Hera-MED Privacy Policy

Last Revised: May 27, 2021

This Privacy Policy clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) we collect, use and process as a part of our online offering and the websites and applications functions and contents connected with it as well as external online presences, such as our Social Media Profile (hereinafter referred to as “services”). This Privacy Policy applies to our entire services, including our HeraMED, HeraBEAT and HeraCARE websites and applications.

Who we are

We are HeraMED Headquarters (“we”, “our”, “us”) of 4 Hazoran St., POB 8576, 4250604 Netanya, Israel. We operate to the highest standards when protecting your personal data and respecting your privacy. If you have any questions about your personal data, or how we use it, you can contact us via our contact forms or email at support@hera-med.com. We are the data “controller”, which means we are responsible for deciding how and why your personal data is used. We’re also responsible for making sure it is kept safe, secure and handled legally.

The Regulation

Our Headquarters being in Israel, the Protection of Privacy Law, 5741-1981 applies to our services. However, we have voluntarily committed to the following Data Protection Laws and continue to apply the most stringed provisions to how we process, handle and store personal data. We apply:

  • the EU`s Regulation (EU) 2016/679 (General Data Protection Regulation);
  • the UK`s Data Protection Act 2018;
  • Australia`s Privacy Act 1988;
  • the USA`s HIPAA Rules located at 45 CFR Part 160 and Subparts A and E of Part 164;
  • California`s California Consumer Privacy Act of 2018;

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

What data do we collect and process?

  • Inventory data (e.g., names, addresses).
  • Contact details (e.g., e-mail, telephone numbers).
  • Content data (e.g., text input, photographs, videos).
  • Health data (e.g., Pulse data, Blood Pressure, Respiratory Rate, Fetal Heart Rate Measurements).
  • Contract data (e.g., object of contract, duration, customer category).
  • Payment data (e.g., bank details, payment history).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).
  • When you use our device and connect the application:
    • raw Fetal Heart Rate data (“FHR”), heart rate, reading position, accelerometer data, local time, local time zone, geographic location, additional notes, tags, or memos to readings and recordings and additional information you may add such as symptoms, activities, or diet related to their specific health conditions).
    • Information Collected From Your Phone or Watch (e.g., device model and OS version, device ID, device language, App activity data).
    • If you connect to a service, such as Apple Health or Google Fit,(e.g., information from your user profile including: username and email address, heart rate BPM, step count and distance travelled, activity sample, glucose and oxygen saturation levels, active and resting energy levels, sleep analysis, blood pressure readings, and workout history.

Automated decision-making and profiling

We do not use automation for decision-making and profiling

Children Data

Our websites are not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

What are the categories of data subjects?

Customers, interested parties, visitors and users of the online offering, business partners. In the following, we refer to the data subjects collectively as “users”.

What are the purposes for processing?

  • Provision of the online offering, its contents and application functions.
  • Provision of contractual services, service and customer care.
  • Answering contact enquiries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

What are the relevant legal bases for processing your data?

The following informs you about the legal bases of us processing your data:

Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.

Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.

Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way and where we process your information to reply to your messages, e-mails, calls, etc. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Privacy Protection Authority (PPA) website.

  • information about the processing of your personal data.
  • obtain access to the personal data held about you.
  • ask for incorrect, inaccurate or incomplete personal data to be corrected.
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful.
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
  • request the restriction of the processing of your personal data in specific cases.
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
  • You also have the right in this case to express your point of view and to contest the decision.
  • Where the processing of your personal data is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal data.

We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You do however also have the right to lodge a complaint directly with the PPA, their contact details can be found on their website.

When do we disclose your Personal Data?

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. This will only be done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as payment service providers, in accordance with the above stated regulations).

Also, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).

If we commission third parties to process data on the basis of a so-called “contract processing agreement”, this is done on the basis of the above stated regulations.

In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

International transfers

Our main operations are based in Israel and your personal data is generally processed, stored and used within Israel and other countries in or outside the European Economic Area (EEA). In some instances, your personal data may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal data is protected in the same way as if it was being used within the EEA.

Where we need to transfer your data outside Israel or the EEA we will use one of the following safeguards as set out in the GDPR:

  • The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries.
  • Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with the above stated regulations. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

How do we protect your Personal Data?

We protect your data using technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.

To access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.

The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in Israel. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.

To exercise any of your rights, or if you have any questions or complaints about our use of your Personal Data and this policy, please contact us using our contact form.

Economic Analyses, Market and Medical Research, Clinical Trials

In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of the above stated regulations, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offering. The analyses are carried out for the purposes of business management evaluations, marketing and market research.

We may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

With your consent, we may also share data collected through the Service with healthcare researchers and other research organizations, including pseudonymous profile information and data collected from your connected devices. For example, information such as your gender, height, weight, information about medications you have provided, and data from your connected devices, but we will not share your name or other information that could identify you.

California Privacy Rights

Sources and Categories of collected personal information

(you can find all sources and categories of collected personal information above)

Business or commercial purpose for collecting information

(you can find all purposes of processing personal information above)

Categories of third parties with whom the business shares personal information

(you can find all categories of recipients of personal information listed above)

In addition to the rights as explained, under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain products or services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to effect the opt out, please contact us.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices please contact us.

Direct marketing

From time to time we may use the personal information we collect from you to identify particular products offers which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.

Direct Marketing from generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by HeraMED, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future. You can ask us to remove or amend any previous consent you provided by contacting us .

Changes

This Privacy Policy and our commitment to protecting the privacy of your personal data can result in changes to this Privacy Policy. Please regularly review this Privacy Policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us using the following contact details.

HeraMED

4 Hazoran St., POB 8576, 4250604 Netanya, Israel

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.