App Privacy Policy

Introduction

This Privacy Policy (this “Notice”) includes information about the types of data that may be collected by the developer or its third-party partners during app usage, services, and communications sent as part of, in connection with, or relating to such software and information services (our “Services). We are committed to protecting the privacy of patients, customers, and partners.

By using the Services, you are consenting to our collection, use, disclosure, and transfer of your information as described in this Notice. This Privacy Policy is not a contract and does not create any contractual rights or obligations.

About Kestra Medical Technologies, Inc.

At Kestra Medical Technologies, Inc. (“Kestra”), it is our mission to provide innovative, intuitive medical technologies to protect and support at-risk patients. At the heart of Kestra is an uncompromising commitment to the highest quality our customers expect, and patients trust.

Throughout this Notice, “Kestra” refers to Kestra Medical Technologies, Inc., including its affiliated companies and subsidiaries (also referred to as “we,” “us” and “our”). You can find information on how to contact us in the section titled “Contact Information” below. You can also find additional contact and location information on our website at: https://kestramedical.com/contact/.

This notice is specific to Protected Health Information (PHI) because all information collected by the app can be classified as such. Protected Health Information is managed according to requirements outlined under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”). Accordingly, our use of such information is governed by our agreement with your provider and applicable law, including without limitation, HIPAA. Please submit all requests and questions related to your Protected Health Information directly to your health care provider.

Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case Kestra will comply with local legal requirements, to the extent applicable. If you reside in California, Colorado, Connecticut, Utah or Virginia, the section titled “Locale Specific Law Privacy Rights” below may apply to you.

Information We Collect and How We Collect It

When you use our Services, Kestra may collect information about you, including:

• Personal information, which means information that identifies an individual or relates to an identifiable individual or household. Personal information may include your name and contact information, such as your name, email address, User ID, and phone number. We can collect emergency contact information, if provided. We collect this information directly from you, for example, when you submit information through our Services, complete one of our webforms or applications, or communicate with a Kestra agent.

• Usage Data, which is information that we automatically collect about your app usage, including your use of the Services and the information made available by app store providers, as well as information on how you interact with our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your location. Crash data is collected when an app crash is registered, the system collects diagnostic information to contribute to resolution of issues. Usage Data generally does not directly identify an individual but may constitute Personal information in some instances. We use this information to ensure you have a good experience and can identify issues to serve you better.

• Health data, which includes all the various kinds of data (events, trends, episodes, patient entered health symptoms, etc.) recorded by the Wearable Cardiac Device (WCD) is transferred to Kestra. Anonymized health data can be used for a variety of purposes, including product improvements.

• Fitness data, includes step count and hours worn. This is collected to provide physicians information on the activity levels of their patients, and to prove wear time for billing purposes.

• Precise location data, this is only collected when an event is detected and is provided to ERS (Emergency Response Services) for the purposes of dispatching emergency services.

• Any other information you choose to provide, such as during telephone interviews with our agents.

Surveys, Feedback, and Informational Programs

You may be contacted for surveys, feedback, or information programs to help improve your experience or certain features of our Services. You may choose to provide us with additional information while participating. Participation in surveys and like requests are voluntary.

How We Use Your Information

We use personal information about you, including personal information, for the following purposes, or as otherwise described in this Notice:

• To develop, operate, improve, deliver, maintain, and protect our Services including new functionality and features;

• Responding to questions and communications, or obtaining your feedback about our Services;

• Preparing and delivering announcements about features, functionality, terms of use, or other aspects of our Services or your interests and informing you about offers for services or products we believe may be of interest to you, including from third parties;

• Analyzing usage trends and patterns and measuring the effectiveness of content, programs, or the features or functionality of the Services, including emails that may be sent by us to you;

• Preparing reports for any of the purposes described in this Notice, including for current or future sponsors, providers, or other partners to show utilization or trends about the use of our products and Services;

• Safeguarding, protecting, and securing our Services, the information we collect, and the rights of us, our users or third parties, and to comply with legal requirements, including applicable laws, rules, regulations, contractual obligations, Terms of Use and our policies;

• Verify your identity and detect and prevent fraud or other unauthorized or illegal activity;

• Any other purpose described in this Notice; or

• When we otherwise have your permission.

How We Share Your Information

We may share information about you, including personal information, as follows, or as otherwise described in this Notice:

• With vendors, consultants and other service providers who need access to such information to carry out work or perform services on our behalf;

• In response to requests from local, state, provincial or federal law enforcement officials, any judicial, administrative or similar proceeding or order, such as a subpoena if we believe disclosure is in accordance with, or required by any applicable law;

• If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Kestra and others;

• To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the Services’ rules or policies, or the rights of third parties or to investigate any suspected conduct which we deem improper;

• In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;

• Between and among Kestra and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;

• With your consent or at your direction; and

• As otherwise permitted or required by law.

Children’s Information

Kestra Services are not directed to minors. We do not knowingly collect or solicit personal information from children under 18. If you are a child under 18, please do not attempt to register for or otherwise use the Services or send us any personal information. If we learn we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal information, please contact us immediately.

How We Protect Your Information

The privacy and security of your personal information is important to us. We employ a variety of reasonable safeguards to protect the confidentiality, integrity, and availability of this information. Although Kestra attempts to protect the personal information in our possession, no security system is perfect, and Kestra cannot promise that your personal information will remain absolutely secure in all circumstances.

Third-party Websites and Integrations

Our Services may provide, or third parties may provide, links to other websites or resources. This Notice applies only to our app and other Services. It does not apply to products and services offered by third parties, including websites and other online services to which our websites may display links. When you click on such links, you may be redirected to websites or interactive services operated by third parties, who have their own information practices. We do not have control over how any third party collects or uses information, so we recommend that you review their privacy policies to learn of their practices.

How Long We Retain Your Information

We keep your personal information for no longer than necessary for the business need for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise, or defend our legal rights.

We may be required under applicable laws or regulations to retain information about you for extended periods of time or indefinitely. We may also have independent obligations under applicable laws or regulations to retain some information indefinitely.

United States Only

The Services are intended for use only in the United States of America. If you use the Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) by using the Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Notice.

Locale Specific Law Privacy Rights

California Privacy Disclosures

Your app may offer you a “Do Not Track” option, which allows you to signal to operators of apps and web applications and services that you do not wish such operators to track certain of your online activities over time and across different apps. Our Services support Do Not Track requests. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Categories of Information We Collect, Use, and Disclose for Business Purposes

As described in the “Information We Collect and How We Collect It” section, we collect the following categories of personal information listed below regarding California residents:

Categories of Sources from Which the Personal Information is Collected

• Directly from you;

• Indirectly from you, which includes information collected in course of delivering services and information collected automatically through use of our Services;

• Other third parties that interact with us in connection with our Services;

• Health care providers;

• Employees and prospective employees; and

• Other vendors/suppliers.

Business or Commercial Purposes for Collecting Personal Information

Kestra uses the personal information we collect about California residents for the purposes set forth in the Section titled “How We Use Your Information.”

Your Privacy Rights

If you reside in certain states, such as California, Colorado, Connecticut, Utah or Virginia, you may have legal rights with respect to your personal information.  You may have the right to: (i) request additional disclosures about the personal information we collect, use, and share; (ii) request access to and deletion of your personal information, subject to certain exceptions; (iii) opt out of the sale and sharing of your personal information; (iv) correct inaccurate personal information that we maintain about you; (v) limit the use and disclosure of sensitive personal information; and (vi) obtain a copy of your personal information. We will not discriminate against you for exercising any of these rights.

Methods for Submitting Requests

If you wish to exercise any of these rights, please email Privacy@kestramedical.com with the phrase “Privacy Rights” in the subject line. You may also send a request to us via mail at 3933 Lake Washington Blvd NE, St 300, Kirkland, WA 98033 (please mark the envelope ‘Data Protection Officer’) or call us toll free at (800) 957-0028. We will process your request within the timeframe provided by applicable law. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. You may have the right to appeal our decision with respect to a request you have submitted by emailing us at Privacy@kestramedical.com. Additionally, if we retain your personal information only in de-identified form, we will not attempt to re-identify your data in response to a privacy rights request.

If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.

Authorized Agents

You may use an authorized agent to submit a right to know or right to deletion request. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request for you. To protect your personal information, we reserve the right to deny a request from an agent that does not submit adequate proof that you authorized them to act for you.

Sales and Sharing of Personal Information

Under the CCPA, a ‘sale’ is defined broadly to include disclosing or making available personal information to a third-party in exchange for monetary compensation or other benefits or value, and ‘share’ broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. As such, we do not sell or share personal information.

We share personal information about California residents as set forth in the section titled “How We Share Your Information.”

Verification

When you exercise your right to know or right to delete, we will take steps to verify your identity with a reasonably high degree of certainty before processing your request. We may ask for additional information so that we can verify your identity. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. We will only use the personal information you provide to us in response to this request to verify your identity and to process your request, unless you initially provided the information for another purpose. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Shine the Light

Individuals who are California residents may request (i) a list of categories of personal information disclosed to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please send us an email or a letter to the addresses in the section entitled "Contact Information" below and specify you are making a "California Shine the Light” request. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

Changes to This Notice

We may update this Notice when changes occur to what data we collect, how it is used, or the parties involved. When we make changes, we will update the “effective on” date to reflect the current status. In other instances where we make material changes, we will use reasonable efforts to notify you of the change. For example, by posting a prominent notice on our website or sending you an email. Continued use of our site or Services means you acknowledge and accept the privacy practices as described herein.

Contact Information

If you have questions or are concerned that any of your privacy rights have been violated, wish to exercise any of your rights described in this Notice, or ask questions about those rights, please contact us at:

Phone: (800) 957-0028

Email: privacy@kestramedical.com 

Mailing:

ATTN: PRIVACY OFFICER
KESTRA MEDICAL TECHNOLOGIES, INC.
3933 LAKE WASHINGTON BLVD., SUITE 200
KIRKLAND, WA 98033
UNITED STATES OF AMERICA

Privacy Notice Updates

Effective January 4th, 2024

80706-001_A