Last Revised: September 10, 2020
Your privacy matters to us, so whether you are new to Somnology or a long-time user, you can learn about our privacy practices below, and contact us at firstname.lastname@example.org if you have any questions.
- What information we collect and why we collect it.
- How we use and share that information.
- The choices we offer regarding your information.
- The measures we take to protect the information.
Information We Collect
We may collect the following types of information from you when you visit or use our Services. The information may be stored on the device you use to access the Services and on our servers.
- Account and Profile Information.When you create an account, we may ask you to provide your name, email address, password, date of birth, gender, height and weight, and other personal or health-related information.
- Monitoring and Usage Data.We collect certain information through your use of the Somnology devices connected to the Services, such as your sleeping patterns, heart rate, breathing, snoring, movements, and the ambient noise level of your sleeping environment, as well as the local time, time zone and geographic location of data acquisition.
- Notes and Memos.You may be able to add notes or journal entries to your sleep data, including information that is relevant to the subjective quality of your sleep.
- Connected Services.If you choose to connect the Services to Fitbit, Apple Health, Google Fit, or other third-party health data services, we may request your permission to access health-related information from them, such as heart rate BPM, step count, activity sample, distance, active energy, blood glucose, oxygen saturation, resting energy, sleep analysis, diastolic blood pressure, systolic blood pressure, flights climbed, weight, and workouts. Fitbit, Apple Health, Google Fit, and other such third-party health data services may offer you tools to limit which data that we access.
- Mobile Device Information.When you use our Services, we receive information about your device, such as its model and operating system version, your IP address, the type of browser you use, unique device identifiers, and network information.
- Customer Support Inquiries.If you contact us directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
- Payment Information.When you make payments through the Services, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
- Cookies and Related Technologies.When you visit our Services or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Services. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Sites through a web browser. However, if you do that, the Sites may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers.
How We Use the Information We Collect
We may use the information we collect for the following purposes and as permitted in any other agreements we have with you:
- To Provide and Improve the Services and other Somnology Products and Services.We use information to provide, evaluate, and improve the Services, including to perform the sleep data analysis service and provide you with reports based on analysis of your health-related information, including your self-reported sleep data, data collected via your use of Somnology devices, and data from Fitbit, Apple Health, Google Fit, or other third-party services (if connected to the Services); to analyze our products and their usage to enhance and improve our existing Services; to develop new products and services; manage our communications; and perform accounting, auditing and other internal functions.
- To Communicate with You.We may send you emails and push notifications to your mobile device if they are enabled, to verify your account and for informational and operational purposes, such as account management, alerts, reminders, customer service, system maintenance, and other Services-related purposes.
- Process Payments. We use your information to facilitate transactions, deliveries, and payments.
- We may use information to provide online advertising on the Services and to send you special offers, surveys, and other promotional information we think may be useful or relevant to you. Where required under applicable law, we will obtain appropriate consent to send you marketing communications. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at email@example.com.
- Data Analysis.We analyze the information we collect to provide our products and services, such as providing reports to you. We may also de-identify and/or aggregate information, and use and disclose it for business purposes (for example, to provide statistical information and data regarding trends to Somnology affiliates and our partners).
- Compliance with Legal and Other Requirements and to Protect Rights.We may use information to protect against, identify, and prevent fraud and other unlawful activity, claims and other liabilities. We also may use information to comply with and enforce applicable legal requirements, relevant industry standards, and our policies.
- Health Information Portability and Accountability Act (“HIPAA”) Compliance.We may use Protected Health Information as permitted or required by HIPAA and in compliance with our agreements with providers or their business associates.
Information We Share
- Vendors and Service Providers.We may share any information we receive with vendors and service providers we use to help us provide the Service. Examples of these vendors and service providers include entities that process credit card payments, fulfill orders, and provide analytics and web hosting services. We require our vendors and service providers by contract to only use or disclose the information they process on our behalf as necessary to perform certain services on our behalf or comply with legal requirements. When Protected Health Information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA.
- Members of our Group.We may share your information with any members of our group, which includes our affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.
- Fitbit, Apple Health, Google Fit, and Other Third Party Services.If you permit the Services to connect to Fitbit, Apple Health, Google Fit, or other third-party services, with your permission, we will share some health-related information with them. Fitbit, Apple Health, Google Fit, and other such third-party services may provide additional controls to limit the information the Services provide to them. If you connect your Somnology account to a third party application through Fitbit, Apple Health, Google Fit, or another third-party service, you may be asked to share your information with that application. We will not share your information without your permission.
- Advertising partners.We do not rent, sell, or share personal information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission.
We may work with third party advertising partners to show ads for our Services that we think may interest you after you visit our Services. These third party partners collect information from you when you visit our Services and other online services. Where required under applicable law, we will request your consent to such collection and use of your information. You may be able to opt out of receiving personalized advertisements from us and our advertising partners who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations. Links to those sites are here:
Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/
- Legal and Similar Disclosures.We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law, including HIPAA and EU data protection law; or protect your, our, or others’ rights, property, or safety.
- Other Disclosures. We may disclose information in other ways when we have consent to do so, such as provided in other agreements we may have with patients and providers.
Your Rights and Choices
We offer you certain choices in connection with the information we collect about you.
Subject to applicable law, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information blocked or deleted, as appropriate. Your rights to your information may be limited in some circumstances by local law requirements. You also have the right to withdraw your consent to the collection of your information. Note however that if you exercise your right of blocking or deletion, if you decline to share certain information with us, or if you withdraw your consent, we may not be able to provide to you some of the features and functionalities of the Services.
If you are located in the United States, your rights in connection with the information we collect about you may vary based on whether such information is Protected Health Information, as defined by HIPAA, and whether you have chosen to share that information with patients, providers, and technicians. Our ability to provide you with the ability to access, amend, update, or delete certain information or to discontinue a certain data use or disclosure may be limited by our obligations under HIPAA and under the agreements we have with providers. We may also direct you to contact your provider to access, amend, update, or delete information stored in the Services.
If you receive promotional messages from us, you may unsubscribe at any time by following the opt-out instructions contained within the message. Even after you opt-out of receiving promotional messages from us, you may continue to receive administrative messages from us regarding the Services. You may turn off push notifications through your device settings.
Somnology users may also contact us to:
- Stop the sharing of your information with a specific provider;
- Request information about any disclosures of your information that we have made;
- Update your email preferences or ask us to remove your information from our mailing lists; or
- Submit another type of request.
You may terminate your account at any time by following the procedures detailed on the Services or by contacting customer support at firstname.lastname@example.org. Note that we may be required to retain your information as necessary to comply with our HIPAA obligations or other obligations under applicable law, and the agreements we have with providers. We will continue to use de-identified and/or aggregated information, as permitted under applicable law and agreements we have with providers.
All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (OLAF)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.
International Data Transfers
We may transfer information we collect about you to countries other than the country in which the information originally was collected. If you are in the European Economic Area (EEA) or other region with laws governing data collection and use that differ from those of the United States, please note that your information may be transferred to countries located outside the EEA, in particular to the United States, where we are headquartered and where some of our service providers are located. Those countries may not have the same level of protection as the country in which you initially provided that information. When we transfer your information we will protect it as described in this Policy.
How We Protect Information
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Even so, we cannot guarantee that information about you is always secure, because data security measures in use from time to time may be vulnerable. Consequently, please be mindful of the risks that information about you may be exposed to when you use the Service.
If you are located in the United States, we may in some cases act as a “business associate” as regulated by HIPAA when we process Protected Health Information, as defined by HIPAA. Accordingly, we may be required to adopt and maintain appropriate physical, technical, administrative, and organizational procedures to safeguard and secure the Protected Health Information we process, and we also may be required to not access, use, or disclose the Protected Health Information except as permitted by our partners, you, and/or applicable law. We are not responsible for providers’ activities and omissions, in particular, how they retain or secure their own data related to the provision of the Services.
The Services may permit you to export data to third party applications and services, such as your mobile device’s email application. Such applications may not be HIPAA compliant or protect the information as is required by HIPAA or other applicable privacy and data protection laws. You are responsible for choosing to use such services to communicate health-related information.
Protecting the privacy of children is especially important. Our Services are not directed to children, and we do not knowingly collect personal information from children under 13. Somnology respects the role of parents or guardians in the monitoring of their children’s online activities. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please contact us at email@example.com.
California Privacy Rights (“CalOppa”)
California consumers have a right to knowledge, access, and deletion of their personal information under the California Consumer Privacy Act. California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising one of their California privacy rights. Somnology does not sell the personal information of California consumers and does not discriminate in response to privacy rights requests.
If you are a California consumer without a Somnology account and you or your authorized agent would like to exercise your privacy rights, requests may be made to firstname.lastname@example.org. If you do not have a Somnology account, Somnology will ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Somnology, but the specific information requested may differ depending on the circumstances of your request for your security and to protect privacy rights. If we delete your personal information, we will both render certain personal information about you permanently unrecoverable and also deidentify certain personal information.
Links to Other Websites and Applications
The Services may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites’ or applications’ content, any use of the sites or applications, or the privacy practices of the sites or applications.
How to Contact Us