♥︎ Hello Heart

Hello Heart Privacy Policy

Effective Date: January 1, 2020
Last Reviewed On: December 31, 2019

This privacy statement (“Privacy Policy”) explains the privacy practices of Hello Heart Inc., a company with offices at 545 Middlefield Road, Menlo Park, CA, USA (“Hello Doctor” or “Hello Heart”, “us”, “our”, “we”).  This Privacy Policy explains how we collect, use, and share your personal information as you use our mobile application (the “Application”) or otherwise in the course of our business (collectively, the “Service”).  As used herein, “you” or “your” refers to the individual accessing or using the Service.

Hello Heart’s Commitment to Privacy

Hello Heart respects your right to privacy. Your ability to make informed choices about the uses of your information is important to us. This privacy statement explains Hello Heart’s policy regarding the collection, use, disclosure and protection of Personal Information. The terms of this privacy statement apply to information collected from you unless different terms are specified as part of a special offer or in another form or contract we provide you. Hello Heart stores medical tests results, physician summaries, prescriptions and any other medical information (“Personal Medical Documents”) which you decide to upload on to the Application. Hello Heart is not a health care provider and the Service does not provide health care services of any type.

Personal Information We Collect

“Personal Information” is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). You are not legally required to provide Personal Information, but if you refuse to provide such information we may not be able to register you to use the Service. By using the Service you agree to the use (including transfer) of Personal Information (including Personal Medical Documents) as described in this Privacy Policy.

If you upload or use Personal Information which relates to someone other than you, you represent to us that you have that person’s legally binding consent to the use of the information as described herein or that you are legally authorized to consent on their behalf. You may provide Hello Heart with Personal Information or Personal Medical Documents only if you are resident in the United States and otherwise eligible to use the Services under the Terms and Conditions.

We collect or obtain the following categories of personal data about you.  Please see How We Use and Share Personal Information for more information about why we collect the categories of information below.

Category

Examples of Information We Collect

Identifiers.

We collect names, addresses, phone numbers, and email addresses (“Contact Information”) of users to provide our services, respond to product inquiries, and for the other business purposes listed below.  We may automatically collect your Internet Protocol address when you visit us to improve our products and communications (see More About Cookies below).

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

We collect names, Contact Information, employment, and insurance information about users to provide and promote our products and services and for the other business purposes listed below.  We collect medical information when you or your doctor provide it to us, such as when you add Personal Medical Documents to your medical portfolio on the Application.

Protected classification characteristics under California or federal law.

We obtain information about patients’ age and gender to improve our product quality and safety and for the other business purposes listed below.

Commercial information.

We obtain transactional data pertaining to our products to comply with our legal obligations, to improve our products, and for the other business purposes described below.

Biometric information.

While we do not collect information about biometric identifiers of users, some of the health tracking information we collect (such as blood pressure or steps) may contain identifying information.  We collect this information to provide our services to you and for the other business purposes listed below.

Internet or other similar network activity.

We collect information about how visitors browse or search our website, for our brand, or for our products.  We use these tools to analyze how our products perform and improve our services. (See More About Cookies below.)

Professional or employment-related information.

We obtain information about the employer you work for in order to integrate our Service with employers and for the other business purposes described below.

We do not collect:

  • Geolocation data.
  • Sensory data.
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
  • Profiles or inferences drawn from other personal information.

The “personal information” listed above does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information. Company may use or disclose de-identified or aggregated information (that is no longer personally identifiable) for any purpose. We may share this aggregate data with our parent, affiliates, agents, advertisers, manufacturers and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners and to other third parties for other lawful purposes.
  • Information covered by sector-specific privacy laws like the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
  • Information about our contractors, employees, or candidates for employment—if you are a Company contractor, employee, or candidate, please see the Company’s Contractor/Employee Privacy Notice for more information.

Sources of Personal Information

We may obtain all of the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or products and services you purchase.
  • Indirectly from you. For example, from observing your actions on our Websites using cookies.
  • From third-party service providers.

More About Cookies

Hello Heart may use cookies, web beacons or other similar technologies in order to improve the Service. A cookie is a small piece of text that is sent to your browser. The browser provides this piece of text to your device when you return to the Application. Hello Heart uses cookies to help personalize your Hello Heart experience and for the other business purposes listed below. A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the Application, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the application.

How We Use and Share Personal Information

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information.
  • To provide, support, personalize, and develop our Service (for example, to send you notifications and reminders regarding scheduled appointments with physicians, etc.).
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments, to confirm and communicate with you about appointments and products, and to prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests.  By registering with Hello Heart you consent to receiving email communications to tell you about Hello Heart’s services. If you prefer not to receive promotional information from us, we make it easy for you to let us know. You can contact us at any time to decline promotional information (see Your Rights and Choices About Your Personal Information below).
  • To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business, or to enforce our rights or resolve disputes.
  • For testing, research, analysis, and product development, including to develop and improve our Service.
  • To respond to law enforcement requests, as required by applicable law, court order, or governmental regulations; to monitor our compliance with those obligations; to respond to any claims, or to protect the rights, property, or personal safety of Hello Heart, our customers, or the public.
  • As described to you when collecting your personal information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

Disclosures of Personal Information for a Business Purpose

In the preceding 12 months, we have disclosed the following categories of personal information to our third-party service providers for the business purposes described above:

  • Identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Protected classification characteristics under California or federal law.
  • Commercial information.
  • Biometric information.
  • Internet or other similar network activity.
  • Professional or employment-related information.

Under applicable law, we are permitted to disclose personal information to service providers in accordance with written contracts requiring our service providers to keep the information confidential.  We may provide Personal Information to third party vendors or service providers who assist us or our affiliates in administering and managing our sites, products, services or business (such as third parties providing hosting services). These recipients of Personal Information enter agreements with Hello Heart governing the privacy and security of Personal Information. These recipients of Personal Information are not authorized to use the information we share with them for any other purpose. By providing such information, you expressly consent to such transfer and use, including transfers outside of the jurisdiction in which the information was provided.

In addition to third-party service providers, we share all of the categories of personal information we collect with government entities (if required by law or reasonably necessary to avoid harm).  We may also share your personal information, at your request, to business partners that provide services selected by you.

If you receive access to Hello Heart through your health plan, we may share limited information about you (for example, the fact that you registered for Hello Heart or information related to your use of Hello Heart) to the plan sponsor or plan’s third party administrator (for example to wellness program vendors) for payment purposes, operational purposes, or as permitted or required by law. You may choose to send a physician or other third party the Personal Medical Documents using the email or Fax options in the application. The system is not designed to enable access by physicians and/or third parties to your Personal Medical Information.

Sales of Personal Information

In the preceding twelve 12 months, we have not sold personal information.  Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so.  Hello Heart does not sell, rent, share, or disclose Personal Information and/or Personal Medical Documents to third parties, except to its vendors, partners, contractors or agents to the extent necessary to provide Hello Heart’s services.

Aggregate Information

Personal Information does not include “aggregate” information. Aggregate information is data we collect about a group or category of services or users, from which individual customer identities have been removed. In other words, information about how you use a service, or the results of such use, may be collected and combined with similar information others, but no Personal Information will be included in the resulting data. Hello Heart can extract statistical data from your content in order to provide it to other users or partners without connecting it to any personal data such as name or email address. Aggregate data helps us understand trends and user needs so that we can better consider new products and services, and tailor existing products and services to customer desires. You understand that we may commercialize aggregate information by any and all means, and that you will receive no payment or other consideration in respect of such use. We will not use or disclose to third parties user data gathered from the HealthKit API or from health-related human subject research for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research.

Third Party Tools

Hello Heart uses third party tracking tools like Google Analytics, MailChimp and HelloFax. If you wish to opt-out from our third party services, please follow their links: MailChimp, Google Analytics, HelloFax. If you choose to send out a fax, you agree to the HelloFax terms of use accessible at HelloFax. Hello Heart uses Human API to connect your online clinic data. By using online clinic access, you are consenting to Human API’s privacy policy and terms of service.

Protection of Personal Information

Hello Heart has put into place security measures in an effort to protect Personal Information from loss, misuse or alteration while it is under our control. Personal Information we collect is stored in a cloud electronically and may be combined with other membership information. We use technical, contractual, administrative and physical measures in an effort to protect against unauthorized access. These include Secured servers, SSL and encryption. Although we take measures we believe are appropriate to safeguard against unauthorized disclosures of Personal Information, “perfect security” does not exist on the Internet. We cannot ensure or warrant the security of any Personal Information you transmit to us, and you transmit such information at your own risk. To allow you to securely view your account and registration information you will be required to submit a username and password upon registration to the Application. To protect the confidentiality of Personal Information, you must keep your password confidential and not disclose it to any other person. If other people have access to your email, they may be able to obtain access to your password and obtain Personal Information about you (such as your credit card information), or change information about your user profile. You may not want to use an email account operated by an employer because many employers have the legal right to access such email accounts.

Your Rights and Choices About Your Personal Information

Promotional Communications

If at any time you wish to stop receiving promotional information from Hello Heart, you may opt out by emailing us at contact@helloheart.com.

Your California Privacy Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, we will provide two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not currently respond to “do not track” signals.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct any service providers with whom we have shared personal information to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), or other data privacy or security laws.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at privacy@helloheart.com or using our Contact us form.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.  We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may update, review or correct your on-line account information at any time online by accessing your password-protected registration page on the Application.

Use of the Service by Children

You must be 18 years of age or older in order to establish an account on and use the Service.

Online Links to Other Sites

If any part of the Application links you to websites or enables the download of third party software, those websites, software or related services are not subject to this Privacy Policy. Any Personal Information you provide on the linked pages is provided directly to that third-party and is subject to that third party’s provider’s privacy policy. Except as described above, Hello Heart is not responsible for the content or privacy practices of websites to which we link. Links from our site to third parties or other websites are provided for your convenience. We encourage you to learn about the privacy practices of each web site before providing them with Personal Information.

Additional California Disclosures

California “Shine the Light” Law

California law, known as the “Shine the Light” law, allows California residents to request and obtain from us a list of the Personal Information (if any) that we disclosed to third parties for direct marketing purposes. We will never disclose your Personal Information to third parties for direct marketing purposes without your consent, but if you like to make a request for information under this law, please send an email message to support@helloheart.com with "Request for California Privacy Information" in the subject line of your message.

California Non-Discrimination Disclosure

We will not discriminate against you for exercising any of your California privacy rights under the California Consumer Privacy Act.  For example, if you exercise your California privacy rights, we may not, on that basis:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Questions or Concerns

If you have any questions or concerns about this privacy statement or would like to contact us for any reason, you can contact us at contact@helloheart.com.

Changes to this Statement

Hello Heart reserves the right to change this privacy statement at any time, but will alert you that changes have been made by indicating at the top of the privacy statement the date it was last updated. We encourage you to review our privacy statement to make sure you understand how your information will be used. If there is ever a material change to how we use your information and the new uses are unrelated to uses we disclose in this statement, we will communicate the changes in advance as described above, and such changes will apply following the date of such change.