UK Website Privacy Policy
Effective December 3, 2024
iRhythm Technologies, Inc., and its affiliates and subsidiaries ("iRhythm"), values the security and privacy of your personal data. This Website Privacy Policy ("WPP") is intended to inform you of what data is gathered through iRhythm's irhythmtech.com website (the "Website") and callers to our sales team, how this information is used, and what measures are taken to maintain the privacy of your information.
"Personal data" means any information relating to an identified or identifiable individual as defined in the Data Protection Law.
To Whom Does This Website Privacy Policy Apply?
This WPP applies to all users of the Website. This WPP does not address our data protection practices related to use of patient personal data. If you are a patient please read our Patient Notice which explains how iRhythm collects and uses your personal data and heart rhythm data during and after your use of the Zio Service. Also, please contact your health care provider for information regarding their privacy practices.
A Word About External Websites
External websites that may be referenced within this Website are not covered by this WPP; they have their own policies, and we encourage you to review those policies prior to using such external sites.
For the purposes of European Economic Area data protection law, the General Data Protection Regulation and the UK Data Protection Act 2018, (the "Data Protection Law"), the data controller for those accessing this Website from Europe is iRhythm Technologies Limited.
What Information Do We Gather About You?
iRhythm collects various types of personal data that you provide us as well as information collected from automatic means when you use the Website. What we gather and how we use it is explained below.
Information You Provide
We collect any information that you provide when you use the Website. For example, the Website may include web pages that give you the opportunity to provide us with personal data about yourself, such as your name, email address, job function, etc. You do not have to provide us with this information if you do not want to; however, that may limit your ability to use certain functions or to request certain services or information.
Information Automatically Collected From You
We may automatically collect certain technical information from your computer or mobile device when you visit the Website, such as your Internet Protocol address, your browser type, your operating system, the pages you view, and the search terms you enter.
We and our service providers may collect information using cookies or similar technologies. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device. Cookies may enable us to personalize your experience on the Website, maintain a persistent session, and carry out marketing and other activities. The Website may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).
Most web browsers automatically accept cookies and similar technologies. If you prefer, you can disable this functionality. Please refer to your browser’s help section for further information. If you block all cookies this may limit your ability to take advantage of all the features of the Website.
We use cookies and other technologies because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, or where you have consented to their use.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Website and under our terms with you. They include, for example, cookies that enable you to move from one page to another within a session or to log into secure areas of the Website.
- Functionality cookies. These are used to preserve your preferences when you return to the Website. This enables us, subject to your choices and preferences, to personalise our content on the Website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors navigate the Website. We also use analytical/performance cookies to operate, maintain and improve our services, and for advertising purposes. This helps us for our legitimate interests of improving the way the Website works.
Where you have not set your permissions, we may also separately prompt you regarding our use of cookies on the Website.
You can find more information about the individual cookies we use and the purposes for which we use them here:
Cookies & Purpose | Further Information |
"CloudFlare"
We use a cookie from CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. This cookie expires 1 month after your site visit.
|
For more information on the CloudFlare cookie, please visit: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies#12345679 |
"Google" (Google, Inc.)
We use cookies from Google, including cookies installed by Google Universal Analytics and Google Tag Manager, which are deployed to allow us to gain insights about how to improve the functionality and user experience of our Website. These cookies allow us to count web page users and see how they navigate and interact with our Website. This helps us to improve the way our webpages work, for example by making sure visitors are finding what they need easily. The information these cookies collect includes traffic statistics, like number of page views, number of visitors, and time spent on each page. The information collected by Google, Inc. allows them to evaluate and compile reports on how our websites are used, and through analysis of such reporting, we can better understand how our users are interacting with our Website content, which allows us to customize, lay-out and better target the content we wish to share, giving you a more informative and seamless experience. By using our website with these cookies enabled, your IP address may be shared with Google, Inc. The expiration of these cookies is between 1 minute and 2 years from your site visit.
|
For more information on Google Analytics cookies, visit: www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout. This allows you to download and install a Google Analytics cookie-free web browser. |
"FreshMarketer" (Freshworks Inc. and its affiliates) We use a tool on our website called FreshMarketer to track user interactions with our website including where you click, how far you scroll down the page, the pages you visit, how long you spend on our website or pages, whether or not you make a purchase. This information is used in combination with other tracking cookies to deliver you a customized experience, and allows us to make reports about general usage of our website. These cookies expire two hours to 1 year after your site visit.
|
For more information about FreshMarketer cookies, please visit: https://support.freshmarketer.com/support/solutions/articles/50000001615-freshmarketer-cookies To opt out, please visit: https://www.freshmarketer.com/optout/index.html |
"Hubspot" (Hubspot, Inc.) Hubspot cookies are used for content targeting and performance purposes. One of the primary benefits to the user is that pre-populated forms and preferences, once entered, will be retained and remembered, giving a more efficient experience. We also use Hubspot cookies to ascertain user interests based on analysis of webpage browsing tendency. This allows us to render customized content on our website pages based on users' likely interests. By using our website with these cookies enabled, your IP address may be shared with Hubspot, Inc.
|
For more information about Hubspot cookies, please visit: https://legal.hubspot.com/privacy-policy. |
"Triblio" (Triblio, Inc.) We use a Triblio cookie for content targeting purposes. By tracking and sharing the IP addresses of our users with Triblio, the Triblio cookie allows us to associate a user's IP address with a likely account that may belong to them. This cookie thus enables us to render customized content on our websites, with that content being targeted towards that particular account holder and based on any previous interactions and purchase history. This gives users a more personalized experience with website content that is more likely to be relevant to them. We do not share your purchase history with Triblio, Inc., but by using our website with this cookie enabled, your IP address may be shared with Triblio, Inc. This cookie expires 1 year after your site visit.
|
For more information about Triblio cookies, please visit: https://triblio.com/privacy-policy/. |
"Twitter" (Twitter, Inc.) We use a Twitter cookie for social media integration, website tracking, and content targeting purposes. When you view Twitter content or Twitter products integrated into our website, Twitter may receive information including the web page you visited, your IP address, browser type, operating system, and cookie information. This cookie expires 2 years after your site visit.
|
For more information about Twitter cookies, please visit: https://help.twitter.com/en/rules-and-policies/twitter-cookies |
"LinkedIn" (LinkedIn, Inc.) LinkedIn cookies, pixels and other technologies are used for content targeting purposes, advertising, marketing measurements, language preferences, embedded service, routing and analytics and may collect information about you including IP address, device and browser characteristics, referring website, timestamp, and other information. These cookies expire 1 day to 2 years after your site visit.
|
For more information about LinkedIn cookies, please visit: https://www.linkedin.com/legal/cookie-policy |
“Facebook” Facebook cookies are used to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plug in. These cookies expire 2 months after your site visit.
|
For more information about Facebook cookies, please visit: https://www.facebook.com/policy/cookies/ |
In addition, for callers, we or our service provider(s) automatically collect the caller’s phone number; the name displayed on Caller ID (if available); call recordings and transcripts of calls you place to this number; and other data that may be combined with data sources of ours, our service providers, other third parties, or publicly available information such as from government records. |
How Do We Use the Information Collected?
Operation of the Website
We may use and store personal data we collect about and from you in our legitimate interests, where we have considered these are not overridden by your rights:
- Administer the Website and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes
- Keep the Website safe and secure
- Respond to requests that you make
- Improve and manage the Website
- Better tailor content, offers and features
- For purposes disclosed at the time you provide your information
Marketing and Communications
Where permitted in our legitimate interest or with your prior consent where required by law, we may collect certain personal data about you to send you electronic newsletters or promotional emails that we believe may be of interest to you, consistent with your choices.
In particular, if you fill out a form on the Website to receive a piece of content, we may collect information regarding your interactions with that content (e.g., clicking on content). We may also collect personal data about you that is publicly available on the Web and that is tied to the information you provided in the form (e.g., email address, name). Further, we may use personal data (e.g. phone number) to understand how you interact with our services and the effectiveness of our marketing campaigns. In addition, we may collect statistical information regarding website visitors’ navigation on the Website at an aggregated level (e.g., IP address, location, browser type, referral source, length of visit and pages viewed).
We engage with third-party service provider Hubspot to collect such information on our behalf. The collection of such information involves the use of cookies and similar technologies, as described above.
The information gathered will be used solely for marketing in connection with iRhythm’s business and will not be shared with any other third parties. You may opt out of receiving marketing communications from us by following the unsubscribe instructions in each such message, or by contacting us as indicated below.
Patients and physicians who provided testimonials for use by iRhythm sign release forms.
Can Third Parties View Your Information?
No personal data will be divulged to third parties outside the iRhythm Group (iRhythm Technologies, Inc. and iRhythm Technologies Ltd.), except as described below.
Merger Or Sale
In the event that iRhythm is acquired by or merged with a third-party entity, we may transfer or assign the personal data that we have collected as part of such a merger, acquisition, sale, or other change of control.
Other Disclosures Required Or Authorized By Law
We may disclose personal data about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.
Service Providers And Other Third Parties
We also may share personal data with our vendors, partners, agents, and service providers who perform certain services, such as website hosting, data hosting or marketing automation, on our behalf in accordance with our instructions and the Data Protection Law ("Third Parties"). We authorize Third Parties to access, use or disclose the information only as necessary to perform their services or comply with legal requirements. iRhythm requires all Third Parties with access to personal data to agree to safeguard the privacy and security of personal data they process on our behalf.
Other Website Privacy Policy Information
What Measures Are Taken To Protect Your Personal Data?
iRhythm maintains appropriate administrative, technical and physical safeguards to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Data transmitted to or from the Website is secured under industry encryption standards such as SSL.
Data sharing
We may share your information in the following circumstances:
1. Within the iRhythm Group when needed to support our processing of your personal data.
2. iRhythm may provide personal data to third parties including our vendors, partners and service providers (e.g. cloud service providers) who perform services on our behalf. These providers have limited access to your personal data only to the extent necessary to perform these support tasks on our behalf and subject to the same confidentiality and security safeguards as those applied by iRhythm.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
We are responsible and remain liable for the processing of personal data we receive, including where this involves an International Transfer of personal data or if we subsequently transfer to a third party acting as an agent on our behalf as described further below.
International Data Transfers
In accordance with data protection law(s), iRhythm will transfer only necessary personal data to its independent diagnostic testing facility in the United States and may share details of specific enquiries, reports or complaints received with the iRhythm US support team, in each case subject to applicable legal and supplemental safeguards.
Approved Standard Contractual Clauses and Supplemental Safeguards
iRhythm has executed approved Standard Contractual Clauses (SCCs) with iRhythm Technologies Ltd in order to provide adequate data protection for this data transfer. iRhythm also seeks to apply supplemental safeguards in support of the use of legal data transfer mechanisms, including pseudonymization of transmitted Zio patch data (using a patch serial number rather than a direct patient identifier) and encryption of transmitted data. iRhythm will keep under review the continued adequacy of any data transfer arrangement.
Data Privacy Framework
iRhythm Technologies, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. iRhythm Technologies, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, iRhythm Technologies, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact iRhythm at Support@irhythmtech.com or (888) 693-2401.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, iRhythm Technologies, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to TrustArc, an alternative dispute resolution provider based in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
How Long We Keep Your Personal Data
We retain your personal data for the term of our contractual obligations to you or your employer, and to identify or anticipate any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
Your Rights
You have the right under certain circumstances:
- To request to be provided with a copy of your personal data held by us;
- To request the rectification or erasure of your personal data held by us;
- To request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- To object to the further processing of your personal data, including the right to object to marketing (as mentioned in our 'Marketing and Communications' section; and
- To request that your provided personal data be moved to a third party.
Your right to withdraw consent
Where the processing of your personal data by us, is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at privacy@irhythmtech.com. You can also change your marketing preferences at any time as described in our 'Marketing and Communications' section.
These rights may be limited in some circumstances by local law requirements.
You can also exercise the rights listed above at any time by contacting the iRhythm Privacy Officer at privacy@irhythmtech.com.
How Can You Contact Us About This Website Privacy Policy?
iRhythm Technologies Ltd.
Seal House
56 London Road
Bagshot
Surrey, GU19 5HL
United Kingdom
Phone: 0808 189 3411
Fax: 0808 189 3303
iRhythm Technologies Ltd.
699 8th Street
Suite 600
San Francisco, CA 94103
United States
Attn: Privacy Official
Phone: 415.632.5700
Fax: 415.632.5701
Contacting iRhythm and resolving disputes about your information
You can contact iRhythm about your rights or with any questions about this privacy policy as further described above, by contacting the iRhythm privacy official through our UK office at 0808 189 3411 or via email at privacy@irhythmtech.com.
Complaint to Data Protection Authority
If your request or enquiry is resolved to your satisfaction, you may approach your supervisory authority for data protection concerns in the following countries:
United Kingdom: Information Commissioner’s Office, https://ico.org.uk/
Austria: Österreichische Datenschutzbehörde, https://www.dsb.gv.at/
Spain: Agencia Española de Protección de Datos, https://www.aepd.es/es
Netherlands: Autoriteit Persoonsgegevens, https://www.autoriteitpersoonsgegevens.nl/
Switzerland: Federal Data Protection and Information Commissioner, https://www.edoeb.admin.ch/
FTC enforcement
iRhythm is subject to the investigation and enforcement actions of the Federal Trade Commission (FTC). iRhythm may be required to share your personal data, including the disclosure of EU personal data, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.
Binding Arbitration
Under certain conditions, you may be able to invoke binding arbitration for complaints regarding iRhythm Technologies, Inc.’s compliance with the Data Privacy Framework not resolved by any of the other mechanisms provided. For more information on binding arbitration for Data Privacy Framework complaints, please visit DPF ANNEX I-Introduction.
Updates To The Website Privacy Policy
Any changes to the WPP will be posted on this Website promptly. Your continued use of the Website constitutes your agreement to this WPP.