We refer to each user of our Products and Services, and any parent or guardian acting on behalf of such user, as “you” or as a “User.” We also refer to any company on whose behalf a User is using Companion Products or Services as “you” or a “User.” The Companion Product used by the User for whom the prescription was issued, or outside the United States who is legally authorized to use the Companion Product, is referred to as the “User Device.”
The personal data we receive about you (which we refer to collectively as your “Personal Information”) includes Contact Information, Feedback Information, Data Services Information, Use Information and Derived Information:
If any of the Personal Information described above does not reveal your specific identity or relate directly to an individual, we may use such “Other Information” for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information.
Your Rights and Responsibilities
What We Do With the Information We Receive
What Happens to Information You Share With Others
Cookies and Other Technologies
Our Products and Services do not currently have the ability to recognize or honor browser do-not-track signals.
Interest Based Advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Products and Services and other websites or online services, based on information relating to your access to and use of the Products and Services and other websites and services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit the Network Advertising Initiative opt out site and the Digital Advertising Alliance Self-Regulatory Program.
More on Privacy
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Companion Products and Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country. For personal information of customers that Companion, Inc. receives from Affiliates and companies in the European Union, the European Economic Area, and Switzerland, Companion, Inc. has committed to handling such personal information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield, further described below.
Companion may receive Personal Information of residents of the countries of the European Economic Area (“EEA”), which includes the 28 European Union Member States plus Norway, Iceland and Liechtenstein from third parties or directly from those residents, including name, address, email and telephone number, ordering information and information regarding medical or health conditions that is considered sensitive information. We refer to such Personal Information as “European Personal Information.” We recognize that the laws of the European Community restrict companies in the EEA from transferring European Personal Information to the United States unless there is “adequate protection” for such European Personal Information. To provide such adequate protection where we do not have in place other protections for European Personal Information meeting the requirements of applicable data privacy laws, as we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we will adhere to the E.U.-U.S. Privacy Shield Framework (the “Privacy Shield”) published by the U.S. Department of Commerce (www.privacyshield.gov) with respect to European Personal Information that we receive. For example, we may agree in a specific circumstance to a model contract approved by the European Commission (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm), and the terms of that model contract would apply in that circumstance.
Privacy Shield Principles
We participate in the Privacy Shield. The Privacy Shield List is available at the website maintained by the U.S. Department of Commerce: https://www.privacyshield.gov/list.
We will also disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also collect and process human resources European Personal Information in reliance on the Privacy Shield.
In accordance with the requirements of the Privacy Shield, we will offer to persons whose European Personal Information is in our possession the opportunity to choose (opt out) whether the person’s European Personal Information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the person.
For sensitive information, we will obtain affirmative express consent (opt in) from persons if their European Personal Information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We will treat as sensitive any European Personal Information we receive from a third party where the third party identifies and treats it as sensitive.
Accountabilty For Onward Transfer
To transfer personal information to a third party acting as a controller, we will comply with the Notice and Choice Principles. We will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide at least the same level of protection as the Privacy Shield and will notify us if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, we will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Privacy Shield; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.
With regard to the Principle of Accountability for Onward Transfer, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We will take reasonable and appropriate measures to protect European Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and nature of the European Personal Information.
Data Integrity and Purpose Limitation
Consistent with the Privacy Shield, European Personal Information will be limited to the information that is relevant for the purposes of processing. We will not process European Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person. To the extent necessary for those purposes, we will take reasonable steps to ensure that European Personal Information is reliable for its intended use, accurate, complete, and current. We will adhere to the Privacy Shield Principles for as long as we retain European Personal information.
European Personal Information will be retained in a form identifying or making identifiable the person only for as long as it serves a purpose of processing or other purpose permitted by the Privacy Shield. We will take reasonable and appropriate measures in complying with this provision.
A person whose European Personal Information is in our possession will have the right to access, to correct, amend or delete that European Personal Information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except where the Privacy Shield permits otherwise.
Recourse, Enforcement and Liability
We will maintain robust mechanisms for assuring compliance with the Privacy Shield in accordance with the requirement of the Privacy Shield.
Companion has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
We are obligated to arbitrate claims and follow the terms set forth in Annex I to the Privacy Shield located at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
U.S.-Swiss Safe Harbor
Human Resources Data
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Companion, and your inquiry or complaint involves human resource European Privacy Information, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel (“DPA Panel”) established by the EU data protection authorities (“DPAs”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Companion agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the Swiss FDPIC.
Companion Medical, Inc.
ATTN.: Privacy Concerns
16486 Bernardo Center Drive, Suite 300
San Diego, CA 92128, USA
Features and Details
Understand all thatInPen can do
Watch our overview videoand see how InPen works