Privacy policy

CareSimple Inc. and CareSimple Canada Inc. ("CareSimple," "we," "us," or "our") operate the CareSimple Solution — comprised of CareSimple Medical Devices, a CareSimple Patient Application, a CareSimple Clinical Portal and a CareSimple Secured Cloud — together providing healthcare professionals with software solutions to support their Remote Patient Monitoring (RPM) programs.

Overview

CareSimple has a few online presences where this privacy policy applies, namely a corporate website, a product website and a software system to enable clinicians to remotely monitor their patients.

For its website, CareSimple uses the data you leave in the various contact forms to communicate back with you for sales, marketing and support services.

For its remote patient monitoring system, CareSimple has no plan to sell either your Personal data or Health data to anyone. CareSimple only sells to clinicians the secured data collection and patient engagement mechanisms, not the data itself. CareSimple may monitor system usage in order to improve the software's user experience or performance, use anonymized data to provide aggregated community stats and trends, and add online features to expand the usability and depth of its software offering.

By using the Services, you hereby consent to the collection, use, and disclosure of your Personal data (e.g. name, email address) and your patients' Personal data (e.g. name, email address, Health data) in accordance with this Privacy policy.

Definitions

• Data Controller (or HCP) means the natural or legal person who determines the purpose and the means of the processing of the Personal data — the healthcare professional, including supporting staff.
• Data Processor (or CareSimple) means the natural or legal person processing the Personal data on behalf of the Data Controller, including subcontractors.
• Data Subject (or User) means the physical person whose Personal data has been collected pursuant to the Services.
• Health data means data related to the physical and/or mental health of a natural person, including the provision of health care services, which reveal information about that natural subject.
• Personal data means any information (including Health data) related to an identifiable natural individual and collected pursuant to the Services.
• Services means the CareSimple website and all apps and software operated by CareSimple.

1.Why we collect your information

We collect, use, disclose and process Personal data to provide you with the Services and to improve your user experience and technical support. CareSimple may use your Personal data to contact and correspond with you; to respond to your inquiries; to track communications with you; to perform safety backups of your Personal data; to assist you or your healthcare professional in tracking your Health Data; to generate global statistics (anonymized data will be used for this purpose); to help the Company develop new services and software features that meet your needs; and to improve the Software.

2.What information we collect

We collect Personal data from you in several different ways when you interact with our Services:

• Active Personal data collection: You actively send information to us when you sign up as a member of the Services, participate in surveys, respond to us or otherwise contact us. Depending on your choices, you may send us Personal data about yourself and/or others — such as your email address, name, mailing address, phone number, birthday, and gender, as well as your child's due date/birthday, name, gender or healthcare portal user key. At all times, you determine what information you want to actively share with us.
• Health Data Processing: If you are using the Services in the course of the remote patient monitoring programs of a healthcare professional, you may actively send your Health Data throughout our Services to your healthcare professional. CareSimple shall only act as a Data Processor relating to your Health Data.
• Passive Information Collection: We also collect information about how you use and interact with our Services, including your IP address, the pages you visit, the date and time of your visit, the referring URL, and the device used. We also collect usage information — such as which feature you are using, for how long and when — and demographic information such as gender and age. The data collected does not identify you and is used to improve our Services' performance and appearance through your account connection.
• Third-Party Programs data: If you choose to connect Third-Party Applications, devices, websites or apps to the Services, CareSimple will generally receive your Personal data collected by said Third-Party Programs in order to integrate it into the Services. CareSimple does not warrant and is not responsible for the collection, use and disclosure of your Personal data made by Third-Party Programs. However, if you choose to connect Bluetooth Devices directly supported by our Services, then no Third-Party shall be involved in collecting your data.

3.Necessary collection, use and disclosure

CareSimple shall collect and use your Personal data only to the extent necessary to provide the Services and will not use it for purposes other than those for which it was initially collected. We keep your Personal data secured, encrypted and confidential and we do not disclose it, but note the following clarifications and exceptions:

• Law enforcement: We may share your Personal data to respond to law enforcement requests, court orders or other legal process, or if we believe disclosure is necessary to investigate, prevent or respond to illegal activities, fraud, physical threats, or as otherwise required by applicable law.
• Bluetooth devices: At the user's discretion, the Services may be connected by Bluetooth to health measuring devices, used solely to provide a "real-time" experience. If you do not wish to have your Personal data transmitted by Bluetooth, you may disable Bluetooth or simply not connect the devices.
• Cellular devices: At the user's discretion, the Services may be connected by cellular technology to health measuring cellular devices. This cellular communication is part of the RPM service and does not use your own personal cellular connection. If you do not wish to have your Personal data transmitted by cellular, you may ask to be remotely monitored by Bluetooth devices only.
• Aggregated Statistics and Reports: We freely use and disclose data in anonymous form, for example in statistics or reports.
• Authorized personnel: Our employees and authorized independent contractors may have access to your Personal data for the purpose of helping us administer and run our Services, on a "need to know" basis, and under strict confidentiality and security obligations.
• Business transfers: CareSimple may disclose your Personal data to an acquiring organization as part of the sale or transfer of some or all of its assets, but will require such organization to protect the privacy of your Personal data in a manner consistent with this policy and applicable law.
• Express consent: CareSimple shall also disclose your Personal data at your express request.

4.Data Controller of your Health data

By using the Services in the course of your medical treatment by a healthcare provider, that healthcare professional shall obtain a verbal or written consent from you to collect, use and disclose your Personal data and Health data. That professional may modify, add and/or erase your data; may provide alerts to you through the Services; and may share your data with its clinical staff or healthcare partners who require access to patient information, within the requirements of applicable regional privacy laws such as HIPAA.

At all times, your healthcare professional is the Data Controller of Health data. CareSimple shall act as the Data Processor of your Health data for your healthcare provider.

5.Personal data hosting and storing

Except for non-identifiable and anonymized information which CareSimple may store in perpetuity and in any reasonable location, CareSimple shall host and store your Personal data for a maximum of 6 months after you delete your account, ask for the deletion of your account, or have your account deleted by your healthcare professional. After such period, CareSimple may delete your stored Personal data, with respect to the applicable laws.

Your Personal data may be stored in locations outside of your state or country with respect to applicable regional laws, such as HIPAA (United States), the Personal Information Protection and Electronic Documents Act (Canada), and Quebec's Privacy Act, Law 25. In compliance with the California Consumer Privacy Act (CCPA) § 1798.105 and the Confidentiality of Medical Information Act (CMIA) § 56.11, CareSimple shall ensure the protection and confidentiality of your Personal and Health data as required by California law.

6.Access and update

You have the right to access and obtain copies of your Personal data. You also have the right to update, rectify and correct any Personal data that you believe is inaccurate or incomplete. To do so, please contact our Privacy officer at privacy@caresimple.com.

7.Withdrawal of consent and opt-out

If you do not agree with our methods of using your Personal data as set out in this Privacy Policy, you may withdraw your consent to the use, collection and disclosure of your Personal data by contacting CareSimple's Privacy officer at privacy@caresimple.com. Additionally, we routinely provide "opt out" or "unsubscribe" instructions on our Electronic Communications.

8.Generally not suitable for children under the age of 13

CareSimple Services are not intended for children under the age of 13. We do not knowingly collect Personal data via the Services from users in this age group. We do, however, collect information about children and babies provided by the parents or legal guardians of such children or babies. We ask our Services' users not to provide information about any baby or child without first getting their parents' or legal guardians' consent.

In the event that the Services have been used by a child under the age of 13 to store information of that child without parental consent, CareSimple is authorized to delete, in its entirety, any of the information stored, and reserves the right to revoke any license to use the Services. We also do not intentionally collect or maintain information in the Services from those visitors and Users who are under 18 years old.

9.Third-Party Programs

CareSimple is not responsible for the behavior, features or content of linked Third-Party Programs, or Third-Party Programs framed within the Services, or provided as search results, and does not make any representations regarding their content or accuracy. Your use of these Third-Party Programs is at your own risk and is subject to their terms of use and Privacy policy. CareSimple does not endorse any product, service, or treatment advertised in the Services.

10.Security

CareSimple uses commercially reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal data we collect. However, CareSimple can't fully eliminate security and/or privacy risks associated with Personal data created, stored or transferred using the internet and internet technologies. CareSimple, as the Data Processor, shall not be liable for any breach, unauthorized disclosure or unlawful use of your Personal data or Health data that was, at the time of the breach, under the control of your healthcare professional.

11.Electronic communications (e-mails)

Your email address may be used to send you Electronic Communications from time to time. At any time, you may ask us to stop sending you Electronic Communications by contacting privacy@caresimple.com or using the unsubscribe mechanisms provided at the bottom of such communication.

12.SMS communications

Your mobile phone number may be used to send you Electronic Communications via SMS or WhatsApp from time to time. These communications may include service updates, reminders, or other relevant information. You may ask us to stop receiving messages as explained in our Terms of Use.

13.Changes to this Privacy Policy

We reserve the right to amend this Privacy policy from time to time without any prior notice or warning. The collection, use and disclosure of your Personal data by CareSimple will be governed by the latest version of this Policy. New versions of this Policy will be posted at caresimple.com/privacy-policy.

14.End User License Agreements

The End User License Agreement, available in our Terms of Use and governing your use of the Services, contains important provisions disclaiming and excluding the liability of CareSimple and others in relation to your use of the Services, and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes. Each of those provisions also applies to any disputes that may arise in relation to this Policy.

15.Cookies, tracking technologies & your choices

Our website uses cookies and similar technologies, grouped into the following categories. Strictly necessary cookies — including the ones that keep the site secure and remember your cookie choices — are always active because the site can't function without them. With your consent (or, in U.S. states whose laws permit it, unless you opt out) we also use:

• Functional — remember your preferences and enable enhanced features and personalization.
• Performance — privacy-friendly, aggregate measurement of page visits and traffic sources, so we can understand what's useful and improve the site.
• Targeting — set by us or our marketing partners to measure campaign performance, build a profile of your interests, and show you more relevant content.

We also set first-party cookies to remember your cookie choices (kept for up to 180 days) and to apply the correct consent model for your region.

Managing your choices. Visitors in the European Union, United Kingdom, EEA, Quebec, and other consent-required regions are asked to opt in before any non-essential cookies load. Visitors elsewhere may opt out at any time. You can review or change your choices whenever you like: Manage cookie preferences

Do Not Sell or Share My Personal Information. CareSimple does not sell your personal information for money. To the extent any use of analytics or marketing cookies constitutes a "sale" or "sharing" of personal information under the California Consumer Privacy Act (CCPA/CPRA) or comparable U.S. state privacy laws, you may opt out using the cookie preferences above or the "Do Not Sell or Share My Personal Information" link in our website footer.

Global Privacy Control (GPC). We honor the Global Privacy Control signal: if your browser or extension sends a GPC signal, we treat it as a request to opt out of the sale or sharing of personal information and disable marketing cookies accordingly. We do not currently respond to legacy "Do Not Track" (DNT) browser signals, as they lack a common, agreed-upon standard.

16.Access, comments, and questions

To get the best use of the Services, please keep your information accurate, current, and complete by routinely updating your user profile. If you have any questions, comments or concerns regarding this Privacy Policy, please contact our Privacy Officer:

Email: privacy@caresimple.com · Website: www.caresimple.com