CSD Labs Privacy Policy

This Privacy Policy describes the ways in which CSD Labs GmbH (“CSD Labs,” “we,” “our,” or “us”) collect, use, and disclose information through our websites that links to this Privacy Policy, including (www.csdlabs.com, www.emurmur.com), all CSD Labs Products, CSD Labs applications, amenities, or portals available for computer, mobile device, and web platforms (“Services”) except for the eMurmur Primer and eMurmur University applications, which have a separate policy.

By using the Services, you consent to the processing of your information as set forth in this Privacy Policy, now and as amended by us. This Privacy Policy is incorporated by reference into the CSD Labs Terms of Use.

This Privacy Policy applies to information we can use to specifically identify you, such as your name, address, date of birth, contact information, username, Internet Protocol address or device identifiers when associated with a specific user (“Personal Information”). It does not apply to any Personal Information collected by CSD Labs through other means. The Privacy Policy also does not apply to any protected health information, or “PHI”. For information regarding protection of your PHI, please see your health care provider’s HIPAA Notice of Privacy Practices.

Information We Collect

As you use the Services, CSD Labs may collect several types of information, including:

  • Registration Information — Personal Information that a User provides when purchasing or signing up for CSD Labs Services, including name, billing and shipping addresses, email addresses, telephone number, payment information, and any usernames or passwords.
  • Patient Information — health-related information about an individual Patient that a User may provide directly to CSD Labs (e.g., via the eMurmur platform), including information about health conditions (e.g., VSD), personal traits (e.g., weight, height), ethnicity, and/or family history. CSD Labs collects this information if and when the User enters it into surveys, forms or features while signed in to the User’s account. Patient Information include Heart and Lung Sound Data — data collected by the Services from a Patient or derived from such data, including recorded heart sounds, lung sounds, heart rate, location on the body where the heart and/or lung sound was recorded, and other recorded data. This information is subject to the health care provider’s HIPAA notice of privacy practices, and not to this Privacy Policy.
  • User Content — all information other than Patient Information or Heart and Lung Sound Data generated by the User and transmitted to CSD Labs, including data, text, audio, photographs, video, messages, or other materials. For example, User Content includes posts made to any CSD Labs community forum or emails to Customer Support.
  • Usage Information – We and our service providers may collect certain information by automated means, such as cookies, web beacons, log files, and similar technology (explained more below), as you use the Services or open our emails. This includes data such as your Internet Protocol address, device characteristics, browser characteristics, operating system, language preferences, clickstream data (e.g., a list of pages or URLs visited before and after the website visit), search terms entered, and dates and times of visits to our Sites. This information allows us to recognize you and personalize your experience if you return to the Services, and to improve the Services and the services we provide.
    • Cookies — a “cookie” is a file that websites send to a visitor’s internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.
    • Web Beacons — A “web beacon”, also known as an internet tag, pixel tag, or clear GIF, is a clear graphic image that may be embedded in an email to record when a User opens the email or may be loaded by a web browser to record a User’s visit to a particular website.
    • Log Files — a “log file” is a file that records how users interact with websites or a server.

How We Use Information

In General — We, and our affiliates and subsidiaries, may use the information we collect for a number of purposes, including, but not limited to:

  • To provide you with Services, Products, or information you request;
  • To deliver and manage Customer Support and respond to inquiries;
  • To provide you with information about the Services or required notices;
  • To deliver marketing communications, promotional materials, or advertisements that may be of interest to you, and administer participation in special events, programs, offers, surveys, and other market research;
  • To improve our Services or products and/or to develop new products or services; perform quality control activities, conduct data analyses, and develop references for other users and/or health care providers to better understand symptoms or conditions.
  • To customize your experience when using the Services, such as by providing interactive or personalized elements and content on the Services;
  • To aggregate and de-identify certain information and use and share the resulting data for business purposes (e.g., to provide health-related statistics, trends, and services to our business partners or affiliates);
  • To detect, prevent, and respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Services; and
  • For other uses consistent with the context in which the data was collected.

We also may combine or aggregate any of the information we collect through the Services or elsewhere for any of these purposes, including delivering targeted advertisements that are based on your online activity. For information about how to opt-out of targeted advertisements, please see “Your Choices” below.

How We Share Information

We may disclose the information we collect from you through the Services:

  • to our affiliates and subsidiaries;
  • to service providers who work on our behalf and who have agreed to use the information solely in furtherance of our operations, including, but not limited to, service providers who provide order and payment processing services; process employment applications on our behalf; deliver marketing communications, promotional materials, or advertisements that may be of interest to you on our behalf;
  • to business partners who may deliver marketing communications, promotional materials, or advertisements about their own products or services that may be of interest to you;
  • as required by law, such as to comply with a subpoena or other legal process, or to comply with government reporting obligations;
  • when we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of the Services, or your safety or the safety of others, or (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Services; and
  • to affiliates, service providers, advisors, and other third parties to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, or sale of all or a portion of our assets.

In addition, we may share de-identified reports on user demographics and traffic patterns, as well as aggregated or de-identified information, with third parties.

To opt out of our sharing your Personal Information with our business partners for their own direct marketing purposes, please see “Your Choices” below.

Please note that we may also use third-party web analytics services on our Services, such as those of Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons collect usage information matched to an IP address, but not your personal information, to help us analyze how visitors use the Sites and improve the overall experience of the Sites. The analytics providers may also collect information about your use of other websites over time, if those websites also use the same analytics providers. To learn more about Google Analytics and how to opt out, please visit http://www.google.com/analytics/learn/privacy.html.

Research

Where we obtain a separate consent, CSD Labs may use and share Heart and Lung Sounds and Patient Information with third party research partners for the purpose of scientific study and publication in peer-reviewed scientific journals, which may ultimately result in commercial usage of such information, such as to develop drugs or devices to diagnose, predict, or treat health conditions. Research is generally intended to advance heart disease knowledge and to create, commercialize, or undertake activities toward the practical applications of our learnings to the improvement of health care. Registration Information will not be used for Research, except as necessary to contact a User regarding the Research.

Please note that if you or your Patient does not consent to participate in Research, CSD Labs may still use de-identified data for purposes such as those described in the “In General” section above.

Third Party Links

The Services may contain third-party links. You acknowledge and agree that we are not responsible for the collection and use of your information by such third parties that are not under our control. We encourage you to review the privacy policies of each website you visit.

Data Transfers and Processing

CSD Labs is headquartered in Austria, but we offer our Services in many different countries and we maintain databases in different countries. We may transfer your data to a CSD Labs database outside your country of domicile, potentially including countries which may not provide the same level of protection for your Personal Information as your home country, and may be available to the local government or its agencies under a lawful order. In addition, we may transfer your information outside your country of domicile to our affiliates, business partners, and service providers located in other countries. By using the Online Services, you consent to such transfer to, and processing in, these other countries, including the United States.

How We Protect Information

We strive to maintain reasonable administrative, technical, and physical safeguards designed to safeguard the information collected by the Services. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the Internet and wireless networks.

Your Choices

If you no longer wish to receive marketing communications from us or have us share your information with third parties for their marketing purposes, or if you wish to inquire about, make changes to, or request deletion of the information we have collected about you, please submit a request to support@csdlabs.com.

You may also opt out of receiving marketing emails by using the unsubscribe information available in our promotional emails. Please note that you may not opt-out of receiving non-promotional messages regarding the User’s account, such as technical notices, purchase confirmations, or Services-related emails.

If you do not want the Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Services. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies from the Services, however, the Services may not function as intended.

We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. Visit the following website, www.allaboutdnt.org, for more information on this developing area.

Children’s Information

The Services are not directed to, nor do we knowingly collect information from, children under the age of 13 without parental consent. If you have reason to believe that we may have collected your child’s personal information without your consent, please contact us at the contact information listed below.

Changes to this Privacy Policy

If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. If we make any revisions that materially change the ways in which we use or share the information previously collected from you through the Services, we will give you the opportunity to consent to such changes before applying them to that information.

Contact Us

If you have any questions about this Privacy Policy or our use of your information collected through the Services, please contact us at support@csdlabs.com, or at the following address:

CSD Labs GmbH
Nikolaiplatz 4
8020 Graz
Austria

#####

This Privacy Policy was last updated on January 4, 2017.