December 21, 2016.
Rythm, Inc., and its parents and affiliates (collectively “Rythm”, “we”, “us”, or “our”), are committed to keeping any and all personal information collected from individuals that visit our website and who use our headband and other products (collectively, the “Products”), mobile application and/or software (the “Application”) and services (collectively with the Products and Application, the, “Services”) confidential, secure and private.
We collect and use the following information to provide, improve and protect our Services:
We may collect certain information that you specifically and intentionally provide to us. For example, when you create a user account with us, we may collect personal information about you such as your name, email address, phone number, age, sex, and physical address. We may also collect financial information that you choose to share with us, such as your credit or debit card number, billing address, and other billing information. Other unique information that we may collect includes product and service preferences, contact preferences, educational and employment background, and job interest data.
We also may collect information that you do not specifically and intentionally provide to us. This would include your Internet Protocol address, browser type and language, the device you are using to access the Services, your Internet Service Provider, referring and exit pages, click data, traffic data, log information and your operating system. This information, together with information found in the previous paragraph, shall be referred to as “Personal Information”.
In addition, we may collect certain health-related information that you provide to us through your use of the Services. This includes information about your sleep habits, including the time you sleep, your sleep quality, the results of regular electroencephalograms (EEGs) performed by the Product, and other information pertaining to your health and sleep quality (collectively “Health Information”).
WE DO NOT AND WILL NOT KNOWINGLY ALLOW ANYONE UNDER 13 YEARS OF AGE TO PROVIDE US ANY PERSONAL IDENTIFYING INFORMATION. USERS OF THE SERVICES WILL BE DEEMED TO HAVE FULL CONTROL OVER THEIR PRODUCTS AND USER ACCOUNTS, AND MUST ENSURE THAT NO CHILDREN UNDER THE AGE OF 13 USE OUR SERVICES IN ANY MANNER WHICH WOULD PROVIDE US OR ANY THIRD PARTY WITH ANY PERSONAL INFORMATION OF A CHILD. IF WE LEARN THAT WE HAVE COLLECTED PERSONAL INFORMATION FROM A CHILD UNDER AGE 13, WE WILL DELETE THAT INFORMATION AS QUICKLY AS POSSIBLE. IF YOU BELIEVE THAT WE MIGHT HAVE ANY PERSONAL INFORMATION ABOUT A CHILD UNDER AGE 13, PLEASE CONTACT US USING THE CONTACT INFORMATION PROVIDED BELOW.
You can access, review and/or update your user profile and settings on the Site, or within the Application. Both the Site and the Application which will allow you to modify, update, or restrict access to certain information.
You, of course, may choose to limit access and disclosure of your Personal or Health Information. However, this may limit your experience with, and ability to use, the Services.
We use the information that we collect for the express purpose of providing, operating, maintaining and improving the Services. Your Personal and Health Information will not be sold, exchanged, transferred, or given to any other person or entity for any other reason whatsoever, without your consent, except as follows:
Some of the Health Information we collect may constitute “protected health information” (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder(including, but not limited to, the Privacy Rule and the Security Rule) (collectively, “HIPAA”). Accordingly, we will never disclose any Health Information that we believe to be PHI to your employer, your health plan, any health care provider, or any health care clearinghouse (as such terms are defined in HIPAA).
If and when we do transfer PHI we have collected to any of the above entities, we will be required to execute a business associate agreement with such entity.
RYTHM DOES NOT HONOR “DO NOT TRACK ME” REQUESTS, ALTHOUGH INDIVIDUAL BROWSERS MAY EMPLOY SUCH POLICIES AND USERS CAN, THEREFORE, INVOKE SUCH MEASURES.
Rythm employs certain physical, administrative, and technical safeguards to help protect your Personal and Health Information. Please note, however, that this is not a guarantee that your information will remain secure. We cannot guarantee or warrant the security of any information you transmit to Rythm, and you transfer such information at your own risk.
Rythm uses reasonable security controls to protect your data and information from loss, misuse, unauthorized access, disclosure, alteration and destruction. The personal information you provide us is stored on computer systems located in controlled facilities which have limited access, and only carefully selected, authorized personnel have access to unencrypted user information. When collecting or transferring sensitive information such as credit card information, we use a variety of additional security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. When we transmit sensitive information over the internet, we protect it through the use of advanced encryption techniques, such as the Secure Socket Layer (SSL) protocol, and firewall.
Additionally, as part of real-time payment processing, Rythm may subscribe to fraud management services, and require any vendors or partners who process and store financial information for Rythm to comply with the Payment Card Industry Data Security Standard (PCI-DSS). These services and protocols provide Rythm with an extra level of security to guard against credit card fraud and to protect your financial data. Despite these precautions, no security safeguards guarantee 100% security all of the time, and no guarantees are made with respect to the same.
Rythm limits access to personal information about you to those employees who we reasonably believe need to come into contact with that information to provide products or services to you in order to do their jobs.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By providing information to us via the Services, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. We may post a notice on our Site if a security breach occurs. We may also send you an email to the address you have provided us.
If you have any questions, complaints or disputes regarding the manner in which we use or protect your information, please contact us using the contact information provided below. We will investigate and attempt to resolve any complaints and disputes in a reasonable time and in a manner that complies with the principles described in this Policy.
In any legal action hereunder, the prevailing party shall be entitled to attorney’s fees and costs.
The information collected from United States users are hosted in the United States. The information collected from European Union users are hosted in Ireland. The information collected from users from any other region is hosted in Ireland.