Terms & Privacy

COMPANION MEDICAL, INC. PRIVACY POLICY


THIS COMPANION PRIVACY POLICY IS EFFECTIVE AS OF MARCH 31, 2017.

This Privacy Policy of Companion, Inc. (“Companion”) applies to the Companion website located at https://www.companionmedical.com/ and the webpages and other web addresses accessible from such site, including without limitation, Companion products (“Companion Products”) and our data services available through the internet made available to users of Companion Products or Software Apps that provide and permit the access, collection, storage, processing, analysis and/or transmission of data generated by a Companion Product or Software App (“Data Services”);  as well as any email or other messages that we send to you that link or refer to this Privacy Policy (collectively, including the Website, the Software Apps, the Companion Products, the Data Services, and the messages we send to you, the “Companion Products and Services”).

We refer to each user of our Products and Services, and any parent or guardian acting on behalf of such user, as “you” or as a “User.”  We also refer to any company on whose behalf a User is using Companion Products or Services as “you” or a “User.”  The Companion Product used by the User for whom the prescription was issued, or outside the United States who is legally authorized to use the Companion Product, is referred to as the “User Device.”

The personal data we receive about you (which we refer to collectively as your “Personal Information”) includes Contact Information, Feedback Information, Data Services Information, Use Information and Derived Information:

  • “Contact Information” This information may include your name, address, telephone number, email and other contact information, information regarding payment including your health insurance provider, if any, as well as information regarding your use of Companion Products and Services.
  • “Feedback Information”is information you submit to us in connection with your use of Companion Products and Services, whether through our Website, through our Data Services, or otherwise, regarding Companion Products and Services, or other matters relating to us and our business, including the metadata relating to that information.
  • “Data Services Information”is information we receive and transmit through our Products and Services.
  • “Use Information”includes:
  • Information we receive from the computer, mobile phone or other device you use in connection with Companion Products and Services, and information we receive from those Products and Services regarding your use, which may include your IP address and other information regarding your computer, your internet service, the browser you use, and your activities while using Companion Products and Services, such as how often you open Software Apps, your settings and other activity regarding your use of the components of Companion Products and Services;
  • Information we receive from you in connection with our request for comments or feedback on third parties;
  • Information we may receive from advertisers and other third parties when you click on advertisements or links to third party websites while using Companion Products and Services, including the pages you visit, your activity on those pages and your purchases or other transactions with those third parties.
  • “Derived Information”is information that we create by combining and/or analyzing some or all of your Personal Information.

If any of the Personal Information described above does not reveal your specific identity or relate directly to an individual, we may use such “Other Information” for any purpose, except where we are required to do otherwise under applicable law.  If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information.

Your Rights and Responsibilities

  • You may update your Contact Information at any time by logging into your account on our Website, and you agree to keep your Contact Information current at all times while your account is active.
  • Through your User Account, you can review, update and delete certain Personal Information, and by terminating your User Account you can terminate your use of certain Companion Services.  Through the features of certain Data Services, you may be able to review, update and delete certain sharing or use of Personal Information, and you can terminate your use of certain Data Services through the Data Service.  You can also terminate your use of a Software App or a Data Service that requires a Software App by removing the Software App from your computer, phone or other device on which it is installed.  You may also review, correct, update, suppress, or delete your Personal Information or withdraw your consent previously provided to us.  For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.  We will try to comply with your request as soon as reasonably practicable.  Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
  • If you submit any Personal Information relating to other people to us or to our service providers, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

What We Do With the Information We Receive

  • Contact Information:We use Contact Information to manage your account and Companion Products and Services applicable to you, and as otherwise described below. We also use your email address to contact you regarding your account. We do not make any Contact Information public. We will use your User Account and Contact Information to link your use of Companion Services and Software Apps with your use of Companion Products, and it may be accessible by our personnel providing Companion Services.
  • Feedback Information:You are not required to give us any Feedback Information, but if you choose to do so, you are providing it to us for our use as we determine, so long as we do not identify you or include any information that could be used to identify you. Feedback Information may be used by us and provided by us to our customers and third parties, in the form you provide as well as in excerpted, aggregated and anonymized forms, with or without attribution to you as the source. We may also use Feedback Information in our advertising, marketing and other communications with the public and in our business relationships, as well as in our internal communications, in each case without attribution to you as the source.  In addition, we may identify you as the source of Feedback Information to the extent you consent to that identification.
  • Data Services Information:We collect Data Services Information and store it on our servers, process it using Data Services, and transmit it to the User and each Designated Recipient and Designated Third Party Service, where applicable for Companion Products and Services that are requested by you. We may use Data Services Information in connection with our provision of Data Services and for our operations, administration and product development, maintenance and support in line with applicable data protection laws.
  • Use Information:We collect Use Information and store it on our servers, process it using our systems, and analyze it for our business purposes. We do not disclose to third parties any Use Information that can identify you (except as permitted in this Privacy Policy).
  • Derived Information:We may use Derived Information to determine information, including Solicitations (defined in the next section), to be sent to you, the public or to targeted groups, and for our business purposes in accordance with the applicable provisions of this Privacy Policy.
  • Personal Information and Solicitations:As permitted by applicable law, we may use Personal Information of you and your Designated Recipients, if applicable, to determine which emails and notices we send to you and your Designated Recipients, if applicable, including emails and notices regarding opportunities relating to our Products and Services (we refer to these emails as “Solicitations”).  As permitted by applicable law, we may share your email address or other Contact Information with third party service providers acting on our behalf with which we contract for the purpose of providing you with Solicitations we think may be of interest to you
  • Personal Information and Your Companion Experience:We may use Personal Information belonging to you and your Designated Recipients, if applicable, to tailor to you and your Designated Recipients, if applicable, the experience when using Companion Products or Services and the content viewed when using Companion Products or Services. We may use Personal Information in accordance with applicable data privacy laws to manage our Products and Services, including the Website, to improve our business and provide new website and product and service features, and to otherwise manage our business.
  • Other Third Parties:In the ordinary course of our business, we will use providers to perform services or functions on our behalf. We will not authorize those third parties to keep, use or disclose your Personal Information except for providing the services we have asked them to provide.  We may provide your Personal Information to another company in conjunction with a corporate sale, merger, acquisition or dissolution involving Companion.
  • Law Enforcement and Legal Proceedings: We will use and disclose Personal Information as we are required to do by applicable law, including laws outside your country of residence, and may disclose Personal Information when requested by law enforcement authorities or regulatory agencies, including public and government authorities outside your country of residence, or when we determine that such disclosure is appropriate under the circumstances; in each case in accordance with applicable data protection laws. We may use and disclose Personal Information to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others; to protect our operations or those of any of our affiliates; to enforce this Privacy Policy; and to allow us to pursue available remedies or limit the damages that we may sustain; in each case in accordance with applicable data protection laws.
  • De-Identification:We may “de-identify” your Personal Information by removing information that could identify you, and we may use such de-identified information for any purpose, except where we are required to do otherwise under applicable law.
  • Other Uses:We may use your Personal Information for purposes other than those permitted in this Privacy Policy but only after you consent to such use.

What Happens to Information You Share With Others

  • We have no control over Designated Recipients, and once a Designated Recipient receives your Data Services Information, use by the Designated Recipient is between you and the Designated Recipient. We do not verify the contact information you provide for each Designated Recipient. Once you provide such contact information, until you terminate the designation, we will send Data Services Information to the contact information you have provided, and you are responsible for the accuracy of that information.
  • Your Designated Recipients may share your Personal Information with Companion for purposes relating to their use of Companion Products and Services, and we will use such Personal Information of yours in accordance with this Privacy Policy. If your Designated Recipients have your Personal Information, you hereby authorize them to provide such Personal Information to us as each determines.
  • Once you share any Personal Information with a third party, including Designated Third Party Services, we have no control over that Personal Information and how it is used by any such third party. You should refer to the terms of service, privacy policy and other provisions of the websites for each third party to which you provide any Personal Information yourself, and for any Designated Third Party Service you authorize.

Cookies and Other Technologies

If you are a resident of the United States or any other jurisdiction outside of the European Union, below is a description of how we use cookies and other similar technologies in connection with our Products and Services.

  • Cookies:  Cookies are pieces of information stored directly on the computer that you are using.  Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other anonymous traffic data.  We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Services.  We also use cookies to gather statistical information about use of the Products and Services in order to continually improve their design and functionality, to understand how they are used, and to assist us with resolving questions regarding them.  Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you use the Products and Services.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site.  You may also wish to click here for more information.  If, however, you do not accept these cookies, you may experience some inconvenience in your use of the Products and Services.  For example, we may not be able to recognize your computer, and you may need to log in every time you visit.

Our Products and Services do not currently have the ability to recognize or honor browser do-not-track signals.

  • Analytics:  We may use third-party analytics, such as Google Analytics, in connection with the Products and Services.  Such third-party services may use cookies and similar technologies to collect and analyze information about use of the Products and Services and to report on activities and trends.  Such services may also collect information regarding the use of other websites, apps and online services.  For more information regarding Google Analytics, please click here.  You can download the Google Analytics opt-out browser add-on by clicking here.
  • Using pixel tags and other similar technologies:  Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some of our Products and Services to, among other things, track the actions of users (including email recipients), measure the success of our marketing campaigns, and compile statistics about use and response rates.
  • Using Adobe Flash technology (including Flash Local Shared Objects (“Flash LSOs”)) and other similar technologies:  We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Products and Services.  If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Paneland following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time).  Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.

Interest Based Advertising:  We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Products and Services and other websites or online services, based on information relating to your access to and use of the Products and Services and other websites and services.  To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags).  If you would like more information about this practice and to learn about your choices in connection with it, please visit the Network Advertising Initiative opt out site and the Digital Advertising Alliance Self-Regulatory Program.

HIPAA

  • We may receive certain health information of yours that is “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). When we receive protected health information, such information will be subject to the requirements under HIPAA and the HITECH Act, and the regulations effective under each of those Acts.
  • When you elect to share your protected health information with a Designated Third Party Service, you are electing to provide your data to a third party that may not be subject to the requirements of HIPAA, the HITECH Act and the regulations effective under each of those Acts.  You control the information that is provided, and your authorization continues until you revoke it through the app, Companion Service or other component where you made the election.  What the Designated Third Party Service may do with your protected health information is determined by the terms applicable to the Designated Third Party Service, and we do not control that use.  You understand that your revocation will not affect information previously provided to the Designated Third Party Service, but will terminate further provision of information.  Whether or not you elect to share your protected health information with a Designated Third Party Service will not have any effect on the Companion Products and Services you may have the right to use.

More on Privacy

  • Children’s Online Privacy Protection:Companion does not permit any person under 18 to subscribe directly to Companion Services or Software Apps or to directly purchase Companion Products. A parent or legal guardian may subscribe for a User who is under 18, but no person under 18 is permitted to use Companion Products or Services without the express agreement of a parent or legal guardian to the terms of the Agreement which require, among other things, that the parent or legal guardian is responsible for designating Designated Recipients, connecting the User Device to Companion Services or Software Apps,  interacting in all ways with Companion Services and Software Apps, and ensuring that all communications with us come from the parent or legal guardian and not from the person under 18.
  • Adults With Guardians, Conservators or Other Legal Supervision:Companion does not permit any person to subscribe directly to Companion Services, or Software Apps or to directly purchase Companion Products if that person lacks the legal competence to enter into a contract and be bound to the terms of the Agreement. A legal guardian, conservator or other person with the legal right to do so may subscribe for a User who lacks the legal competence to enter into a contract and be bound to the terms of the Agreement, but no such User is permitted to use Companion Services or Software Apps without the express agreement of a legal guardian, conservator or other person with the legal right to provide such agreement to the terms of the Agreement, which require, among other things, that such legal guardian or other person is responsible for designating Designated Recipients, connecting the User Device to Companion Services and Software Apps, interacting in all ways with Companion Services and Software Apps, and ensuring that all communications with us come from the such legal guardian or other person and not from the User who lacks legal competence.
  • Phishing:We do not and will not, at any time, request Contact Information in a non-secure or unsolicited email or telephone communication. Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a priority for us. For more information about phishing, visit the Federal Trade Commission website.
  • Security:Companion uses commercially reasonable standards of technology and operational security to protect Personal Information within our organization. Personal Information transmitted through Companion Products and Services is transmitted in encrypted form.  Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.
  • Links to Third Party Sites:Companion Products and Services may contain links to third-party websites, applications or other items. We assume no responsibility for the information practices of those websites, applications or other items, and the inclusion of a link does not imply our endorsement of the linked site or service. In addition, this Privacy Policy does not apply to the privacy, information, or other practices of any third parties, including any third party operating any site or service to which our Products or Services link or any third-party provider of an app, social media platform, operating system, wireless service or device. We encourage you to review each third-party’s privacy policy before disclosing any personal information to any third party or using its products or services.
  • Do Not Track Disclosure:In accordance with the Do-Not-Track amendments to the California Online Privacy Protection Act, we inform you that we do not currently respond to “do not track” signals or similar messages from your browser.
  • Retention: We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a different retention period is required or permitted by law.

Cross-Border Transfer

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Companion Products and Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country. For personal information of customers that Companion, Inc. receives from Affiliates and companies in the European Union, the European Economic Area, and Switzerland, Companion, Inc. has committed to handling such personal information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield, further described below.

Privacy Shield

Companion may receive Personal Information of residents of the countries of the European Economic Area (“EEA”), which includes the 28 European Union Member States plus Norway, Iceland and Liechtenstein from third parties or directly from those residents, including name, address, email and telephone number, ordering information and information regarding medical or health conditions that is considered sensitive information.  We refer to such Personal Information as “European Personal Information.”  We recognize that the laws of the European Community restrict companies in the EEA from transferring European Personal Information to the United States unless there is “adequate protection” for such European Personal Information.  To provide such adequate protection where we do not have in place other protections for European Personal Information meeting the requirements of applicable data privacy laws, as we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we will adhere to the E.U.-U.S. Privacy Shield Framework (the “Privacy Shield”) published by the U.S. Department of Commerce (www.privacyshield.gov) with respect to European Personal Information that we receive.  For example, we may agree in a specific circumstance to a model contract approved by the European Commission (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm), and the terms of that model contract would apply in that circumstance.

Privacy Shield Principles

Companion complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  Companion has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Notice

We participate in the Privacy Shield.  The Privacy Shield List is available at the website maintained by the U.S. Department of Commerce:  https://www.privacyshield.gov/list.

We will also disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may also collect and process human resources European Personal Information in reliance on the Privacy Shield.

Choice

In accordance with the requirements of the Privacy Shield, we will offer to persons whose European Personal Information is in our possession the opportunity to choose (opt out) whether the person’s European Personal Information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the person.

For sensitive information, we will obtain affirmative express consent (opt in) from persons if their European Personal Information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice.  We will treat as sensitive any European Personal Information we receive from a third party where the third party identifies and treats it as sensitive.

Accountabilty For Onward Transfer

To transfer personal information to a third party acting as a controller, we will comply with the Notice and Choice Principles.  We will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide at least the same level of protection as the Privacy Shield and will notify us if it makes a determination that it can no longer meet this obligation.  The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.

To transfer personal data to a third party acting as an agent, we will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Privacy Shield; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.

With regard to the Principle of Accountability for Onward Transfer, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Security

We will take reasonable and appropriate measures to protect European Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and nature of the European Personal Information.

Data Integrity and Purpose Limitation

Consistent with the Privacy Shield, European Personal Information will be limited to the information that is relevant for the purposes of processing.  We will not process European Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person.  To the extent necessary for those purposes, we will take reasonable steps to ensure that European Personal Information is reliable for its intended use, accurate, complete, and current.  We will adhere to the Privacy Shield Principles for as long as we retain European Personal information.

European Personal Information will be retained in a form identifying or making identifiable the person only for as long as it serves a purpose of processing or other purpose permitted by the Privacy Shield.  We will take reasonable and appropriate measures in complying with this provision.

Access

A person whose European Personal Information is in our possession will have the right to  access, to correct, amend or delete that European Personal Information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except where the Privacy Shield permits otherwise.

Recourse, Enforcement and Liability

We will maintain robust mechanisms for assuring compliance with the Privacy Shield in accordance with the requirement of the Privacy Shield.

In compliance with the EU-US Privacy Shield Principles, Companion commits to resolve complaints about your privacy and our collection or use of your European Personal Information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact Companion’s Privacy Officer at the contact information listed below.

Companion has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

We are obligated to arbitrate claims and follow the terms set forth in Annex I to the Privacy Shield located at:  https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

U.S.-Swiss Safe Harbor

Companion complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  Companion has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/swiss.

In compliance with the US-Swiss Safe Harbor Principles, Companion commits to resolve complaints about your privacy and our collection or use of your personal information.  Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Companion through our Privacy Officer at the contact information below.  Companion has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Human Resources Data

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Companion, and your inquiry or complaint involves human resource European Privacy Information, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel (“DPA Panel”) established by the EU data protection authorities (“DPAs”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work.  Companion agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the Swiss FDPIC.

Changes

We may change this Privacy Policy by posting a new version of the Privacy Policy. When we update this Privacy Policy, we will update the legend at the top of this page to indicate the date that this Policy was last updated.  To the maximum extent permitted by applicable law, any changes will become effective when we post the updated Policy on our Website, and .your use of our Products and Services following these changes means that you accept the updated Policy.  If you do not agree with any change, you may terminate your account as provided above and may choose not to submit any further Personal Information.  Where applicable law requires your consent to a specific change in this Privacy Policy that you have previously consented to, such change will not be applicable to you until you provide your consent.

Contact Us

If you have any questions about this Privacy Policy or wish to “opt-out” of Solicitations, please write to us (and include your email address) at the following address:

Companion Medical, Inc.
ATTN.: Privacy Concerns
16486 Bernardo Center Drive, Suite 300
San Diego, CA 92128, USA