Effective May 9, 2018
“Personal Information” means any information relating to an identified or identifiable individual.
This WPP applies to all users of the Website. This WPP does not address our data protection practices related to use of patient Personal Information. If you are a patient please read our Patient Notice which explains how iRhythm collects and uses your personal information and heart rhythm data during and after your use of the ZIO Service. Also, please contact your health care provider for information regarding their privacy practices.
A Word About External Websites
External websites that may be referenced within this Website are not covered by this WPP; they have their own policies, and we encourage you to review those policies prior to using such external sites.
For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller for those accessing this Website from Europe is: iRhythm Technologies Limited.
What Information Do We Gather About You?
iRhythm collects various types of Personal Information that you provide us as well as information collected from automatic means when you use the Website. What we gather and how we use it is explained below.
Information You Provide
We collect any information that you provide when you use the Website. For example, the Website may include web pages that give you the opportunity to provide us with Personal Information about yourself, such as your name, email address, job function, etc. You do not have to provide us with this information if you do not want to; however, that may limit your ability to use certain functions or to request certain services or information.
Information Automatically Collected From You
We may automatically collect certain technical information from your computer or mobile device when you visit the Website, such as your Internet Protocol address, your browser type, your operating system, the pages you view, and the search terms you enter.
We and our service providers may collect information using cookies or similar technologies. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device. Cookies may enable us to personalize your experience on the Website, maintain a persistent session, and carry out marketing and other activities. The Website may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).
Most web browsers automatically accept cookies and similar technologies. If you prefer, you can disable this functionality. Please refer to your browser’s help section for further information. If you block all cookies this may limit your ability to take advantage of all the features on the Website.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Website and under our terms with you. They include, for example, cookies that enable you to move from one page to another within a session or to log into secure areas of the Website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors navigate the Website. This helps us for our legitimate interests of improving the way the Website works.
- Functionality cookies. These are used to preserve your preferences when you return to the Website. This enables us, subject to your choices and preferences, to personalise our content on the Website.
You can find more information about the individual cookies we use and the purposes for which we use them here:
|Third Party Cookies||Purpose||Further Information|
|“Google Analytics” (Google, Inc.)||Google Analytics cookies are deployed to allow us to gain insights about how to improve the functionality and user experience of our website. These cookies allow us to count web page users and see how they navigate and interact with our website. This helps us to improve the way our the webpages work, for example by making sure visitors are finding what they need easily. The information these cookies collect includes traffic statistics, like number of page views, number of visitors, and time spent on each page. The information collected by Google Inc. allows them to evaluate and compile reports on how our websites are used, and through analysis of such reporting, we can better understand how our users are interacting with our website content, which allows us to customize, lay-out and better target the content we wish to share, giving you a more informative and seamless experience. By using our website with these cookies enabled, your IP address may be shared with Google, Inc.||
For more information on Google Analytics cookies, visit: www.google.com/policies.
To opt-out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout. This allows you to download and install a Google Analytics cookie-free web browser.
|“Hubspot” (Hubspot, Inc.)||Hubspot cookies are used for content targeting and performance purposes: one of the primary benefits to the user is that pre-populated forms and preferences, once entered, will be retained and remembered, giving a more efficient experience. We also use Hubspot cookies to ascertain user interests based on analysis of webpage browsing tendency. This allows us to render customized content on our website pages based on users’ likely interests. By using our website with these cookies enabled, your IP address may be shared with Hubspot, Inc.||For more information about HubSpot cookies, please visit: https://legal.hubspot.com/privacy-policy.|
|“Triblio” (Triblio, Inc.)||Triblio cookies are used for content targeting purposes. By tracking and sharing the IP addresses of our users with Triblio, Triblio cookies allow us to associate a user’s IP address with a likely account that may belong to them. These cookies thus enable us to render customized content on our websites, with that content being targeted towards that particular account holder and based on any previous interactions and purchase history. This gives users a more personalized experience with website content that is more likely to be relevant to them. We do not share your purchase history with Triblio, Inc., but by using our website with these cookies enabled, your IP address may be shared with Triblio, Inc.||For more information about Triblio cookies, please visit: https://triblio.com/privacy-policy/|
|“Engagio” (Engagio, Inc.)||Engagio cookies are used for content targeting purposes. By tracking and sharing the IP addresses of our users with Engagio, Engagio cookies allow us to associate a user’s IP address with a likely account that may belong to them. We do not share your purchase history with Engagio, but by using our website with these cookies enabled, your IP address may be shared with Engagio, Inc.||For more information about Engagio cookies, please visit:
|“ion” (i-on interactive, Inc.)||ion Interactive cookies are used for content targeting. These cookies allow us to serve dynamic content on our websites that is tailored based on the volume and usage patterns of our websites. These cookies aggregate sessions from our website users to tailor the content we display on our web pages, based on the traffic and usage patterns of our site. By using our website with these cookies enabled, your IP address may be shared with i-on interactive, Inc.||For more information about ion cookies, please visit: https://www2.ioninteractive.com/privacy-policy/|
How Do We Use the Information Collected?
Operation of the Website
We may use and store Personal Information we collect about and from you in our legitimate interests, where we have considered these are not overridden by your rights:
- administer the Website and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- keep the Website safe and secure
- respond to requests that you make,
- improve and manage the Website,
- better tailor content, offers and features, and
- for purposes disclosed at the time you provide your information.
Where permitted in our legitimate interest or with your prior consent where required by law, we may collect certain Personal Information about you to send you electronic newsletters or promotional emails that we believe may be of interest to you, consistent with your choices.
In particular, if you fill out a form on the Website to receive a piece of content, we may collect information regarding your interactions with that content (e.g., clicking on content). We may also collect Personal Information about you that is publicly available on the Web and that is tied to the information you provided in the form (e.g., email address, name). In addition, we may collect statistical information regarding website visitors’ navigation on the Website at an aggregated level (e.g., IP address, location, browser type, referral source, length of visit and pages viewed)
The information gathered will be used solely for marketing in connection with iRhythm’s business and will not be shared with any other third parties. You may opt out of receiving marketing communications from us by following the unsubscribe instructions in each such message, or by contacting us as indicated below.
Patients and physicians who provided testimonials for use by iRhythm sign release forms.
Can Third Parties View Your Information?
No Personal Information will be divulged to third parties outside the iRhythm Group (iRhythm Technologies, Inc. and iRhythm Technologies Ltd.), except as described below.
Merger Or Sale
In the event that iRhythm is acquired by or merged with a third-party entity, we may transfer or assign the Personal Information that we have collected as part of such a merger, acquisition, sale, or other change of control.
Other Disclosures Required Or Authorized By Law
We may disclose Personal Information about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.
We also may share Personal Information with our service providers who perform certain services, such as website hosting and marketing automation, on our behalf in accordance with our instructions and the Data Protection Law. We authorize service providers to access, use or disclose the information only as necessary to perform their services or comply with legal requirements. iRhythm requires all service providers with access to Personal Information to agree to safeguard the privacy and security of Personal Information they process on our behalf.
What Measures Are Taken To Protect Your Personal Information?
iRhythm maintains appropriate administrative, technical and physical safeguards to protect the Personal Information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Data transmitted to or from the Website is secured under industry encryption standards such as SSL.
International Data Transfers
We may transfer your Personal Information to recipients in countries other than the country in which the Personal Information was originally collected. In particular we transfer Personal Information to the United Sates, where we are headquartered and where some of our service providers process and host your Personal Information. The laws in the United States do not offer the same level of data protection as the country in which the information was initially provided. When we transfer your Personal Information we will protect the information as described in this policy. We have also implemented specific safeguards to ensure your Personal Information is protected when transferred, in accordance with data transfer restrictions that apply in the European Economic Area (“EEA”) including implementing EC standard contractual clauses for transfers of Personal Information, (see http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
How Long We Keep Your Personal Information
We retain your Personal Information for the term of our contractual obligations to you or your employer, and to identify or anticipate any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances:
- To request to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your personal data, including the right to object to marketing [(as mentioned in our ‘Marketing and Communications‘ section];
- to request that your provided personal data be moved to a third party.
Your right to withdraw consent:
Where the processing of your personal information by us, is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at firstname.lastname@example.org. You can also change your marketing preferences at any time as described in our ‘Marketing and Communications‘ section.
These rights may be limited in some circumstances by local law requirements.
You can also exercise the rights listed above at any time by contacting the iRhythm Privacy Officer at email@example.com.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, see: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
If you have any questions or concerns about the WPP or would like to exercise your rights, we encourage you to contact us at:
iRhythm Technologies Ltd.
1 Farnham Road
iRhythm Technologies, Inc.
650 Townsend Street
San Francisco, CA 94103
Attn: Privacy Official
Any changes to the WPP will be posted on this Website promptly. Your continued use of the Website constitutes your agreement to this WPP.
iRhythm Technologies Ltd. and iRhythm Technologies, Inc. (“iRhythm™”), care about your confidentiality and privacy rights and comply with data protection laws to keep your information safe. Please read this patient notice carefully before returning it with your ZIO® XT Patch cardiac monitor to iRhythm.
- CONFIDENTIALITY AND CONSENT
Your doctor has prescribed the ZIO service for you. iRhythm provides the ZIO service, which includes long-term heart monitoring and evaluation. Your doctor will, with your consent, start the ZIO service by attaching an adhesive monitoring device to your chest. This device will collect your heart rhythm data. Your doctor will collect identification information such as your name, address and date of birth, and send it to iRhythm. Your heart rhythm data will be sent to iRhythm when you return the ZIO patch by post.
iRhythm receives and processes your personal information in confidence to help create a report of the findings. Only iRhythm, your doctor and hospital will have access to this report for the purpose of supporting your direct care. iRhythm may also replace your direct identifying information with a reference number and study your heart rhythm data for two reasons: (i) reporting to your doctor and (ii) improvement of iRhythm services.
You have the right to object to the disclosure of your personal information. If you wish to do so, please contact the iRhythm Privacy Official through our UK office at 0-808-189-3411 or via email at firstname.lastname@example.org. Please also consult your doctor regarding his or her privacy practices.
- DATA PROTECTION
Here we explain how iRhythm collects and uses your personal information and heart rhythm data during and after your use of the ZIO service.
How will iRhythm use information it receives about you?
iRhythm will use your personal information for the purpose of providing preventive medicine services, supporting medical diagnosis and the provision of direct health care or treatment.by your doctor and/or hospital.
iRhythm may also use your personal information in the following situations:
- To conduct analysis in iRhythm’s legitimate interests for statistical reporting purposes
- To improve iRhythm services, after ensuring your interests and rights do not override
- In the event iRhythm needs to comply with a legal obligation
- Where it is needed to protect your vital interests (or the interests of another person)
Your personal information will be used only for the purposes collected. If iRhythm needs to use your personal information for an unrelated purpose, we will notify you and where relevant obtain your consent.
We may share your information in the following circumstances:
- Within the iRhythm group when needed to support our processing of your personal information.
- With contracted software and service providers (e.g. for hosting, maintenance and audit). These providers have limited access to your personal information only to the extent necessary to perform these support tasks on our behalf and subject to the same confidentiality and security safeguards as those applied by iRhythm.
In accordance with European Union data protection law, iRhythm will transfer your personal information to its clinical center(s) and systems in the United States. We implement safeguards to ensure your personal information is protected when transferred, including entering into European Commission standard contractual clauses for transfers.
How long will your information be used for?
We retain personal data for the length of your use of the ZIO service and as necessary to meet our contractual obligations, to identify issues or to resolve legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
Your rights in connection with personal information
You have the right under certain circumstances:
- To be provided with a copy of your personal data held by us
- To request the rectification or erasure of your personal data held by us
- To request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example)
- To object to the further processing of your personal data
- To request that your provided personal data be moved to a third party
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent by contacting us, your doctor or hospital. The possible consequences of this will be explained to you and could include delays in diagnosis, care or treatment that the ZIO service supports.
If your request or enquiry is not satisfactorily resolved by us, you may approach the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.