Privacy policy

Kidney Check - Privacy notice

Last updated: December 18, 2022.

Healthy.io Ltd.(together with its affiliates, “Healthy.io”) is a medical technology company that leverages smartphone cameras and cloud services to help individuals and healthcare professionals improve ongoing care. This Privacy Policy describes how Healthy.io collects, uses, or discloses personal information we receive through our Kidney Check™ digital urinalysis services (as used herein, the “Services”). This policy also describes your choices about the collection and use of your information. This Privacy Policy does not apply to other Healthy.io websites or services.

Please read the Privacy Policy carefully before you start to use our Services. By using the Services, you agree to be bound and abide by our posted Terms and Conditions (“Terms”) and this Privacy Policy. If you do not agree to both our Terms and Privacy Policy, or if you violate them in any way, your right to access or use the Services is terminated. Please see

Sections 9-11 of our Terms regarding your legal rights in any dispute involving our Services.

NOTE TO USERS WHO WERE OFFERED THE SERVICES AS MEMBERS OF A HEALTH PLAN: THE SERVICES ARE PROVIDED TO YOU AS PART OF A CONTRACTUAL RELATIONSHIP BETWEEN HEALTHY.IO AND YOUR HEALTH PLAN. THE TERMS OF OUR CONTRACTUAL RELATIONSHIP WILL GOVERN THE SERVICES AND SUPERSEDE THESE TERMS IN THE EVENT OF ANY CONFLICT.

NOTE TO USERS WHO ENROLLED TO THE SERVICE AS PART OF AN ONLINE ENROLLMENT PROGRAM (AN “ONLINE ENROLLMENT PROGRAM”) SERVICE: THE SERVICES ARE PROVIDED TO YOU AS PART OF A COLLABORATION BETWEEN HEALTHY.IO AND A THIRD PARTY UNDER WHICH THE ONLINE ENROLLMENT PROGRAM IS BEING PROVIDED TO YOU. THE TERMS OF OUR CONTRACTUAL RELATIONSHIP WILL GOVERN THE SERVICES AND SUPERSEDE THESE TERMS IN THE EVENT OF ANY CONFLICT.

NOTWITHSTANDING ANY OF THE PRIVACY PRACTICES DESCRIBED BELOW (E.G., HOW WE USE OR DISCLOSE INFORMATION), SEPARATE CONTRACTUAL TERMS AS DESCRIBED ABOVE MAY REQUIRE US TO HANDLE PATIENTS’ PERSONAL INFORMATION PURSUANT TO MORE RESTRICTIVE HEALTHCARE-SPECIFIC LAWS, SUCH AS THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”), IF THESE LAWS ARE APPLICABLE TO THE SERVICES. PLEASE CONTACT US IF YOU HAVE ANY QUESTIONS OR CONCERNS.

DISCLAIMER: WHETHER YOU ARE A MEMBER OF A HEALTH PLAN OR A USER OF AN ONLINE ENROLLMENT PROGRAM, THE SERVICES ARE PROVIDED TO YOU AS PART OF A CLINICAL TRIAL AND A RESEARCH, AND THE TERMS APPLICABLE TO THE RESEARCH WILL GOVERN THE SERVICES AND SUPERSEDE THESE TERMS IN THE EVENT OF ANY CONFLICT. THE SERVICES DO NOT, IN ANY WAY, CONSTITUTE MEDICAL ADVICE OR A SUBSTITUTE FOR SEEKING PROFESSIONAL ADVICE. DO NOT USE THIS APP FOR SELF-DIAGNOSIS OR SELF-MEDICATION. WE EMPHASIZE THAT HEALTHY.IO IS NOT A HEALTHCARE PROVIDER AND DOES NOT PROVIDE MEDICAL ADVICE OR DIAGNOSIS THROUGH THE SERVICES. ALWAYS SEEK YOUR PRIMARY CARE PROVIDER’S ADVICE FOR ANY MEDICAL QUESTIONS YOU MAY HAVE.

THE SERVICES ARE INTENDED FOR INVESTIGATIONAL USE ONLY AND SHOULD NOT BE USED FOR TREATMENT PURPOSES.

How We Collect Information

We may collect information about you by various means, including:

o Through our Services;

o From your health plan, if you are being offered this service as a member of such plan;

o Directly from you, when you share information (including by using the Services) with us or when you contact our support system.

Types of Information We Collect

In order to better provide you with our Services, we may collect the following categories of information:

o Contact information, such as your name, e-mail, phone number and mailing address as you or your health plan provided it to; o Your Primary Care Physician’s (PCP) contact information, such as their name, address, fax and/or phone number, and e-mail address;

o Content generated as part of the Service, such as your test scan. Anonymized test results are retained separately from any identifiable information;

o Survey information in response to questions we may send you through the Services, such as for research or feedback purposes;

o Communications between you and us, such as via e-mail, mail, phone or other channels when you contact our support team;

o Online User Activity described in the next section. If you provide us with information regarding another individual, you represent that you have that person’s authorization and consent to give us his or her information and to permit us to use the information in accordance with this policy.

Online User Activity, Cookies and Information Collected by Other Automated Means

Cookies are a commonly-used web technology that allow websites or mobile apps to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels, SDKs and other similar technologies. Cookies and similar technologies can help us automatically identify you when you return to our website or app. Cookies help us review traffic patterns, improve our Services, and determine what Services are popular.

When you use the Services, the information we may collect by automated means includes, for example:

o Usage Details about your interaction with our Services (such as the date and time of use);

o Device Information including the IP address and other details of a device that you use to connect with our Services (such as device type, model and operating system information).

How We Use Information We Collect

We may use the information we obtain about you for purposes allowed by applicable laws, including:

o Provide our Services, including to establish and maintain any unique identifier that is created for your use of our Services;

o Respond to your requests, questions and comments and provide customer support;

o Operate, evaluate and improve the products and services we offer (including to develop new services), and to diagnose or fix technology problems;

o Inform you about changes to this Privacy Policy and our Terms and other policies (which will apply to all information we hold at that time);

o Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights; and

o Monitor the performance of our Services. We may also use or share information in an anonymized or aggregate manner for purposes such as research, analysis, modeling, marketing, and advertising, as well as improvement of our Services and any of our other services and products.

How We Share Your Information

We will not disclose your personal information to third parties without your consent, except in the following circumstances:

o When the Services are being provided to you under a contract with your healthcare provider, healthcare payor, a health plan or another organization that has entered into a contractual relationship with us for these services (collectively, a “Provider”), we may share your information with such Provider.

o When you confirm your PCP details with us – we will use this information to share your personal information, including your test results, with such PCP. We will also share certain information about your PCP, such as your PCP’s name, address, fax and/or phone number, and e-mail address with your health plan.

o We may share your information as permitted by law, including, for example, with service providers that we believe need the information to perform a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services, fulfillment services and other vendors). We only provide such vendors with information so they can perform their required functions on our behalf to provide you with the service.

o We also may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; or (iv) under exigent circumstances to protect the personal safety of our staff, users or the public.

o We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our organization or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy.

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.

Your Privacy Choices

We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you. User Information: You may request that we disclose or destroy information associated with your unique identifier by contacting us as provided below. When the Services are being provided under a contract with your Provider, we will act as directed by your Provider on your behalf. We may retain any account information for internal purposes or as otherwise provided in this Privacy Policy and our Terms.

Links to Other Websites and Third-Party Content

Our Services may contain links to other websites or apps. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.

How We Protect Information

We endeavor to maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot ensure the security of any information you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via e-mail or conspicuous posting on the Services, you agree to accept notice in that form.

Healthcare Providers

If you (on behalf of yourself or your organization) are a Provider under a contractual relationship with us to provide these Services to your patients, we may additionally collect your business contact information and other data regarding your use of our Services for analytics, marketing or promotional activities, to the extent permitted by law and our contractual relationship. This may include advertising products or services that may be of interest to you. In addition to communicating with you regarding you and your patients’ use of the Services, we may from time to time contact you to provide announcements, alerts, surveys, or other marketing or general communications.

Children

We do not knowingly collect personal data from children under the age of 13 on our Services. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Services, please contact us, and we will endeavor to delete that information from our systems. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will endeavor to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as directed below.

European Residents

Our Services provided in the United States are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States, as provided in our Terms. With respect to Services that are subject to the laws of the European Union or European Economic Area (together with the United Kingdom and Switzerland for purposes herein, the “EU”), we provide as follows: When providing the Services to Members of a health plan:

o For the purposes of the Data Protection Act (2018) and the European General Data Protection Regulation (2016) Healthy.io is a Data Processor, and the Provider who delivers the Services to the patient is the Data Controller. These roles have different responsibilities under applicable data protection laws.

o The Data Controller is responsible for determining the purposes and means of the processing of personal data. The Data Controller is required to inform the Data Subjects (e.g., patients) about the data processing, ensure it is secure, prevent any unlawful access, modification, loss or destruction to your data and allow data subjects the opportunity to exercise their rights and freedoms afforded by data protection law.

o As a Data Processor, Healthy.io processes such personal data under the terms of a contract between us and the Data Controller. This is to ensure that any personal data is processed lawfully and securely. This defines the purpose, duration and nature of processing, the type of data, categories of recipient and the plan for returning and/or destroying personal data at the end of the contract. Healthy.io cannot operate outside of this contract with respect to the personal data within its scope, and must follow the instruction of that Provider.

o If you have any concerns with how data is being used under EU law as described in this section, you can contact us by email at [email protected]. You may also contact the Information Commissioner’s Office (ICO), who oversees data protection in the UK. For more information in that regard, you can visit the ICO website.

When providing the Services to users of an Online Enrollment Program:

o For the purposes of the Data Protection Act (2018) and the European General Data Protection Regulation (2016) Healthy.io is the Data Controller.

o As a Data Controller, our legal basis for processing is that it is necessary for the performance of our contract with you. Where you order a free Kit from us, we may use the information to provide you with the Service. We may also process this information because it is in our legitimate interests to do so, for example – to communicate with you and send you service messages; to maintain and improve our Services; to develop new services and features for our users; and to personalize the Services in order for you to get a better user experience. We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy.

Telephone Consumer Protection Act (“TCPA”)

A Note to the health plan members: By accepting the Terms, you authorize us to deliver or cause to be delivered phone calls or text messages to you, using an automatic telephone dialing system or an artificial or prerecorded voice, for any and all purposes, including related to the research. You understand that you are not required to provide your mobile phone number as a condition to purchase any property, goods or services, other than the Services set forth herein. Some carriers may charge fees for incoming text messages which are beyond our control.

A note to users of of an Online Enrollment Program: By providing your mobile phone number and asking to receive a free kit from us, you expressly authorize us to deliver or cause to be delivered phone calls or text messages to you at the number you provided, using an automatic telephone dialing system or an artificial or prerecorded voice, for any and all purposes, including related to the research. You understand that you are not required to provide your mobile phone number and request to receive a free kit as a condition to purchase any property, goods or services, other than the Services set forth herein. Some carriers may charge fees for incoming text messages which are beyond our control.

Updates to Our Privacy Policy

We may revise or update this Privacy Policy at any time. We will post the updated version on our Services, and may notify you of any significant changes to our Privacy Policy. We will indicate on our Privacy Policy when it was most recently updated. Your continued use of our Services after such updates will constitute an acknowledgment of the change and agreement to abide and be bound by the updated Privacy Policy.

Contacting Us

If you have any questions, concerns or comments about this Privacy Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us at [email protected].