Data Protection and Privacy Policy

Last Updated: September 8th, 2020

Welcome to PostureHealth, a website and desktop application (collectively, the “Site”) operated by PostureHealth, Inc. (the “Company”).

The Site provides the Service as explained in our Terms & Conditions.

We respect and protect the privacy of our Site users. This Data Protection and Privacy Policy (“Policy”) explains how we collect and use your information and is part of our Terms of Use when you use our Site.

Your Consent
By using our Site, you consent to our Data Protection and Privacy Policy. If you don’t agree, please don’t use our Site.

Definitions
Company
“Company” means PostureHealth, Inc. 149 New Montgomery Street, San Francisco, CA 94105, USA.
GDPR
“GDPR” means that General Data Protection Regulation Act. (This is a law that applies in the European Economic Area (EEA).)
Data Controller
“Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. The Company is the Data Controller for the personal data you submit via the Site.
Data Processor
“Data Processor” means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject
Data Subject is any living individual who is using our Site.

Principles for Processing Personal Data
Our principles for processing personal data subject to the GDPR are:

  • Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
  • Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
  • Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
  • Accuracy. We take reasonable steps to ensure that personal data will be accurate, and that any mistakes are rectified or erased without delay.
  • Storage Limitation. We will not keep personal data for longer than we need it. (However, we may keep anonymized data for an indefinite term.)
  • Confidentiality and Integrity. We use appropriate measures to maintain the confidentiality and integrity of personal data.

What information do we collect?
When you register to use the Service via the Site you'll be asked to provide certain information about you, such as your name, phone number, and email.

Posture Coach
This app includes the functionality of video recording a user‘s exercise sessions. This feature will only be enabled after getting explicit consent from the user. This feature doesn’t store or record any video of the user.

Motion Coach
This app includes the functionality of video recording a user‘s exercise sessions. This feature will only be enabled after getting explicit consent from the user immediately before an exercise session by means of a dedicated screen. You can either agree to record your exercise session or record all sessions for 24 hours. If you choose to record your exercise session, the video recording will automatically end with the exercise session and can be stopped at any time by cancelling the exercise session. If you choose to record for 24 hours, any exercise session you begin within the 24 hours will be automatically recorded. If you decide to allow the recording, please ensure that no other persons are visible in the camera frame or those persons also consent to this agreement.

The video recordings will be processed to improve the functionality of the app. In particular, the following processing steps will occur:

  • Review of the recordings by individual employees and annotation of exercise state, movement characteristics, body pose, other body features, as well as environmental factors that might have an impact on body detection. Review and andnotation is performed by individual employees as well as our HIPAA Business Associates.
  • Training of Machine Learning models for automatic detection of exercise state, movement characteristics, body pose, environmental factors, as well as other medical factors by connecting the video records to data collected within the app.
  • We will save the video recordings for 3 years, we will not share the data with third parties, and we aim to anonymize the data as soon as possible. The data will be transferred to us in an encrypted way.

If you sign up via a social network like Facebook, your agreement (and our access to your information) takes place when you instruct, accept, or allow Facebook to register you for the Site or otherwise connect you to the Site. We will collect such information as you allow based on your social media settings and the policies of the social media site. We may also collect information to verify your social media credentials.

Our third-party billing service provider will also collect information such as your full name, credit card number, and billing address.

We and our third-party service providers may collect certain information about your use of our Site. For example, we may collect and/or use:

  • Log information (including your IP address, browser type, Internet service provider, referring and exit pages, operating system, dates/time of access, and related data)
  • Information collected by cookies and tracking pixels (as discussed below)
  • Web beacons (also called "Internet tags" or "clear gifs"; used to count visitors to our Site and which pages were viewed and links clicked)
  • Embedded scripts (code temporarily downloaded onto your device to collect information about your interactions with the Service and thereafter deleted or deactivated)


Where do we store your information?
Your information may be stored in our own servers or in servers owned by third-party cloud storage providers.

Third-party storage providers may not use your information except as provided in this Privacy Policy.

How do we use your information?
Information we collect from you might be used:

  • To verify your identity when you return to the Site
  • To provide you with Services
  • To notify you about changes to our Site and Services
  • To gather analysis or other information to improve our Site and Services
  • For marketing purposes
  • To personalize the ads you see when you visit other sites
  • To respond to your messages and comments
  • To provide customer support
  • To detect, prevent, and address technical issues
  • To send you technical notices
  • If you are receiving Services through your employer or employer’s health plan, we will not share personally identifiable information about your health and progress with your employer or employer’s health plan. We may send aggregated or de-identified information to your employer or employer health plan for billing purposes.
  • We may send personally identifiable health information to your provider or non-employer insurance plan if you are receiving Services through your healthcare provider, medical therapy provider, or non-employer insurance plan.

HIPAA

  1. Some of the information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). For more information about your rights under HIPAA, please refer to our HIPAA Policy. To the extent other state or local privacy and data protection laws apply to your data, we will comply with those requirements as well.


Legal Basis for Collecting and Processing Personal Data
Our legal basis for collecting and using the personal data described in this Policy depends on the personal data we collect and the specific context in which we collect the information:

  • We need to perform a contract with you.
  • You have given us permission to do so.
  • Processing your personal data is in our legitimate interests.
  • We need to comply with the law.

Please be aware that if you do not provide personal data we may be unable to provide some Services to you.

Do we use cookies or Tracking Pixels?
Yes.

Cookies are small files that include an anonymous unique identifier. Cookies let us recognize your browser and remember certain information about you in order to personalize your experience of our Site.

We also use cookies to compile aggregate data about traffic to our Site so that we can improve our Site and Site.

We may use both persistent and session cookies. Persistent cookies remain on your computer after you close your session and until you delete them; session cookies expire when you close your browser.

A tracking pixel is a tiny pixel-sized image that allows us to track your Site visits, advertising impressions, and other types of Internet activity. It's also sometimes called a web bug, beacon, or page tag.

Do We Use Google AdWords or other remarketing methods?
Yes.

We may use the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our Site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network.

Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to our Site. Any data collected will be used in accordance with our own privacy policy and Google’s privacy policy.

You can set preferences for how Google advertises to you using the Google Ad Preferences page.

Do We use Google Analytics?
Yes.

Users who visit the Site and have JavaScript enabled are tracked through Google Analytics. Google Analytics collects information anonymously and reports website trends to us without identifying individual visitors. Google Analytics collects a variety of information from users, including the Internet protocol (IP address) that is used to connect your computer to the Internet (which it does not report to us), your Internet service provider (ISP), browser type, type of operating system, the full Uniform Resource Locator (URL) clickstream to, through, and from our Site, including date and time, cookie, the length of time you spend on particular pages, which links you click while on our Site, and similar Site visit information. Google Analytics data is shared with Google.

For more information on Google Analytics or to opt-out of having your information shared through Google Analytics, visit: http://www.google.com/intl/en/analytics/privacyoverview.html.

For more information on Google’s privacy policy, visit http://www.google.com/intl/en/policies/privacy/.

We use this information to make our Site easier to find on the Internet and to improve our Site by learning which pages and features are interesting to our visitors. We treat this information as non-personal information and do not attempt to connect it to personally identifiable information, except as otherwise required by law.

Do we transfer your data to other countries?
We may transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA.

If you are located in the EEA, we will only transfer your personal data if:

  • the country to which the personal data will be transferred has been granted a European Commission adequacy decision;
  • the recipient of the personal data is located in the US and has certified to the US-EU Privacy Shield Framework; or
  • we have put in place appropriate safeguards in respect of the transfer, for example we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.

You may request more information about the safeguards that we have put in place in respect of transfers of personal data by contacting us.

How Do We Respond to "Do Not Track" Signals?
We may track your browsing behavior to better tailor suggestions and information for you.

Some third-party sites also keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.

You can opt out of certain tracking by adjusting the settings on your browser. However, many websites (including the Site) may not respond to such signals.

There are also browser extensions that may block tracking. Again, they may not be effective in all cases.

How long do we store your information?
We will retain your personal information only for as long as is necessary for the purposes set out in this Policy.

We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

We intend to store some of your information and User Content indefinitely.

What about links to other websites?
We may provide links to or compatibility with other websites. However, we’re not responsible for the privacy practices employed by those websites or the information or content they contain, or for any interactions with such websites or their users.

How do we protect your information?
We use Site-appropriate physical, electronic, and other procedures to safeguard and secure the information we collect. However, please be aware that the Internet is an inherently unsafe environment, and that hackers are constantly working to defeat security measures.

Thus, we cannot guarantee that your information will not be accessed, disclosed, altered or destroyed, and you accept this risk.

How can you protect your information?
We urge you to take steps to keep your personal information safe by not sharing it with others or posting it online.

Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information (PII) for commercial or marketing purposes.

We may share your PII with third-party processors, which can include:

  • Payment processors
  • Providers of email management and distribution tools
  • Providers of security and fraud prevention services
  • Providers of date aggregation and analytics software

We will, if required by a valid court order, provide your personal information in a civil or criminal proceeding.

We will not share any PII that we have collected from or regarding you except as described below.

Information Disclosed in Connection with Business Transactions. If we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third party acquirer in connection with the transaction.

Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.

Sub-processors
The Company works with certain third-parties to provide specific functionality within the Site.

By using the Site, you also authorize the engagement of these third parties as sub-processors of your data.

If you object to the sub-processors’ handling of your data on the terms indicated at the links, please terminate your use of the Site.

Entity Name

Subprocessing Activities

Entity Country

Google Firebase

Cloud Service Provider

USA

Amazon Web Services, Inc.

Cloud Service Provider

USA


You may contact these sub-processors directly to have any information they store about you erased.

We may update our list of sub-processors by posting that information in this privacy policy. Please check back for updates.

Not Intended for Children
Our Site is not intended for children under the age of 18 We do not knowingly or specifically collect information from or about children under the age of 18.

Notice for Minors
If you are under the age of 18, and If our Site publicly displays your content, at any time you can delete or remove your content using the deletion or removal method within our Site. If you have questions about how to remove your content, or you need assistance, you can contact us here. Although we offer deletion capability, you should be aware that your removal of your content may not ensure complete or comprehensive remove the content or information posted through the Site, especially if it has been shared by others. Also, there may be circumstances in which the law does not require or allow removal even if requested.

Data Protection Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to be informed of your rights
  • The right to access, update or to delete the information we have on you
  • The right of rectification (to correct mistakes)
  • The right to erasure (known as “the right to be forgotten”)
  • The right to restrict processing of your data
  • The right to data portability
  • The right to withdraw consent

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Withdrawing Consent
If you wish to withdraw your consent to process your personal data, please contact us. If you withdraw your consent, this will not make processing which we undertook before you withdrew your consent unlawful.

Changes to our Privacy Policy
If we decide to change our Privacy Policy, we will post those changes on this page. We may also, but are not required to, send you an email notice.

Contact Us
If you have questions about our Privacy Policy, please contact us at privacy@theposturehealth.com.