Electrokare Privacy Policy

ElectroKare Privacy Policy
‍
1. Introduction. ElectroKare Inc., a Delaware corporation (“ElectroKare,” “we,” “us,” or “our”) is committed to protecting the privacy of all individuals whose Personal Data we use, collect, and share  (“you” or “your”). This Privacy Policy (this “Policy”)describes what categories of Personal Data we collect; how we use and disclose that information; the safeguards which we maintain; your legal rights; how you can access, correct, or delete your information; and how to contact us for any additional information. This Policy applies to all users of our mobile application, visitors of our website, and any related services (a “Platform”). “Personal Data” means any information that identifies you or can be reasonably linked to you, or information which is otherwise considered to be “personal information ”or “personal data” under applicable laws. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through a Platform. Words not defined in this Policy have the same meanings ascribed to them in our Terms of Use. 2. Collection of Personal and Sensitive Information. We collect personal and sensitive information directly from you when you register an account, complete your profile, or otherwise provide information through a Platform. This may include your name, date of birth, gender, height, weight, email address, and preferences. When you use a Platform, you consent to our automatic collection of health and biometric data, including ECG signals, heart rate, accelerometer readings, as available from any sensors or devices which you use in your interactions with a Platform, and electrolyte levels, as well as device identifiers, IP address, operating system, location data, and usage logs. We may also receive information from third-party platforms you choose to link to your account. 3. Use of Information. We use your Personal Data solely to provide, maintain, and improve the Platforms, including to authenticate your identity, process transactions, perform analytics, and adjust content and recommendations to your individual needs (the “Services”). We may also use your information to communicate with you about Services updates, respond to your inquiries and support requests, conduct research and development in de-identified form, and, where you have opted in, send you marketing materials. We will not use or disclose your Personal Data for any purpose other than those set out in this Policy without first obtaining your consent, unless otherwise required or permitted by law.  4.Disclosure and Cross-Border Transfers. Subject to applicable law, we may disclose Personal Data to our service providers and professional advisers (including cloud hosting providers, analytics vendors, payment processors, and legal or financial advisors) strictly to perform functions necessary to deliver the Services. In each such case, we will obtain any necessary consents and shall not permit any service provider to use the Personal Data in any way which would violate this Policy or our Terms and Conditions. We may also disclose Personal Data to law enforcement, regulatory authorities, or courts where required by subpoena, court order, or other legal obligation. Because our service providers are located in various countries, as cloud infrastructure may be deployed in various regions to optimize our performance and scale operations, your Personal Data may be transferred outside of your country of use. In each case, we will take all necessary steps to ensure that cross-border transfers are governed by appropriate safeguards, such as standard contractual clauses or binding corporate rules and comply with our customer agreements. Additionally, in each such case, we shall only disclose Personal Data to the extent necessary in furtherance of the Services. A current list of recipient countries is available upon request. 5. Security Safeguards. We are committed to protecting your Personal Data from misuse, interference, loss, unauthorized access, modification, or disclosure. To that end, we implement best industry practices security measures, including encryption of data in transit(TLS), strict access controls, multi-factor authentication, and staff training on privacy and data-protection best practices. Your data are stored on secure cloud servers using the Google Cloud technology suite. While no system can guarantee absolute security, we continuously review and update our safeguards to ensure your information remains protected. 6. Data Retention. We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once the information is no longer needed, we will either securely destroy or de-identify it. Retention periods vary by information type: raw signal data, such as ECGs, are stored transiently, and we delete the majority of these data thirty (30) daysf ollowing their collection; activity data, such as your historical data, including heart rates, session types and durations, etc., as well as your account preferences and information, are retained until and unless you request their deletion, the process for this which is detailed below. The retention of your data allows us to provide you with summaries and insights into your trends, habits, and other such information which are comprised of your historical data.  We reserve the right to retain your information indefinitely, unless you request its deletion, in which case we will remove it; this allows us to continually refine and improve our algorithms, contributing to the improvement of our Services. 7. Data Access, Correction, and Deletion. You have the right to access the Personal Data we hold about you and to request correction of any inaccuracies. California residents also have the rights to know, delete, and opt out as provided under State law. We do not discriminate against those who wish to exercise these privacy rights by charging a different price. We do not discriminate against those who wish to exercise these privacy rights by providing a different quality of service except to the extent that the quality of service is reduced intrinsically due to a lack of access to data; ability to process data; or other functions related to data upon which the Services rely. To exercise any of these rights, please contact our Privacy Officer at: 318 Haddon Circle, Vernon Hills, IL60061, email: admin@electrokare.com. We will acknowledge your request within five business days and respond in accordance with applicable law. If we refuse your request, we will provide reasons for the refusal and information about how to lodge a complaint. If you would like your personal data and history deleted from our records, send an email to:admin@electrokare.com with your full name and account email with the subject:"[Your username/email] Data Deletion Request" 8. Complaints and Dispute Resolution. If you believe we have breached this Policy or relevant privacy laws, please submit your complaint to admin@electrokare.com. We will investigate and respond within thirty days. If you remain dissatisfied with our response, you may lodge a complaint with the data protection authority in your jurisdiction. For example, Australian residents may contact the Office of the Australian Information Commissioner; California residents may contact the California Attorney General; Canadian residents may contact the Office of the Privacy Commissioner of Canada; and EEA or UK residents may contact the supervisory authority in their Member State (a full list is available on the European Data Protection Board website). Residents of other countries may contact the data protection authority or equivalent regulator where they normally reside. 9.Legal Basis for Processing (EEA and UK Residents). If you are located in the European Economic Area or the United Kingdom, the GDPR requires that we identify the legal grounds we rely on whenever we process your personal data. For all other users (including those in the U.S., Australia, Canada, etc.),consent to our Privacy Policy is generally sufficient under local law. We rely on the following lawful bases for processing your information:9.1 Performance of a Contract. We process Personal Data necessary to perform our contract with you: creating and managing your ElectroKare account; delivering the Services you request(including but not limited to device connection, diagnostics, electrolyte and other health analytics, and personalized recommendations); and fulfilling purchases or subscriptions you make through the app.9.2 Legal Compliance. Where required by law, such as for tax, financial reporting, or in response to a court order, we process your information to comply with our legal obligations.9.3 Legitimate Interests. We process certain non-sensitive information to support our legitimate business interests (for example, app security, fraud prevention, service-quality monitoring, research and development of new features), provided those interests do not override your fundamental rights and freedoms.9.4 Consent. For optional processing—such as sending you marketing communications or surveys—we rely on your consent. You may withdraw consent at any time by following the unsubscribe link in any marketing email or by adjusting your preferences in the app.9.5 Vital Interests &Public Interest.On rare occasions (such as to protect someone’s life or in the public interest for health and safety), we may process data without consent. We will inform you if this becomes necessary under applicable law. 10.Data Breaches In the event of a data breach impacting personally identifiable information, we will notify all affected individuals and/or entities, as well as the appropriate regional authority/authorities, as detailed in above in Section 8(Complaints and Dispute Resolution). Affected users will be notified within fourteen days of our discovery of any data breaches. Following any such notification, we shall provide a timely outline of remedial action and, at our cost, remedy such breach and provide evidence of such remedial action and any consequent data security improvements. An internal review and assessment will be conducted in order to establish the impact of the breach, as well as possible causes, and actions will be taken as soon as reasonably possible in order to prevent further consequences from the breach.