HekaHeart, Inc. Privacy Policy

Last Updated: May 21, 2024

INTRODUCTION

HekaHeart, Inc., together with its parent, affiliates, and subsidiaries (collectively, “HekaHeart,” “we,” “our,” and “us”), is a remote monitoring medication management company headquartered in New York, NY, which focuses on providing services to heart failure patients.

This Privacy Policy describes the personal information we collect, use, and share in connection with the HekaHeart Platform and our related online services, email, and other electronic communications (together with the HekaHeart Platform, the “Services”), and the rights and choices you may have with respect to your personal information. 

This Privacy Policy does not apply to protected health information. Information collected by HekaHeart healthcare providers will be subject to the Notice of Privacy Practices of your healthcare provider. Any information collected through your HekaHeart-powered device will be subject to the privacy policies in place by the device manufacturer. Device data received by HekaHeart will be subject to the Notice of Privacy Practices of your healthcare provider.  

CATEGORIES OF PERSONAL INFORMATION WE COLLECT 

The personal information we collect about you depends on how and why you interact with the HekaHeart Platform. We may collect the following categories of personal information about you whether you are a healthcare provider or patient:

  • Survey responses, such as the information you provide in response to our surveys and questionnaires.

  • Online activity information, such as the website you visited before browsing to the HekaHeart Platform, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

  • Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.

  • Communications, such as the information associated with your requests or inquiries, including for support or assistance, and any feedback you provide when you communicate with us. If you contact our customer support center, we and our service providers may record your call for training and quality assurance purposes.

We collect the following additional categories of personal information about patients:

  • Contact information, such as first and last name, patient ID, home address, phone number, and email address.

  • Demographic information, such as gender, date of birth, and ethnicity.

  • Insurance information, such as plan type and group and member numbers.

  • Health information, such as medication history, health diagnoses, relevant health events, labs and vitals (e.g., blood pressure, heart rate, and weight), and healthcare provider notes.

We also collect our healthcare providers’ first and last name, phone number, and email address.

HOW WE COLLECT PERSONAL INFORMATION

We may collect the above personal information using the following methods:

  • Information you provide to us, such as information you enter on onboarding forms, surveys or questionnaires, or in your communications to us.

  • Information received from third parties, such as our service providers, your healthcare provider (if you are a patient), HekaHeart-connected devices, or our business partners.

  • Information collected automatically, such as the online activity information and device information described above. We use cookies and similar technologies to facilitate some of this automatic data collection, such as:

    • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, remembering the items you place in your shopping cart, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.

    • Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.

    • Local storage, which is used to save data on a visitor’s device. We use data from local storage to turn on web navigation, store multimedia preferences, and remember your preferences.

HOW WE USE YOUR PERSONAL INFORMATION

We may use your Personal Information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection.

Provide the Services. We use personal information to provide the Services and operate our business. For example, we use personal information to: 

  • respond to an email or other message or particular request from you

  • communicate with you 

·       improve and personalize your experience on or with the Services

  • provide surveys and questionnaires that you participate in

  • provide maintenance and support

  • facilitate care management

  • fulfill any other purpose for which you provide personal information

Research and Development. We use personal information for research and development purposes, specifically to study and improve the HekaHeart Platform and our business. We may use personal information to understand and analyze engagement and satisfaction of our patients and healthcare providers, to analyze clinical and financial outcomes, and to develop new features, functionality, products, and services. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.

Direct marketing. To provide you with informational or promotional offers, as permitted by law, that we believe may be useful to you, such as information about products or services provided by us or other businesses

Compliance, Fraud Prevention, and Safety. We may use personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of the Services, business, databases, and other technology assets; (b) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Services; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent. In some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your personal information with organizations or individuals outside of HekaHeart in the following instances:

Related Companies. We may share your personal information with our parent, affiliates, subsidiaries, and other related companies.

Business Partners. We may share your personal information with entities affiliated with the study.

Healthcare Providers. We will share your personal information with your participating healthcare provider.

Service Providers. We may share your personal information with third parties who perform services on our behalf that are necessary for the orderly operation of our business. For example, we work with service providers that help us perform website hosting, surveys, telehealth appointments, email and SMS capabilities, maintenance services, database management, analytics, fraud protection, finances, and other purposes.

Professional Advisors. We may share personal information with persons, companies, or professional firms providing HekaHeart with advice and consulting in accounting, administrative, legal, tax, financial, and other matters, to the extent personal information is necessary to provide their services to us.

Authorities and Relevant Third Parties. We may disclose personal information in response to subpoenas, warrants, or court orders, in connection with any legal process, to comply with relevant laws, or for the purposes described in the “Compliance, Fraud Prevention, and Safety” section above. In addition, we may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy, and we may do so with your consent.

Business Transaction Participants. We may disclose personal information to third parties in connection with any business transaction (or potential transaction) involving a merger, acquisition, sale of shares or assets, financing, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

YOUR CHOICES

You have choices about how we use the personal information we maintain about you. You may: 

  • Contact us to correct any incorrect personal information that we maintain about you. You can email us as provided at the end of this Privacy Policy to request that we correct your personal information.

  • Opt-out of receiving marketing emails from us by clicking on the “unsubscribe” link in any marketing email we send you. If you opt-out of marketing emails, you may still receive administrative or transactional emails from us. 

  • Opt-out of cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the HekaHeart Platform. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

  • Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. The HekaHeart Platform currently does not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

SECURITY

We have implemented reasonable security measures designed to protect against the unauthorized access, acquisition, loss, misuse, or alteration of the personal information under our control. Despite the steps we take to protect your personal information, we cannot guarantee its security. Therefore, we urge you to keep your personal information in a safe place and to be aware of these risks when sending sensitive personal information to us. 

YOUR CALIFORNIA PRIVACY RIGHTS (SHINE THE LIGHT LAW)

If you’re a California resident, under California Civil Code sections 1798.83-1798.84, you may request that we provide you with certain information about the entities with which we’ve shared your personal information for the entities’ own direct marketing purposes during the preceding 12-months. We do not disclose personal information obtained through our Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code §1798.83.

NOTICE TO NEVADA RESIDENTS

Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales using the contact information listed at the end of this Privacy Policy and we will record your instructions and incorporate them in the future if our policy changes.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

HekaHeart is located in the United States, and we have service providers in the United States. Your personal information will be collected, used, and stored in the United States or potentially other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country. By providing your personal information, where applicable law permits, you specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.

CHILDREN’S PRIVACY

The Services are not intended for use by anyone under the age of 18, and we do not knowingly collect personal information from children under 18.

OTHER SITES AND SERVICES

The Services may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.

UPDATES TO THIS PRIVACY POLICY

We may need to update this Privacy Policy to reflect changes to our privacy practices or with the law. If we update this Privacy Policy, we will change the Last Updated date above. Your continued use of the Services following posting or other notification of changes constitutes your acknowledgement of such changes. Please periodically review this Privacy Policy to keep up to date on our most current policies and practices. 

CONTACTING US

If you have any questions about this Privacy Policy, please contact us at:

HekaHeart , Inc.

151 W 42nd Street

14th floor

New York, NY 10036

info@hekaheart.com