Proteus Digital Health

Privacy Notice

September 20, 2018

We, at Proteus Digital Health, ® Inc. (“Proteus”), respect your right to privacy.  We want to explain to you how we collect and use data from our website and from our products. We want you to understand what we do with information about you.  We also want you to know what rights you have over your information.

Please read this to learn about how we protect your privacy. We want to explain to you how we collect personal information about you; what we do with the information; your choices about your data; and how you can exercise your privacy rights. We also explain our Proteus Discover® program and how it collects your data.

When you use our website or product you are agreeing to the terms of this Privacy Notice.

 

1. Privacy Overview

2. What Does the Proteus Discover® Program Do?

3. What Personal Information Does Proteus Collect, Why, and How Do We Use It?

4. With Whom Does Proteus Share My Information?

5. Internet Log Data, Cookies and Other Tools

6. Outside Websites and Applications

7. Legal Basis for Processing Personal Information

8. How Does Proteus Keep My Personal Information Secure?

9. Children

10. Information about Others

11. Data Retention

12. Your Data Privacy Rights

13. Nondiscrimination

14. Changes to This Privacy Notice

15. How to Contact Us

 

1. Privacy Overview

This Privacy Notice applies to all personal information that Proteus may collect from or about you from:

· Your use of the Proteus Discover® program, including without limitation the FDA-approved medical devices, medications, software and applications, and the online patient and provider portal (the “Portal” currently available at https://discover.proteus.com) (we call these the “Proteus Discover® Offerings”); and

· Your visits to and use of public-facing websites that we own or operate, including all sites and pages on the https://discover.proteus.com domain and any other sites, software or applications that are not part of the Proteus Discover® program (the “General Sites and Services”).

If you have any questions about our collection or use of your personal information, then please contact us using the contact details provided below or at the bottom of this Privacy Notice:

Toll-free privacy number: 1-855-255-5858

Submit Privacy Policy question via email

2. What Does the Proteus Discover® Program Do?

The Proteus Discover® program can help you and your doctors with your health care. The program is made up of ingestible sensors, a small wearable sensor patch (the Proteus Patch®), an application on a mobile device and a provider online portal. To activate the Proteus Patch, you swallow an ingestible sensor with your medicine. Once the ingestible sensor reaches your stomach, it transmits a small signal to a patch worn on your torso. The patch sends a digital record to your mobile device and then to the Proteus cloud where your health care providers can access it via their portal. The Proteus Patch® also measures activity and rest. In combination with the sensors and the wearable patch, your health care provider may also prescribe use of a blood pressure cuff or weight scale to collect blood pressure information and your weight. With Proteus Discover®, you can monitor your medication-taking patterns on your mobile device. Your physician can have access to data that enables them to initiate, titrate and eliminate medication. Using data from Proteus, health systems are able to measure treatment effectiveness and improve the care for their patients.

3. What Personal Information Does Proteus Collect, Why, and How Do We Use It?

We collect personal and technical information that you provide to us directly, that our technology may collect and send us automatically or with your permission, or that we receive from third parties. We may combine information we get about you from multiple sources.

“Personal information” in this Privacy Notice means all the information and data that we collect or otherwise obtain about you that can be linked to you personally or to your household. For example, any information that can be linked to your name, address, telephone number, or e-mail is personal information.

“Anonymized information” in this Privacy Notice means data that does not personally identify you because we removed information that would make the data personally identifiable (such as your name or email). Anonymized information may be created and used as unique, anonymized records or in aggregated form.

Note about your health information: If we collect information that the law defines as protected health information, then our access, collection, use and disclosure will be governed by applicable laws and our agreements with health care providers. Sometimes the same information could be PHI or not, depending on how and where it is collected, and Proteus will comply fully with applicable law.

A. Proteus Discover® Program:

When you use the Proteus Discover® offerings, we may collect your personal information as follows:

(1) When you use Proteus Discover®, we collect all information transmitted about you and your activities that our devices send us, including:  (1) a user or device ID that we use to identify you and your data; (2) when medicines are taken, (3) physical activity levels, (4) rest patterns, (5) other physiologic or biometric information, (6) Patch connection to the body and the mobile app, (7) Patch battery status, (8) your receipt of smart notifications and alerts; and (9) permissions that you granted us on your device(s). Proteus Discover® does not make or transmit sound recordings or track your geolocation while you use our device.

(2) Whenever you interact with Proteus about the Proteus Discover® program over the phone, email, website forms, or otherwise, we may collect information from each communication. For example, you may ask us a question about our offerings or respond to us when we reach out to you. We also collect information when you answer questionnaires and surveys.

(3) Personal information we may receive from your health care team. We may get information about you from your health care team. This may include basic information such as age, gender, and height; and medication adherence data. The precise information we receive will depend on the product or service you are using or receiving and your health care team’s rights to provide us the information in compliance with law.

(4) Internet log data and cookies. We collect Internet Log Data and you may interact with cookies. These are more fully described below.

We may use the personal information collected from your use of Proteus Discover® for the following reasons and purposes and in compliance with the law:

· identify you and provide you all the services that you have been prescribed or otherwise have asked to receive from us, including sending follow up communications (such as smart notifications and alerts) that our services are designed to send;

· contact you with administrative/service related notices, requests and other information;

· investigate, and assist you with, any questions or complaints that you may have about the Service or Portal;

· contact you by e-mail, telephone or other ways to ask what you think about us, our offering, and other as pects of our interaction with you; and

· create and use anonymized information.

We may use anonymized information, created from the personal information collected from your use of the Proteus Discover® Offerings, for the following purposes and in compliance with applicable law:

· conduct medical activities;

· analyze and improve the Proteus Discover® program; and

· analyzing, enhancing and otherwise improving our commercial products, services and online presence, including performance and design.

B. General Sites and Services.

When you use the General Sites and Services, we may collect your information as follows:

(1) If you provide us information, we may collect it. For example, if you contact us via email, we may collect your name and e-mail address, as well as any other data included in the e-mail. If you register and use any of our General Sites and Services, we may collect your name and all other data provided as part of the registration process. We may also collect any information uploaded or otherwise input by you into our General Sites and Services, including, but not limited to, information related to medications you are taking and other health-related information about you.

(2) Internet log data and cookies. We collect Internet Log Data and you may interact with cookies. These are more fully described below.

4. With Whom Does Proteus Share My Information?

Except as noted below, Proteus will not share information about you with other individuals or businesses (called “third parties”). We do not sell your personal information.

A. All Personal Information.

Your personal information includes information that we receive through the Proteus Discover® program and our General Sites and Services. We may share your personal information with third parties under the following circumstances:

(1) Proteus Service Providers. Proteus may share data about you with third parties who provide us services so that we can run our business. To do this, we may need to share your personal information with the third party that provides us services. For example, we use Amazon Web Services as a third party provider of cloud hosting and we share information with them so that they can provide us the business services we need. We may also use third parties to conduct quality assurance testing, provide technical support, and to provide other services to Proteus. If we ask them to, a third party may contact you as part of the services it provides us. When we enter into service provider agreements, we contractually restrict the provider from using your identifiable personal information except to provide us the services we need or request.

(2) Buyers of Our Company. If there is a change in the ownership of Proteus or Proteus assets (e.g., another company acquires Proteus’s business or assets, whether by merger, sale of assets, sale of stock, through bankruptcy, or otherwise), to the new owners; the new owners will come to possess your personal information and we will use efforts to ensure that they continue to follow this Privacy Notice.

(3) To Comply with Legal Process or to Defend Our Rights. Regardless of any choices you make regarding your personal information (as described below), Proteus may disclose personal information if it believes in good faith that such disclosure is necessary:

· in connection with any legal investigation;

· to comply with relevant laws or to respond to subpoenas, court orders, warrants, or similar documents issued by a court having jurisdiction and served on Proteus;

· to protect or defend the rights or property of Proteus, our service providers, or other users of the Services; and/or

· to investigate or assist in preventing any violation or potential violation of the law, this Privacy Notice,

Terms of Use for the Site, or the Software License Agreement for the Software.

B. Information Collected Through Proteus Discover® Offerings; Caregivers.

In addition to the sharing described above, you may add Caregivers to receive SMS notifications about medications.  You may remove Caregivers at any time. Each Caregiver’s notification will automatically stop when you are no longer an active user of the service.

C. Anonymized and Aggregated Information.

Because anonymized and aggregated information do not identify you, we may share this information for any of our purposes as long as we comply with law. This includes sharing with third parties for research, analytical or product improvement purposes. We do not sell anonymized and aggregated information to anyone.

5. Internet Log Data, Cookies and Other Tools

A. Internet Log Data.

Even if you do not identify yourself to us, most web, online and mobile technologies automatically send technical, online tracking and similar information over the Internet when you connect to our networks.  We call this “internet log data” and describe it in the next paragraph.  We may collect it when you interact with us over the Internet using computers and mobile devices such as phones and tablets.  We may use internet log data to improve our offerings generally, make your use of our offerings more convenient, and see what our online visitors are interested in.  The internet log data may be tied to your IP address or other internet routing information.

We may collect internet log data through cookies, web beacons, and other technologies, including: your domain name; your operating system type, name and version; your browser type and operating system; web pages you view; your activities on our Sites or our mobile apps; links you click; your IP address; internal service provider (ISP); IP address (a number that is automatically assigned to your computer when you use the Internet); referring/exit pages; date/time stamp; the length of time you use or log into any portion of our offerings; and different actions you perform when you connect with us. If you use a mobile device, we may also collect your mobile device ID; location (geolocation) and language data; and device name and model.  We may combine this data with other data that we collect about you.

B. Cookies.

Overview.

We and our third party service providers use “cookies” and other tracking tools. A cookie is a small text file that a website sends to your computer or device’s hard drive while you are viewing a website. Some cookies allow us to make it easier for you to navigate our Portal. Other cookies are used to enable a faster log-in process or to allow us to track your activities on the Portal.  We may combine the data we maintain using cookies with other data we collect from you. Our third party service providers may do this on our behalf.

There are many types of cookies. The main ones we use are session, persistent and tracking cookies.

(1) Session Cookies. Session cookies exist only while you are online. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to identify you when you are online or while you are logged into the Portal. This allows us to verify who you are, after you have logged in. It also allows us to process your online transactions and requests as you move through the Portal.

(2) Persistent Cookies. Persistent cookies stay on your computer. They are there, even after you have closed your browser or turned off your computer. We use these cookies to track information and to retain log-in information.

Disabling Our Cookies.

We do not recommend disabling our cookies, because our Portal and our other websites are designed to work with both session and persistent cookies. This is primarily for convenience to you. If you disable cookies on the Portal, you will only be able to browse certain areas. Many Portal features may not work properly. You may use your internet browser settings to limit or eliminate cookies on your computer. The “Help” portion of the toolbar on most browsers will usually tell you the following information: how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies.

6. Outside Websites and Applications

Links to Outside Website. If you are on our Sites and click on a link to any website that we do not control or operate, you will leave our Site. At that point, another entity may collect data from you. We have no control over this.  We do not review, and you agree that we are not responsible for, outside websites or their content. Please be aware that the terms of this Privacy Notice do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites. You should always check the privacy policies of the websites that you visit.

7. Legal Basis for Processing Personal Information

Proteus enters into contracts with healthcare providers for the Proteus product. The health care provider writes a prescription for the Proteus Product. Proteus processes data to make the product effective to track ingestions and to provide data analytics.

8. How Does Proteus Keep My Personal Information Secure?

Proteus uses a variety of security technologies and procedures designed to help protect data from unauthorized access, use, or disclosure.  We have administrative, technical and physical safeguards in place that are designed to protect the confidentiality, integrity and availability of your personal information.

Any sensitive data transmitted to Proteus applications will be encrypted during transmission.  No method of transmission over the Internet or method of electronic storage is 100% secure, however.  Therefore, Proteus cannot guarantee its absolute security.

Each user is responsible for keeping their individual password secure and confidential.  You should take all necessary steps to ensure the confidentiality of your passwords to avoid third parties gaining unauthorized access to your data.  Please contact us immediately via e-mail or the postal address listed below if you suspect that there has been any unauthorized access to your account.

9. Children

A. Children under the Age of 13.

(1) Parents or Guardians Register for Children. Children, under the age of 13 years old, need to have a parent register for them. A legal guardian can also take care of this for a child.  Who is a legal guardian depends on local laws.

(2) Parents or Guardians fill out Consents for Children. The parent or guardian also needs to fill out a con sent form for the child.  The consent form is to allow us to collect data.  What data we collect from all users is explained above.

(3) Parents or Guardians can revoke Consents for Children. A parent or guardian can revoke the consent.

When they do this, we stop collecting the child’s information.  Please contact us to revoke a consent. Our contact information is below in “How to Contact Us”.  Once the consent is cancelled, the Services can no longer be used.

B. Children under the Age of 18.

Parents can get copies of their children’s data depending on the laws. This can be for all children under the age of 18 years old. Please contact us for more information.

10. Information About Others

If you give us information about another person, you should let that person know and get their permission to share their information with us. Please tell them about us and share a copy of this Privacy Notice.

11. Data Retention

Proteus will keep your personal information for as long as your account is active or as long as it is necessary to fulfill the purposes, for which it was collected, as necessary to comply with our legal obligations, to resolve disputes, enforce our rights or similar purposes, or the extent permitted or required by law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until the deletion is possible.

12. Your Data Privacy Rights

Below is a list of rights you may have under applicable data privacy laws.  Your rights may vary based on geography and other factors, and you may not have available to you all of the rights listed in this Section 13.  We will respond to all requests we receive from individuals wishing to exercise their data protection rights as required by the applicable data protection laws.  To the extent applicable to EU citizens and European laws, personal information means Personal Data.

A. Your Rights to Access Your Personal Information.

Upon a verifiable request from you, or in some cases upon a general or public request, you may have all, none, or some portion of the following rights under applicable law:

(1) The right to obtain from us confirmation as to whether or not we are processing your personal information (or that of your children under the age of 13 as further described in the next section), and if that is the case, the right to access:

(a) the specific pieces of personal information we have collected about you (or your children under the age of 13);

(b) the purposes of why we collected or used your Personal Information;

(c) the categories of personal information that we collected, sold, or disclosed about you for a business purpose (if any) in the previous 12 months;

(d) the recipients of your personal information (if sold or otherwise shared) and whether anyone is located in another country;

(e) where possible, the envisaged period for which your personal information will be stored, or, if not possible, the criteria used to determine that period;

(f) the existence of the right to request from us that we rectify or erase your personal information or restrict the processing of your personal information or to object to such processing;

(g) if you are in the European Union (“EU”), the right to lodge a complaint with an EU supervisory authority;

(h) if we did not receive your personal information from you directly, we can provide you with any available information that we have as to the source;

(i) the existence of any automated decision-making such as certain kinds of profiling, and in those cases meaningful information about the logic involved, as well as the significance and the envisaged con sequences of such processing for the data subject.

(2) Where your personal information is transferred outside of the country or to an international organization, 

the right to be informed of the safeguards used related to the transfer.

(3) We can provide a copy of your personal information that is being processed. For any further copies, we may charge a reasonable fee based on administrative costs. Please note, that we may need to restrict information if it might adversely affect the rights and freedoms of others.

B. Right to Rectify Inaccurate Personal Information.

You have the right to ask us to fix any personal information that we have about you that is wrong. You also have the right to add information to make our records complete.

C. Right to Ask Us to Erase Your Personal Information.

You have the right to ask us to erase the personal information that we have about you, and we will comply if required by applicable law.  We will work with you to erase your personal information, but bear in mind that applicable law may permit us to keep information that we need to provide the Products or Services, complete our transactions, maintain security and functionality, exercise speech rights, conduct research, comply with legal obligations, and other situations.  We may retain your information for as long as your account is active to provide you our Offerings. If you request deletion, then we may temporarily keep your information for lawful purposes and then delete it. When we delete any information, it will be deleted from the active database, but may remain in our archives or backups for some time. We may retain your information as necessary to comply with our legal obligations, resolve disputes, enforce our rights, or similar purposes. Following any deletion request, we may retain data related to your account in aggregate form in case you want to reactivate your account at some point in the future.

D. Right to Restrict the Processing of Your Personal Information.

In the following circumstances, per your request, we can restrict the processing of your personal information:

(1) the accuracy of the personal information is questionable and we need to verify the accuracy of the personal information;

(2) the processing is unlawful and you do not want us to erase the personal information, but you would like us to restrict our use instead;

(3) we no longer need the personal information to provide Services to you, but you are requiring it to exercise or defend legal claims;

(4) you have objected to us processing your personal information for a task carried out in the public interest or for a legitimate interest of ours pending the verification of whether these purposes are legitimate grounds;

E. Right to Data Portability.

We will provide you with your personal information in a structured, commonly used and machine-readable format and we can also transfer the data to a third party with your consent and to process it by automated means, so long as it does not interfere with the rights of others.

F. Right to Complain to a Data Protection Authority (EU member – country citizens only).

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

G. Right to Withdraw your Consent.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time and we will comply with your request to the full extent required by law. In certain instances, note that applicable law permits us to keep and process your information even after you withdraw consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

H. Choices regarding your personal information.

The Service may be used by children under the age of 13 only if they are registered by a parent or guardian in accordance with applicable laws. Parents of Users under the age of 13 will be required to provide consent as described in the section titled “What Data will Proteus collect and how will that Data be used?” and will be permitted to revoke their consent to further use and maintenance of information about their child as described in the section titled “Choices Regarding your Data.”

(1) Remote Access. Most of your personal data can be accessed remotely. Patients can access their data through the mobile app.  Health care providers can access data through the Portal. You have the right to request a copy of personal data we have about you. If you would like to make a request, please contact Proteus at the address below.

(2) How to Correct or Remove Personal Information That Is Not Accurate. You may ask Proteus to correct or remove data that is not accurate. To do this, contact Proteus at the address below. Some items can be corrected on the mobile app or Portal.

(3) Parents of Users under the age of 13 have some rights about their child’s data. One of those rights is that the parent may refuse to let us keep collecting the child’s data.  Parents may also refuse to let us use and keep data that we have already collected. This is true, even if the parent has let us do this in the past. A parent can cancel their consent about our use of their child’s data by contacting us. To contact us, please see the section titled, “Contacting Us About Your Data”. Please note that if you cancel your prior consent, the User may no longer be able to use the Service.

(4) Parents of Users under 18 years old accessing personal information. Subject to applicable law, parents

of Users under the age of 18 may have the right to access certain or all of the User’s information. Please contact us for more information.

(5) Smart Notifications. We will send you smart notifications and alerts via email, push notification, and/or SMS in accordance with Consumer’s settings and the Portal version. If you are the Consumer, you may change your smart notifications and alerts settings to stop these smart notifications and alerts. If you are a Caregiver, when you receive these smart notifications and alerts, you may indicate a preference to stop receiving them and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the message you receive or replying “STOP” to the short message service (“SMS”) you receive or by contacting us directly (please see contact information below). By accepting an invitation from the Consumer to be a Caregiver, you consent to receiving SMS messages as described above. You understand that your wireless carrier’s standard rates apply to these messages.

(6) Free Newsletters and Promotional Messages. We may periodically send Users free newsletters and promotional messages. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the message you receive or by contacting us directly (please see contact information below). Despite your indicated preferences, we may send you Service related communication, including notices of any updates to our Terms of Use or Privacy Notice. Please note that it may take up to 10 business days for us to process opt-out requests.

(7) No Sharing with Third Parties for Direct marketing. We do not share any personal information of our Users with third parties for their marketing purposes. If our practices changes we will notify you as required by applicable law.

13. Nondiscrimination

Most or all of our Offerings require collection and use of your personal information to be fully useful to you. Except in cases where we do not require your personal information to provide all features of our Products or Services, or where a different level or quality in the Offerings we provide to you is reasonably related to the value to you of your personal information, we will not discriminate against you solely for exercising rights around your personal information provided by applicable law. We will not deny you our Products or Services, charge different prices or rates for them, provide different levels or quality to you, or suggest or imply that your prices, rates, levels or quality will be different if you exercise your privacy rights, unless the value of our goods or services is reasonably related to your data.

14. Changes to This Privacy Notice

This Privacy Notice is subject to occasional revision, and if we make any material changes in the way we use personal data, we will notify you as required by applicable law. Any changes to this Privacy Notice will be effective upon the earlier of thirty (30) calendar days following our dispatch of the communication (email or push notification) or thirty (30) calendar days following our posting of notice of the changes on the web access to the Portal. These changes may be effective immediately for new users. In any event, changes to this Privacy Notice may affect our use of personal data that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of this data, you must notify us prior to the effective date of the changes that you wish to cease using the Service and/or Portal. Continued use of the Service and/or Portal, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

15. How to Contact Us

Please contact Proteus Customer Support if you have any questions about the data that Proteus holds about you and for any request you may have to access, correct or delete your personal data. Please contact us at the following email address: privacy@proteus.com

If you wish to contact us via postal mail, our address is provided below.

Proteus Digital Health, Inc., 2600 Bridge Parkway, Redwood City, CA 94065, United States.

Customer Support:

U.S. Phone: +1 855 255 5858

English language support available

All geographies, helpdesk email: support@proteus.com

Contact Us

For general inquiries regarding Proteus or our products:

Proteus Digital Health, Inc.
2600 Bridge Parkway
Redwood City, CA 94065
P.
+1.650.632.4031
F.
+1.650.632.4071
3956 Point Eden Way
Hayward, CA 94545
P.
+1.650.637.6403