We at Spire Health value keeping Your Personal Information confidential and using it solely in the context of Our mission to provide Our Services to gather information related to Your health, fitness and other activities (i) if you are a patient, in order to aid You and Your healthcare providers (“Providers”) in making informed decisions about Your care or (ii) if you are participating in a research study, to the research clinic at which You are participating in a research study based, in part, on the collection of Your Personal Information (“Research Clinic”).
BECAUSE THE PERSONAL INFORMATION WE COLLECT AND TRANSMIT MAY INCLUDE HEALTHCARE INFORMATION, INCLUDING MEDICAL INFORMATION, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”). WE WILL MAINTAIN THE PRIVACY OF YOUR HEALTH INFORMATION AS REQUIRED BY HIPAA AND THE REGULATIONS PROMULGATED UNDER THAT ACT.
Please read the following carefully to understand Our views and practices regarding Your Personal Information and how We will treat it. For the purposes of Applicable Data Protection Laws including the European Economic Area data protection law (the “Data Protection Law”), the Data Controllers are YOUR Provider and Spire, Inc., 2030 Harrison Street, San Francisco, CA 94110.
BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATION OR SERVICES AND DO NOT SUBMIT ANY INFORMATION TO US.
As a patient of one or more of Our participating Provider customers or a research subject for one or more of Our Research Clinic customers (a “Patient”), You have received an enrollment kit, which includes certain activity-monitoring devices, including the Spire Health Tag (“Devices”), a device pre-loaded with Our App, and Your registration code, from Your Provider or Research Clinic. You would like to make information related to Your health, ﬁtness and activities (“Health and Activity Data”) available to Your Providers or Research Clinic through the Service.
What Information Do We Collect and Why?
Personal Data that You Provide through the Service: We collect Personal information such as certain demographic information from You when You voluntarily provide such information, such as when You create Your account on the Service, use the Devices in connection with the Service (including, without limitation, the software featured on the Devices and/or platforms made available by the third-party providers of the Devices (collectively, the “Integrated Services”)), contact us with inquiries, enter information into Our Site contact form, or use certain features of the Service. We use this information to create Your account and provide You with the Services.
In addition to demographic information, because You are a Patient, We may ask You to provide Your contact preferences, certain contact information, such as Your email address and mobile telephone number. When using the Devices along with the App, Spire Health collects other Health and Activity Data to us in order to create Your account and provide You with the Services. Such Health and Activity Data may include information including Your name, gender, height, weight, as well as data about Your use of Our Services and Devices, such as detailed information collected while monitoring Your movements and activity. This information may include data on Your posture and movements, Your activity level, calories You consumed, and other related biomechanical information such as Your respiration, heart rate, and sleep activity. We collect this information to provide You more customized Services and to communicate information to Your Provider or Research Clinic.
If You choose to create a User Account, We may also use Your Personal Information to (1) communicate with You about and manage Your User Account; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) to enforce Our terms and conditions; (6) manage and improve Our operations and applications; (7) provide additional functionality; (8) protect Our rights, privacy, safety or property, and/or that of Yours or others; and (9) allow us to pursue available remedies or limit the damages We may sustain.
IP Addresses; Device ID Information: Because You are accessing the Service on a mobile device, We may also collect Your device identiﬁcation number and request access to settings and location information to analyze and report upon usage of the Service; to diagnose and prevent service or technology problems aﬀecting the Service; and to monitor and prevent fraud and abuse.
Non-Identiﬁable Data Related to Operation of the Service: When You interact with Spire Health through the Service, We receive and store certain personally non-identiﬁable information. Such information, which We collect passively using various technologies, cannot presently be used to speciﬁcally identify You. We may store such information Ourselves or such information may be included in databases owned and maintained by Spire Health aﬃliates, agents or service providers. The Service may use such information and pool it with other information to track, for example, the total number of users of the Service, the number of visitors to each page of Our Site, and the domain names of Our visitors' Internet service providers. It is important to note that Spire Health does not use Personal Information for this process.
Aggregated Personal Data: In an ongoing eﬀort to better understand and serve Our Customers, other users of the Service, Spire Health may conduct research on its user demographics and behavior based on the Personal Information We collect from You and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Spire Health may share this research and related information in aggregated, de-identiﬁed and/or anonymized format with its aﬃliates, agents and other entities in the healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify You personally. Spire Health may also disclose aggregated, de-identiﬁed and/or anonymized information in order to describe Our business and the Service to current and prospective business partners and Customers, and to other third parties for other lawful purposes.
Where Is Your Personal Information Stored And/Or Processed?
Information Spire Health collects through Our Application will be stored on secure U.S.-based servers. The application is native to Your device, meaning information You enter into Our Application is also stored directly on the device You use to access and enter information into the Application.
Will Spire Health Share Personal Information With Anyone Else?
We consider Your information to be a vital part of Our relationship with You. There are, however, certain circumstances in which We may share Your Personal Information with certain third parties without further notice to You, as set forth below:
With Our Customers: If You are a Patient, We will share Your Personal Information and Health and Activity Data with Our Provider customer(s) that provide healthcare services to You or the Research Clinic in which You are participating in a research study. This will enable Your Provider or Research Clinic to track Your Health and Activity Data and combine such Health and Activity Data with other information about You that Your Provider obtains in providing healthcare services to You.
With Patient-Authorized Persons: If You are a Patient, You may have the option of identifying family and/or friends in the Spire Health application to view certain of Your information and receive alerts regarding Your health and/or activities (“Permissions”). If You designate permissions, We may make available certain of Your Personal Information and Health and Activity Data, and alerts related thereto, to such authorized user.
In the Event of a Business Transfer: Spire Health might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.
With Our Agents, Consultants and Related Third Parties: Spire Health, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information and maintaining databases. When We employ another entity to perform a function of this nature, We only provide the entity with the information that it needs to perform its speciﬁc function.
To Meet Our Legal Requirements: Spire Health may disclose Your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Spire Health, (iii) act in urgent circumstances to protect the personal safety of You, us, other users of the Service or the public, or (iv) protect against legal liability.
How Long Will Spire Health Retain The Information?
We store Your Personal Information for as long as You maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, We will remove Your Personal Information from Our databases and will request that Our business partners remove Your Personal Information from their databases. However, once We disclose Your Personal Information to third parties, We may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to email@example.com. We retain anonymized data indefinitely.
Does Spire Health Utilize Cookies in the Services?
Spire Health does not utilize cookies to collect information about you through the Services.
How Does Spire Health Protect My Personal Information?
Spire Health is committed to protecting the security and conﬁdentiality of Your Personal Information. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to You. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information You transmit to us. By using the Application, You are assuming this risk.
The information Spire Health collects and stores on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Spire Health learns of a security concern, We may attempt to notify You and provide information on protective steps, if available, through the email address that You have provided to us or by an inapp notiﬁcation. Depending on where You live, You may have a legal right to receive such notices in writing.
You are solely responsible for protecting information entered or generated via the Application that is stored on Your device and/or removable device storage. Spire Health has no access to or control over Your device’s security settings, and it is up to You to implement any device level security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Application.
NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.
HOW SHOULD YOU PROTECT YOUR PERSONAL INFORMATION?
In addition to securing Your Device, as discussed above, We will NEVER send You an email requesting conﬁdential information such as account numbers, usernames, passwords, or social security numbers, and You should NEVER respond to any email requesting such information. If You receive such an email purportedly from Spire Health, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify Spire Health support at firstname.lastname@example.org.
You are responsible for taking reasonable precautions to protect Your user ID, password, and other user account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Spire Health at email@example.com if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other user account information, or any other security concern.
EU CITIZEN RIGHTS
You have the right under certain circumstances:
Where the processing of Your personal information by us is based on consent, You have the right to withdraw that consent without detriment at any time by going here. You can also exercise the rights listed above at any time by contacting us at firstname.lastname@example.org.
How Can You Update, Correct Or Delete Your Personal Information?
You can change Your email address and other contact information by editing Your proﬁle in the Application. If You need to make changes or corrections to other information, You may email email@example.com. Please note that in order to comply with certain requests to limit use of Your Personal Information We may need to terminate Your account with us and Your ability to access and use the Services, and You agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by You. Although We will use reasonable efforts to do so, You understand that it may not be technologically possible to remove from Our systems every record of Your Personal Information. The need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Information may exist in a nonerasable form that will be diﬃcult or impossible for us to locate or remove. Backups of that data will remain associated with Your account and in Our archive servers. You can deactivate Your account by emailing firstname.lastname@example.org.
Can You “OptOut” Of Receiving Communications From Spire Health?
We pledge not to market third party services to You. We only send emails to You regarding Your Spire Health account and services. You can choose to ﬁlter these emails using Your email client settings, but We do not provide an option for You to opt out of these emails. You can opt out of daily emails by emailing email@example.com.
How Spire Health Makes Changes To This Policy
Information Submitted by Minors
How Can I Contact Spire Health?
Effective: June 12, 2019