Updated: May 21, 2018
Effective: May 24, 2018, unless you agree to this policy sooner, such as when you create an account or pair your device. Then this policy is effective as of the date of your agreement. You can view our previous archived privacy policies here.
Our culture at Wavelet Health is one of openness, collaboration and transparency. We believe in the power of healthy choices and strive everyday to help make our world better. In this document, we want to demonstrate our transparency with how we use your data to deliver best in class biometric data and services to you using comprehensive tools to transform health data collection and analysis.
Specifically, we’ll cover:
- Information We Collect
- How We Use Information
- How Information Is Shared
- Your Rights To Access and Control Your Personal Data
- Data Retention
- Analytics and Advertising Services Provided by Others
- Our Policies for Children
- Information Security
- Our International Operations and Data Transfers
- Changes to This Policy
- Who We Are and How To Contact Us
INFORMATION WE COLLECT
When you use our Services, we collect the following types of information.
INFORMATION YOU PROVIDE US
We collect two general types of information from users of our Site and Services - Personal and Aggregate Information as described below:
“Personal Information” consists of contact and biometric information. All biometric information collected is de-identified and cannot be used to identify you individually. Contact information consists of information that we can use to verify and contact you such as your name, e-mail address, mailing and shipping address, phone number, and credit card number, as well as information to help you pay for products and services, and determine your specific identity so that we can help answer any questions you may have or resolve issues with your account.
Information is required in order to create an account on our Services, such as your name, a valid email address that is then linked to your account, self-selected password, and the pairing of at least one authentic Wavelet Health device (such as a Wavelet Health wristband). You may also choose to provide other types of optional information, such as your daily goals for number of steps, active calories, hours of sleep, and daily active time, as well as customizing your desired units of measure (i.e., Imperial or Metric).
Biometric information consists of collected and derived data from your Wavelet Health device(s) that we use to provide our Services that are presented in our application, that does not contain any way of identifying you individually. Biometric information may consist of data on your sleep, steps, active calories, activity time, resting heart rate, heart rate variability, respiratory rate, and oxygen saturation. This information may be updated as we continually develop the functionality and utility of our application to provide you with accurate and useful information about your health.
“Aggregate Information” is information about your activities on the Site or in connection with your use of the Services that does not contain any way of identifying you individually (such as frequency of visits to the Site, data entered when using the Site, vital statistics and trends, etc.). We use Aggregate Information to provide the Services, as well as to improve the use of our Site and to monitor, audit, and analyze information pertaining to our business metrics.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
PAYMENT AND CARD INFORMATION
If you purchase Wavelet Health products and services, you may need to provide your payment information, including your name, credit or debit card number, card expiration date, CVV code, and billing address. This information is encrypted and sent to our online payment processor. We do not have access to your payment information, other than your name, payment card provider, billing address (if provided), the last four digits of your payment card, origin of the payment, and the expiring date. We and our online shipping processor store your name and shipping address to fulfill your order. Note that third-party processors may retain this information in accordance with their own privacy policies and terms.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES
Your device collects data to estimate a variety of metrics like the number of steps you take, distance traveled, calories burned, heart rate and heart rate variability, sleep pattern, respiratory rate, and oxygen saturation. The data collected varies depending on a number of factors such as your chosen activity, whether you utilize our shoe pod, the battery life of your device(s), the quality of connection between your device and your phone, etc. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our secure servers for analysis.
When you access or use our Services, we receive certain usage data that includes information about your interaction with the Services, for example, when you create or log into your account, pair your device to your account, synchronize an activity, or open or interact with an application on your Wavelet Health device.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA
HOW WE USE INFORMATION
We use the information you provide to offer and improve our Service, which includes processing the information for the following purposes.
PROVIDE AND MAINTAIN THE SERVICES
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your Wavelet Health Services for collecting and tracking user biometric and activity data and to provide you with exemplary customer support.
OUR PILLAR: CONTINUE TO IMPROVE OUR SERVICES
We use the information you provide us to improve our existing Services and develop new ones that match your needs. For example, we use the information to troubleshoot, improve accuracy, and protect against errors; perform data analysis and testing; conduct research and surveys to improve our Services; and develop new features that are valuable to our customers.
COMMUNICATE WITH YOU
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using the “unsubscribe” link in the communication email.
PROMOTE SAFETY AND SECURITY
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
For personal data subject to the GDPR, we rely on several legal bases to process data. These include when you have given your consent, which you may withdraw at any by sending an email to email@example.com and requesting modification of your consent; when the processing is necessary to perform a contract with you, such as the services described in our Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above. Please note that our process for modifying/accepting a withdrawal of your consent is manual and not automatic, and therefore there may be a delay between the receipt of your request and us processing it.
HOW INFORMATION IS SHARED
We do not share your personal information except in the limited circumstances described below.
You may authorize us to share your information with others, for example, with a third-party application when you give access to your account. Remember that their use of your information will be governed by their privacy policies and terms.
FOR EXTERNAL PROCESSING
We transfer information to our corporate affiliates, service providers, and other partners who process data for us, based on our instructions, and in compliance with our policies and any other appropriate confidentiality and security measures. These partners provide us with services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, text messaging, credit card or other payment account processing, auditing and similar services, and surveys.
Contracts with our service providers require them to keep your information confidential. We will not sell or trade your Personal Information with unaffiliated third parties. These third-party service providers are not authorized to retain, share, store or use your Personal Information for any purposes other than to provide the services for which they have been contracted to provide. When you submit your Personal Information, you also provide us permission to use your Personal Information to contact you by email, telephone, cell phone, direct mail, or text message about certain offers made available by us or third parties that we believe you might be interested in based on information you have provided to us. You may always opt-out of this processing at any time.
SHARING, SELLING AND TRADING AGGREGATE INFORMATION COLLECTED ONLINE WITH THIRD PARTIES
FOR LEGAL REASONS OR TO PREVENT HARM
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
Please note that on some portions of the Site, users can choose to have their Personal Information displayed. The default for these portions of the Site is that Personal Information is private, other than your username and any other information you choose to display publicly. If users choose to have their Personal Information displayed on the Site, we will not be responsible for this disclosure and such display shall not be considered a breach of this Policy.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA
We provide you the right to access and control your personal data, as described below, regardless of where you live. If you live in the European Economic Area, United Kingdom, and Switzerland (the “Designated Countries”), you have legal rights with respect to your information as outlined below.
Accessing and Exporting Data. By logging into your account, you can access much of your personal information, including your dashboard with your daily exercise and activity statistics. Using the information provided in the application, you can find the email contact to request a download of your information in a commonly used file format. You can also email us directly at firstname.lastname@example.org for a copy of your data.
Deleting Data. Within your application is the contact email, email@example.com, allowing you the option to request the deletion your personal information. If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Wavelet Health device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the previous How Information Is Shared section.
Restricting or Limiting Data Use. If you reside in a Designated Country, you can seek to delete your account at any time.
If you need further assistance regarding your rights, please contact our Data Protection Officer via firstname.lastname@example.org, and we will consider your request in accordance with applicable laws. If you reside in a Designated Country, you also have a right to lodge a complaint with your local data protection authority.
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to provide our Services to you. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep other information, like your exercise or activity data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of our Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.
ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS
OUR POLICIES FOR CHILDREN
We appreciate the importance of taking additional measures to protect children’s privacy.
Wavelet Health does not allow children to directly purchase or use our Services or devices. Partners of Wavelet Health may under their own rules and Privacy Policies set up accounts for children to use our devices. To the extent prohibited by applicable law, Wavelet does not allow use of our Services by anyone younger than 13 years old. We do not target children, and we do not knowingly collect any personal data from any person under 13 years of age.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Secure Socket Layer (“SSL”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support by emailing email@example.com.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem.
OUR INTERNATIONAL OPERATIONS AND DATA TRANSFERS
We operate internationally and transfer information to the United States and other countries for the purposes described in this policy. We rely on multiple legal bases to lawfully transfer personal data around the world.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a Wavelet Health account and click “I agree” to data transfers, irrespective of which country you live in. If you later wish to withdraw your consent, you can delete your Wavelet Health account as described in the Your Rights To Access and Control Your Personal Data section.
CHANGES TO THIS POLICY
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.
LINKS TO OTHER WEBSITES
WHO WE ARE AND HOW TO CONTACT US
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at firstname.lastname@example.org.
No matter where you live, whether in the European Economic Area, United Kingdom, Switzerland, or United States, Wavelet Health USA, LLC. controls your personal data and provides you with the Services. If you are seeking to exercise any of your statutory rights, please contact our Data Protection Officer at email@example.com. You may also contact us at:
Wavelet Health USA, LLC.
465 Fairchild Drive Suite 228
Mountain View, Ca USA 94043