Last updated: December 1, 2020
We care about your privacy and personal data
This policy describes our privacy practices – what Personal Information we collect about our Users, what we do with it, how we share it, and your rights regarding that Personal Information.
You hereby understand, acknowledge and agree that by using ElliQ your voice and video are being recorded, and you hereby give Intuition Robotics an explicit consent to use voice and visual recordings of you, for the purpose of improving ElliQ and to provide you with the Services.
To provide our Services, we collect Personal Information about our Users, such as Users’ contact information, lifestyle and habits information and Health related information.
The Personal Information (including Health Information) comes from you when you use or interact with our services, Personal Information we collect automatically, and Personal Information we collect from other sources, such as when you request us to collect information from your healthcare provider, on your behalf and at your consent.
We use the Personal Information we collect about you to provide our services and make them better and safer. We also collect and use Personal Information in order to contact Users and to comply with the laws applicable to us.
We may share the Personal Information of our Users with various third parties, including certain service providers and law enforcement officials. The Personal Information may be shared solely in accordance with this policy.
We may store and process Personal Information in various jurisdictions, whether by ourselves or with the help of our affiliates and service providers. Intuition Robotics’ data storage providers are contractually committed to protect and secure your data.
Intuition Robotics values the security of our customers' Personal Information and we do everything in our power to protect it. However, as we can’t guarantee absolute protection – we encourage you to be careful and avoid submitting any excessive information which, if exposed, could cause you harm.
We may keep your Personal Information for as long as your account is active, and longer as needed (for example, if we are legally obligated to keep it longer, or need it to protect our interests).
You may request to access, receive a copy of, update, amend, delete, or limit the use of your Personal Information you have stored with us. Just send us an e-mail or call our customer support. We will respond to your requests within a reasonable timeframe.
California residents may exercise their right to access and delete their Personal Information. To make a request, (i) visit our webform, (ii) send us an email;
You can file a complaint with your local supervisory authority for data protection at any time. Please contact us first so we can try to resolve your concerns.
We may change this policy at any time. We will notify you of changes as required by applicable law. Only the full version below is legally binding (this overview is just for clarity).
2. Your Consent – Please read Carefully!
EXPLICIT PERMISSION TO TAKE AUDIO AND VISUAL RECORDING OF USER IN THE LOCATION WHERE ELLIQ IS INSTALLED, AND TO USE AND SHARE SUCH RECORDINGS, AND TRANSCRIPTS DERIVED FROM SUCH:
USER UNDERSTANDS THAT ELLIQ UTILIZES CAMERAS AND MICROPHONES TO ENABLE ELLIQ TO INTERACT WITH USER AND TO PROVIDE THE USER WITH THE SERVICES.
USER ACKNOWLEDGES AND AGREES THAT SOME OF THE AUDIO AND VISUAL RECORDINGS COLLECTED BY ELLIQ, BE OBTAINED BY INTUITION ROBOTICS FOR THE PURPOSE OF IMPROVING ELLIQ AND THE SERVICES.
3. What types of data and information we may collect about you?We may collect two types of data and information about you:
- Personal Information, which is information that identifies an individual or may with reasonable effort identify an individual, either alone or in combination with other information (such as an identification number), or may be of private or sensitive nature, all unless anonymized. Such categories of Personal Information may include:
- Contact details of Users or User connected parties (e.g. family members);
- Demographic data (e.g. date of birth);
- Lifestyle preferences and habits information (e.g. food likes and dislikes/ allergies/ sleeping habits);
- Usage information and the contents of your interaction with ElliQ, which may include text/video/audio recording and transcripts of such communications.
- The contents of your interaction with our Customer Support, which may include text/video/audio recording and transcripts of such communications, either via ElliQ or in any other communication method.
- Health and wellbeing information of Users, e.g. physiological data, physiological data, diagnosis, test results, treatments and prescriptions (Please refer to Annex A: “PHI - Notice of Privacy Practices” for more information regarding our assumed duties and privacy practices with respect to PHI);
- Feedback, questions and complaints information;
- Technical Information (IP / Cookies);
- Location Data; and
- User login data.
- Non-personal Information, which is non-identifying and non-identifiable information, without particular reference to the identity of the User from or about whom such information was collected.
4. How do we collect personal information from our Users?
a. We collect Personal Information (including Health Information) from you when you use or interact with our Services
You provide us with Personal Information (including Health Information) in the course of your use of the Services, including when you register and open an Account, when you provide additional information about yourself while answering ElliQ’s questions, when you conduct an exam and communicate its results to a clinician via ElliQ and/or the Service, or when you contact us directly.
Registration Information: When a User registers to the Services or updates their Account details, such User will be required to provide us with his/her full name, e-mail address, phone number, wi-fi credentials, full address, date of birth, gender, family members, demographic and living situation details, and certain health conditions and wellbeing information. The User may also be required to input certain personal details which are related to the Services provided such as connections or ties.
Personal Information (including Health Information) transmitted by the User in the course of using the Services: In the course of using the Services, the User may share Personal Information (including Health Information) actively and voluntarily, such as the User’s preferences and habits, the Users’ wellbeing information such as sleep quality, food consumption, water intake, and the User’s health status, such as medication consumption, blood pressure test results, body temperature test results etc..
Information mandated by Law: Information we are required or authorized by applicable national laws to require Users to provide us in order to authenticate or identify them or to verify the information we have collected or otherwise provide them with our Services.
b. We collect Personal Information automatically when you use the Services.
This is information which we automatically receive from ElliQ and its connected devices (tablet, microphones and cameras), when you access or interact with our Services, and any information which is derived, learned, or detected as a result of such access or interaction. This information includes, but is not limited to:
Audio-visual recordings. In the course of using the Services, the User is being automatically recorded by microphones and cameras, and transcripts of such communications are being generated, in order to enable ElliQ to interact with the User, to provide the user with the Services and to improve ElliQ and the Services. For example, the cameras and microphones allow ElliQ to decide when to engage a user with a conversation and to understand what the user says to ElliQ. The microphones are activated either when ElliQ’s name is said by the user (or other users) or when ElliQ attempts to start a conversation with the user when ElliQ identifies that the user is in its vicinity.
Technical Data. Wi-Fi data, the Internet Protocol (IP) address, Device Identifier, geolocation, time zone, the period of time the User interacted with ElliQ, the User’ response time, and other related timestamps and metadata.
Usage Data and Inferences Thereof. ElliQ studies the user behavior in the course of the User’s usage of ElliQ (e.g. through the audio and visual recordings) and generates inferences about the Users (such as the Users’ preferences, habits, mental state and physical condition), in order to personalize the Services to the User, and provide User with a personal and unique experience.
Please take into consideration that certain portions of such abovementioned automatically obtained information, may also be collected and generated when the Services is running in the background, without any direct interaction with ElliQ.
c. We collect Personal Information (including Health Information) from other sources.
Solely pursuant to your explicit consent, pursuant to your request and on behalf of you, we may receive information from other sources, such as from your authorized representatives or your healthcare provider (e.g. doctor, private medical facility or otherwise) for the purpose of providing the Services to you. The information received may include names, address details, authorized representative information and health information, such as the treatments you receive and your medication consumption. Please refer to Annex A: “PHI – Notice of Privacy Practices” for more information regarding our assumed duties and our privacy practices with respect to your PHI.
Non-Personal Information is collected through your use of the Services. We may be aware of your use of the Services, and may gather, collect and record the information relating to such usage, either independently or through the help of our third-party services as detailed below. We may also collect Non-personal Information through the analysis aggregation and anonymization of Personal Information provided by you.
5. Our legal basis for use of your information
With your consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time.
When Performing our services and providing them to you under the Terms: We collect and process your Personal Information in order to provide you with the Service, following your acceptance of the Terms; to maintain and improve our Service; to develop new services and features for our Users; and to personalize the Services in order to ensure a better user experience.
We use your Personal Information for the following purposes:
6. Why do We collect such Personal information?
- To provide and operate the Services;
- To further develop, customize, expand, and improve our Services, based on Users’ common or personal preferences, experiences and difficulties;
- To provide our Users with ongoing customer assistance and technical support;
- To be able to contact our Users with general or personalized service-related notices and promotional messages (as further detailed in Section 8 below);
- To help us to update, expand and analyze our records to identify new customers;
- To determine Users eligibility to use ElliQ;
- To create aggregated statistical data and other aggregated and/or inferred information, which we, our business partners and your Health Care Provider may use to provide and improve our respective Services;
- To provide you with professional assistance, only upon your request;
- To enhance our data security and fraud prevention capabilities; and
- To comply with any applicable laws and regulations, and/or respond to or defend against legal proceedings brought against us or our affiliates.
We keep the information processed by us in strict confidence and only share your information with third parties in very limited circumstances and for very specific purposes, as described below:
7. How we share your personal data
- Business partners, suppliers and subcontractors, whose services and solutions complement, facilitate and enhance our own. These include hosting, database and server co-location services, data analytics services, and systems that analyze crashes, functionality and usability and our business, legal and financial advisors (collectively, "Third Party Service Providers").
- Such Third-Party Service Providers may receive or otherwise have access to your Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing the Service, and may only use your Personal Information for such purposes. Such disclosure or access is strictly subject to the recipient's or user's undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us provide you the Service.
- With third parties whose products or services we have made you aware of via ElliQ and our other Services and you have provided us with your consent to share your personal information with them;
- Fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity;
- Analytics providers that assist us in the improvement and optimization of ElliQ and our Services;
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries for the purposes set out above;
- If Intuition Robotics or substantially all of its assets are acquired by a third party, in which case personal data held by it about its members and customers will be one of the transferred assets. We will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Services.
- Law enforcement, legal proceedings, and as authorized by law, pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
- We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our company, any of our Users, or any members of the general public.
8. Where we store your personal data
9. Security of your personal dataWe take great care in implementing and maintaining the security of the Services and of your Personal Information. We employ industry standard procedures and policies to ensure the safety of your information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. However, we do not and cannot guarantee that unauthorized access will never occur and reiterate that no measure can provide absolute information security.
10. How long do we keep your information?We will retain your personal information for as long as you use our Services and for a reasonable time thereafter. After you have terminated your use of our Services, we will retain your personal information for at least 6 years and thereafter may store it in an aggregated and anonymized format, or as otherwise necessary to comply with applicable laws and regulations.
If you withdraw your consent to us processing your Personal Information, including by deleting your account, we will delete your Personal Information from our systems (except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceeding brought against us or our affiliates).
11. Your rightsIf the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information.
Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data.
Subject to the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.
If you wish to exercise any of these rights, contact us with an explicit request at our Support Services line at 855-888-1295 or at firstname.lastname@example.org.
When handling these requests, we may ask for additional information to confirm your identity and your request.
Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates.
12. Additional Information for California ResidentsIf you are a California resident using the Services, the California Consumer Privacy Act (“CCPA”) may provide you the right to request access to and deletion of your Personal Information.
In order to exercise the right to request access to and deletion of your Personal Information, please see the information on the section 13, above. We do not discriminate based on the exercise of any privacy rights that you might have under this Section.
Intuition Robotics does not sell user Personal Information to third parties for the intents and purposes of the CCPA.
All requests must be labelled “California Removal Request” on the email subject line. All requests must provide a description of the content you want removed and information reasonably sufficient to permit us to locate that content. We do not accept California Removal Requests via postal mail, telephone, or facsimile.
Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates.
Our Privacy Officer team will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We take every privacy complaint seriously and will make all reasonable efforts to resolve your complaint promptly and in accordance with applicable law.
You can file a complaint with your local supervisory authority for data protection at any time, however we recommend that you contact us first so we can try to resolve it.
PHI - Notice of Privacy Practice
1. SCOPE AND APPLICABILITY
Since the Services are, in their essence, digital companion services which we provide to the User, at the User request and on the User behalf, they are not subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
However as we take the confidentiality of your health information very seriously we choose to adopt the strict rules of HIPAA in maintaining the privacy of Protected Health Information as such term is defined under the HIPAA ("PHI") and to provide you with notice of our assumed duties and privacy practices with respect to PHI (“NPP”).
This NPP describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This NPP also describes your rights with respect to your PHI.
2. WHAT IS PHI?
PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you or payment for such services.
3. USE AND DISCLOSURES OF PHI
- Treatment. We may use and disclose your PHI to provide and coordinate the treatment and services you receive. For example, we may disclose PHI to pharmacists, doctors, nurses, optometrists, and other personnel involved in your health care. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs.
- Payment. We may use and disclose your PHI in order to obtain payment for the health care products and services that we may provide to you and for other payment activities related to the Services that we provide. For example, we may contact your insurer, pharmacy benefit manager or other health care payor to determine whether it will pay for health care products and services you need and to determine the amount of your co-payment. The information on or accompanying the bill may include information that identifies you, as well as information about the Services or products that were provided to you. We may also disclose your PHI to other health care providers or HIPAA covered entities you are associated with, who may need it for their payment activities related to their engagement with you.
- Healthcare Operations. We may use PHI to improve the Properties and Services, marketing activities permitted under HIPAA (such as suggesting a health-related product that we make available to our Users), customer support, and other internal business management purposes.
- Third-Party Business Associates and Subcontractors. We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These Third Party Service Providers, referred to as Business Associates and/or Subcontractors, may need to access your PHI to perform services for us and in such case we will use our best efforts to ensure they are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
- To Communicate with Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, other relative, close personal friend, or any other person you identify, PHI directly relevant to that person's involvement in your care or payment related to your care. If a person has the authority by law to make health care decisions for you, we will generally regard that person as your "personal representative" and treat him or her the same way we would treat you with respect to your PHI.
- Food and Drug Administration ("FDA"). We may disclose to persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
- Public Health. We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA.
- Law Enforcement. We may disclose your PHI for law enforcement purposes as required or permitted by law for example, in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.
- Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.
- Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
- As Required by Law. We will disclose your PHI when required to do so by federal, state or local law.
4. YOUR HEALTH INFORMATION RIGHTS:
- Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy at our site, at: https://elliq.com/pages/privacy-policy, or by contacting us at: email@example.com.
- Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to firstname.lastname@example.org. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
- Inspect and obtain a copy of PHI. With a few exceptions, you have the right to access and obtain a copy of the PHI that we maintain about you. If we maintain an electronic health record containing your PHI, you have the right to request to obtain the PHI in an electronic format. To inspect or obtain a copy of your PHI, you must send a written request to email@example.com. You may ask us to send a copy of your PHI to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed.
- Request an amendment of PHI. If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to firstname.lastname@example.org. You must include a reason that supports your request. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it.
- Receive an accounting of disclosures of PHI. Apart from certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request, to entities or individuals other than you. To request an accounting, you must submit a request in writing to email@example.com. Your request must specify a time period.
- Notification of a Breach. You have a right to be notified following a breach of your unsecured PHI.