1. ABOUT US
Respiri USA Inc (Respiri) is committed to managing personal information in accordance with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth) (the Privacy Act), applicable health records legislation, the General Data Protection Regulation 2016/679 (GDPR) of the European Union (EU) and in accordance with other applicable privacy laws, including, the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA) (Privacy Laws).
We aim to collect, use and disclose personal information only in accordance with the Privacy Laws and this Policy.
In this Policy, “we”, “us” and “our” means Respiri.
We take privacy seriously and we aim to ensure the protection of your personal information, no matter where you are located.
2. YOUR PRIVACY IS IMPORTANT
We understand that the privacy and confidentiality of your personal information is important.
This Policy describes how we collect, hold, use and may disclose your personal information through our websites (including www.respiri.co/us), the respiri™ app, the wheezo™ Digital WheezeRate Detector and other interactions (e.g. customer service enquiries, interactions through online stores, etc.) you may have with Respiri (collectively, the Services). If you do not agree with this Policy, do not access or use Respiri products or Services.
Our aim is to ensure the quality, integrity and security of your personal information.
3. WHAT IS PERSONAL INFORMATION?
In this Policy, “personal information” has the meaning set out in the Privacy Laws. It includes information about an identified individual or an individual who is reasonably identifiable. Common examples include a person’s name, address, telephone number and date of birth.
Some types of personal information are designated as “sensitive information”. Sensitive information is subject to additional protection under the Privacy Laws. For example, this can include information about a person’s health.
4. WHAT INFORMATION DO WE COLLECT?
The personal information that we collect about you will depend on the products or Services we provide you, or that you may inquire about.
Some examples of personal information we collect may include (but are not limited to):
- your name, date of birth and gender;
- your physical traits, such as height and weight;
- contact details such as telephone number, email address or delivery address;
- payment (such as credit card) or banking information (including related payment verification information);
- information about your interest in or use of our products or Services;
- health (sensitive) information, for example your wheeze rate;
- your geographic location when you use the respiri™ app;
- information about your treating medical practitioners;
- if you are an individual contractor to Respiri or are seeking employment by Respiri, information relevant to your engagement including qualifications, resume, pay rate and salary, bank details, feedback from referees and training records;
- in the case of suppliers of products and services (and their staff), your name, position, street address, email address, and telephone number; and
- any other information you choose to provide us with.
5. WHY RESPIRI COLLECTS PERSONAL INFORMATION
The type of personal information that we collect and the purposes for which we use that personal information will depend upon the circumstances. We collect personal information about you when it is reasonably necessary in the course of our business.
Reasons we may collect personal information include:
- communicating with you, including by email, telephone and mail;
- providing goods or Services to you or receiving goods or services from you;
- answering your questions and comments and providing you with information or advice;
verifying your identity;
- coordinating your care with health care providers and health plans;
obtaining payment for our products and Services;
- interacting with you via digital marketing;
- providing your personal information to third parties that assist us in providing products and services you have requested;
- analyzing and improving the products and Services we provide;
- detecting and preventing fraud and attacks on the security of our systems and Services;
- delivering marketing communications, promotional health materials, or advertisements that may be of interest to you;
- considering you for a job with us (whether as an employee or contractor) or another relationship with us; and
- complying with laws or regulations or with any directions given by regulators or government authorities or responding to law enforcement requests.
In addition, we may use de-identified health information to contribute to public health efforts (particularly, research) regarding respiratory disease and for other related medical uses.
We may contact you regarding the above, including by electronic messaging such as SMS and email, through the respiri™ app, by mail, by phone or in any other lawful manner.
We may also use or disclose your personal information for other purposes to which you have consented, or as otherwise permitted or required by law.
Please note: If we are not able to collect your personal information about you, we may not be able to provide you with the products, services or assistance you require.
6. HOW DO WE COLLECT PERSONAL INFORMATION?
We collect your personal information in a number of ways, including:
- You give it to us when you interact with us. For example this may happen when you contact us, sign up to our newsletter, create an account on the respiri™ app, purchase our products online, or use one of our products or services. If you do not provide us with this information, we may not be able to provide certain products or services to you.
- We collect information when you are registered to use our Services through your health care provider. In such a case, we typically act as a processor to the health care provider, which is primarily responsible for providing you notices under applicable privacy laws (see Section 15 below regarding the application of HIPAA).
- information from our websites including the number of visits, dates of visits, pages viewed and navigation of the site;
- your device information including the hardware model, device IP address or device ID, operating system and version, software, file names and versions, preferred language, unique device identifiers, advertising identifiers, serial numbers, device motion information and mobile network information; and
- transaction information including the type of products or services you requested or provided, the order details, delivery information, date and time the products or services were provided, amount charged and payment method.
- We obtain information from outside sources like marketing mailing lists, public information (including public posts to social networking sites) and commercially available personal, geographic and demographic information.
We may also collect your personal information to comply with legal requirements or obligations, for law enforcement purposes and for public safety purposes.
If you provide personal information about another person to us, we require that you:
- inform that person that you are doing so and provide them with a copy of or a link to this policy; and
- before providing us with sensitive information about that person, obtain that person’s consent to provide the information for the purpose specified, unless that person is under 18 years of age and you are their parent or legal guardian acting on their behalf.
7. HOW DO WE USE YOUR INFORMATION?
We will only use and disclose your personal information:
- for the purposes outlined in Section 5;
- for any other purpose to which you consent; or
- as otherwise required or permitted by law.
The legal basis for our processing of your personal information may include processing:
- with your consent;
- where necessary for the performance of a contract to which you are party;
- where necessary for compliance with an EU legal obligation; or
- where necessary for the purposes of Respiri’s legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms). These legitimate interests may include:
- processing data entered in the respiri™ app;
- processing data about Respiri’s employees and contractors;
- marketing activities;
- fraud prevention activities;
- IT security activities;
- disclosing information about possible criminal acts or security threats to relevant authorities; and
- Respiri’s other legitimate commercial interests.
In any case where Respiri relies on your consent to process your personal information you can withdraw that consent by contacting our Privacy Officer, although we may have other legal grounds under which we can continue to process your personal information, such as those set out above.
8. DIRECT MARKETING COMMUNICATIONS
We may use and disclose your personal information for the purpose of direct marketing to you, via direct mail, email, SMS, MMS, targeted digital advertising or phone calls (or any other means of marketing communication), where:
- you have consented to us doing so; or
- it is otherwise permitted by law.
You may opt-out of receiving marketing information from Respiri at any time by:
- clicking on a link or unsubscribe mechanism in the direct marketing communications sent to you;
- changing your communication settings in the respiri™ app; or
- contacting our Privacy Officer.
Please allow a reasonable period for your request to be actioned, provided that we will act on any request within the time period specified by law. We will keep a record of the fact that you have asked us not to send you direct marketing indefinitely so that we can respect your request in future.
- authenticating users;
- remembering user preferences and settings;
- personalizing content and ads;
- determining the popularity of content;
- delivering and measuring the effectiveness of advertising campaigns; and
- analyzing website traffic and trends, and generally understanding the online behaviors and interests of people who interact with our Services.
You may adjust your browser to refuse to accept cookies, remove cookies or notify you when a cookie is set by editing your web browser preferences or options. Each browser is different, so check the “Help” menu on your browser to learn how to change your cookie preferences. You do not have to accept all cookies sent to you by our websites. However, depending on the particular cookie you reject, you may not be able to use some features of our websites.
Please note that we do not currently respond to “do not track” signals or mechanisms.
10. SHARING YOUR PERSONAL INFORMATION
To ensure that we can meet your specific needs, we may share your personal information with others in a variety of ways.
We may share your personal information with Respiri’s related entities. The purposes for this sharing include, among other things, to provide the services you have requested or authorized; to manage risk; and to provide us with a more complete understanding of your needs.
We may also share your information with third parties, including:
- third parties engaged by us to perform functions or provide products or services such as IT service providers, insurers and providers of mail outs, marketing or advertising services;
- third parties that sponsor or promote us;
- credit reporting bodies and credit providers;
- our professional advisors, including our accountants, auditors and lawyers;
- persons authorized by you to receive information held by us;
- third parties with whom we have arrangements for the purpose of promoting our business, for example companies who may use your personal information to tailor electronic advertising to you (e.g. on a webpage or social media platform) in relation to our products and services;
- in the event that we or our assets may be acquired or considered for acquisition by a third party or are transferred to a third party in connection with a bankruptcy proceeding, that third party and its advisors;
- third parties that require the information for law enforcement or to prevent a serious threat to public safety;
- as reasonably necessary to enforce our rights; and
- any other person as required or permitted by any law.
If we disclose your personal information to our service providers, we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws. For example where commercially practical we will include suitable privacy and confidentiality clauses in our agreement with a third party service provider.
Respiri may also disclose to third parties aggregated or de-identified data that is not personally identifiable. Aggregated data is created by pooling information about individuals and describing the data in the aggregate (e.g. 20% of customers who clicked on the X promotion participated in the promotion).
Protecting children is a very important priority for Respiri.
We recognize the need to provide further privacy protections with respect to personal information we may collect from children in relation to any of our products and Services.
We do not knowingly collect personal information from, or send information about our products and Services directly to, children who lack legal capacity, without the consent of a parent or legal guardian. Generally this means we do not knowingly collect personal information from, or send information about our products and Services directly to, persons under 18 years of age without the consent of a parent or legal guardian.
A parent or legal guardian may request access to personal information that we have collected about their child and may request that the personal information be changed (see Section 13 below).
If you become aware that your child has provided us with personal information without the consent of a parent or legal guardian, please contact our Privacy Officer immediately.
If we become aware that a child has provided us with personal information without the consent of a parent or legal guardian, we will take reasonable steps to delete the information unless otherwise required by law.
Compliance with the Children’s Online Privacy Protection Act (“COPPA”): In the United States, we can only collect personal information directly from children under 13 with the consent of the parent or legal guardian. In the typical case, the parent will register the child directly with us or through their health care providers; we operate as a processor on behalf of the health care provider, which has the primary responsibility for providing notice and obtaining consent. In such a case, we do not need to seek separate parental consent as the parent is the one providing the personal information, but will require confirmation during the onboarding process that the parent has consented to having their children register for the Service. To the extent COPPA applies, please see our COPPA Notice for more information on the personal information we collect from children and how we use it.
However, if there is a circumstance where we are required to obtain verified parental consent under COPPA, we will use the following methods for obtaining such consent:
Email Consent. In the event Respiri wishes to collect personal information from a child, COPPA requires that we first seek a parent or guardian’s consent by email. In the email we will explain what information we are collecting, how we plan to use it, how the parent can provide consent, and how the parent can revoke consent. If we do not receive parental consent within a reasonable time, we will delete the parent contact information and any other information collected from the child in connection with that activity.
High-Level Consent. In the event Respiri collects personal information from a child that will be posted publicly, we will seek a higher level of consent than email consent. Such “high-level” methods of consent include but are not limited to asking for a credit card or other payment method for verification, speaking to a trained customer service representative by telephone or video chat, or requiring a signed consent form by mail, email attachment, or fax. After providing high-level consent, a parent may have the opportunity to use a pin or password in future communications as a way to confirm the parent’s identity.
Please note that you can revoke consent at any time by emailing us at [email protected]
Consent to Respiri’s Collection, Use and Disclosure of your Child’s Information
12. FAMILY SHARING
Family Sharing Services allows you to monitor the activity (i.e. analysis of breathing sounds for the presence of wheezing when using the wheezo® product) for each device on your account.
You are able to control what personal information you share and with whom you share it with.
We encourage you to adjust the sharing settings to best meet your objectives.
When setting up Family Sharing services, parents must first provide verified parental consent for the collection, use and disclosure of their child’s information for the purpose of providing the services. At any time, parents may provide such consent. However, without such consent, Family Sharing services will not be available for your use of the product and/or Service.
13. ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
You may request access to any personal information we hold about you at any time by contacting us. We will provide access to that information in accordance with Privacy Laws, subject to any exemptions that may apply. If you would like to seek access to your personal information, please contact our Privacy Officer.
We reserve the right to charge you reasonable expenses for providing access to your personal information, unless prohibited by applicable Privacy Laws.
Respiri endeavors to ensure that the personal information it holds is accurate, complete and up-to-date. Please contact our Privacy Officer if you believe the information Respiri holds about you is inaccurate, incomplete or out-of-date.
Under applicable law, you may also be entitled to ask Respiri to:
- delete or restrict processing of your personal information;
- transmit your personal information to another entity; or
- object to the processing of your personal information in certain circumstances.
To make such a request, please contact our Privacy Officer. Please note that we may deny any such requests if permitted to do so under applicable Privacy Laws, but will endeavor to provide an explanation for any such denial.
14. STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
Generally, Respiri will retain your personal information for the period necessary to fulfil the purposes for which we collected it (as outlined in this Policy) unless a longer period is legally required.
We will retain your personal information for as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our rights.
Where we no longer need to process your personal information for the purposes set out in this Policy, we will take reasonable steps to delete your personal information from our systems or de-identify it (unless otherwise required by law).
We hold your personal information in a combination of hard copy and electronic files.
Respiri takes reasonable measures to protect the personal information it holds from loss, misuse or interference or unauthorized alteration, disclosure or access.
- as the internet is inherently insecure, we cannot guarantee the security of transmission of any information you send to us using online communication. You transmit information to us online at your own risk; and
- except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorized access to, alterations of, disclosure of, misuse of or loss or corruption of your personal information.
Nothing in this Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights (except to the extent they may lawfully be restricted, excluded or modified) under any applicable law including the Competition and Consumer Act 2010 (Cth).
Please notify us immediately if you become aware of any breach of security.
Sending your personal information overseas
We may send your personal information overseas, including to:
- our service providers or third parties who store data or operate outside the jurisdiction in which you live; or
- comply with laws, and assist government or law enforcement agencies.
Electronic files are stored in servers that are operated and maintained by Respiri and third parties under contract with Respiri and they are located in Australia or overseas countries such as the USA, Israel and Singapore.
Except where an exception applies under the Privacy Act or other relevant legislation, we will take commercially reasonable steps to ensure that overseas recipients to whom we disclose personal information do not breach applicable Privacy Laws in relation to such information.
If we transfer personal information about individuals in the EU to a recipient located outside the EU, we will ensure safeguards are in place to protect the personal information. These may include:
- the European Commission having decided that the recipient country has an adequate level of protection; or
- putting in place standard data protection clauses adopted by the European Commission, between Respiri and the recipient of the personal information.
Please contact our Privacy Officer if you would like more details about these safeguards.
Links to other websites
Our Services may provide a link or otherwise provide access to third party websites. We provide these links because we believe you may find them useful and informative. Please be aware, however, that we have no control over, do not review, and are not responsible for third party websites, their content, or any goods or services available through the third party websites.
This Policy does not apply to third party websites, and any information that you provide to third party websites, you provide at your own risk. We encourage you to review the privacy policies of any third party websites that you may interact with.
In certain cases we process your personal information in connection with a service offered through your health care provider [or pharmacy]. In such a case, your personal information may be treated as “protected health information” subject to the protections of the Health Insurance Portability and Affordability Act (HIPAA). In such cases, we act as a business associate to the health care provider [or pharmacy] and will comply with the requirements of HIPAA with respect to your protected health information. Any requests relating to your protected health information in connection with such a service through your health care provider should be directed to your health care provider in the first instance.
16. PRIVACY COMPLAINTS
If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or otherwise consider there may be a breach of any Privacy Law, please contact our Privacy Officer in writing. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and information.
The Privacy Officer will investigate the issue and determine the steps (if any) that we will undertake to resolve your complaint. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation.
If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the Office of the Australian Information Commissioner via www.oaic.gov.au if you are located in Australia or if you are located in the EU, you can complain to a supervisory authority responsible for monitoring the application of the GDPR.
17. HOW TO CONTACT US
If you have any questions about Respiri and privacy, wish to provide feedback about this Policy, would like to access or correct information held by Respiri about you, or wish to make a privacy related complaint, please contact our Privacy Officer at:
+61 3 9653 9160
The Privacy Officer
Suite 1, Level 9, 432 St Kilda Road,
Where applicable, we will rely on the employee records exemption in the Privacy Act and any other applicable exemptions in applicable Privacy Laws.
19. CHANGES TO THIS POLICY