved by binding arbitration by the Better Business Bureau.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

When Does This Notice Apply?

This Notice is effective as of September 1, 2017, and replaces any prior privacy notices or policies We may have published. It will remain in effect until it is replaced by a new or updated Notice published by Companion Medical. We do reserve the right to update this Notice or publish a new notice as appropriate to address legal matters, User preferences, changes in technology, and changes to Our services.

Changes

We may change this Notice by posting a new version of the Notice. When we update this Notice, we will update the legend at the top of this page to indicate the date that this Notice was last updated. To the maximum extent permitted by applicable law, any changes will become effective when we post the updated Notice on our Website, and your use of Companion Medical Products and Services following these changes means that you accept the updated Notice. If You do not agree with any change, You may terminate your Account (if applicable) and may choose not to submit any further Personally Identifiable Information. Where applicable law requires Your consent to a specific change in this Notice that You have previously consented to, such change will not be applicable to You until You provide Your consent.

European Personal Information. Additional conditions may apply to European Personal Information. Please see the Privacy Shield Notice section of this Notice for more information.

Contact Our Privacy Officer

If you have any questions about this Notice or wish to “opt-out” of Solicitations, please write to us (and include your email address) at the following address:

Companion Medical, Inc. ATTN.: Privacy Concerns
16486 Bernardo Center Drive, Suite 300
San Diego, CA 92128, USA