top of page

Product Privacy Policy

PRODUCT PRIVACY POLICY

Last updated January 11, 2024


1.    INTRODUCTION AND GENERAL BACKGROUND

1.1.    HeraMED US INC. and its affiliates ("HeraMED", "we" or "us") presents this privacy policy, as may be amended from time to time (the "Privacy Policy" or "Policy") in order to provide our Users (defined below) information about HeraMED’s privacy and data protection practices in relation to Information that is collected, used and/or otherwise processed by HeraMED and/or third parties acting on its behalf, through its proprietary mobile applications for Patients named "HeraCARE" and "HeraBEAT" (the "App(s)") and its corresponding platform for Care Providers to manage the information through a dashboard (the "Platform") which are complementary tools to HeraMED’s propriety product known as the HeraBEAT Ultrasound Doppler Monitor Device, together with all its accessories and connected devices, such as blood pressure and scale  (collectively, the "Device(s)").

1.2.    The App enables the User to perform certain actions, manage and administer the Patient’s Care Plan and to manage the connection with the Devices.

1.3.    The Patient’s use of the Services provided through the App is subject to the App’s Terms and Conditions and the Care Provider’s use of the Platform is subject to the Platform’s Terms and Conditions, as may be amended and/or updated from time to time (collectively, "T&Cs").

1.4.    In the United States, the core use of this App is governed by the Health Insurance Portability and Accountability Act of 1996, as amended from time to time ("HIPAA"). This Privacy Policy applies only if and to the extent HIPAA does not apply.

1.5.    If the Patients are using the App to communicate with a Healthcare Provider and manage and administer the Care Plan, HeraMED will collect and store Protected Health Information ("PHI") (as defined by HIPAA) on behalf of the Healthcare Provider as a business associate. As a business associate, HeraMED cannot use or disclose PHI in a way that is prohibited by either HIPAA or the terms of HeraMED’s business associate agreement with the Healthcare Provider. For information on how the Healthcare Provider collects, uses, and shares your PHI, please refer to the Healthcare Provider’s notice of privacy practices.

1.6.    If the Patient or the Care Provider, as applicable, decides to invite a new Patient or Care Provider to use the App and/or the Platform, such new Users will use the App and the Platform, subject to this Privacy Policy and the App’s Terms and Conditions or the Platform’s Terms and Conditions, as applicable.

1.7.    For any questions or requests, you can contact us at: privacy@hera-med.com or via the ‘Contact Us’ form on the top right of our website: https://www.hera-med.com 


WE STRONGLY URGE YOU TO READ THIS PRIVACY POLICY CAREFULLY BEFORE YOU START TO USE OUR SERVICES.

2.    YOUR CONSENT (APPLICABLE FOR ISRAELI USERS ONLY)

2.1.    By using the App and/or the Platform, you hereby provide your informed consent to the collection, process and use of your Personal Information by HeraMED (including the transfer of such Personal Information to third parties, as set forth in the Privacy policy, all, for the purposes and the terms set forth in this Privacy Policy.

2.2.    The Personal Information you provide will be stored in our Database(s) (as defined in the Privacy Protection Law 5741-1981 (the "PPL")), and will be processed by HeraMED (including, third parties acting on our behalf) for the purposes and the terms as specified in this Privacy Policy.

3.    DEFINITIONS

For the purpose of this Privacy Policy, the following terms shall have the respective meanings set forth besides them:


3.1.    "Account" means the any User’s account on the App or the Platform.


3.2.    "Care Plan" means the monitoring program for pregnancy and postpartum care and any instructions given by your Care Provider.


3.3.    "Care Provider(s)" means an individual or healthcare professional who provides healthcare services to the Patient, at Patient’s choice and administers or oversees the Patient’s Care Plan; and who is employed by or retained by or receive authorization from the Patient and/or their Healthcare Provider.


3.4.    "Administrator Care Provider" means Care Provider entitled to invite new Care Provider(s) to register for the Platform.


3.5.    "Care Information" means all Personal Information processed through the App or on the Platform about a Patient, including information uploaded by the User, generated when the User interacts with the App, or information entered into the Platform by a Care Provider about the Patient.


3.6.    "Data Protection Laws" means the Privacy Protection Law 5741-1981 (the "PPL") and any regulations promulgated thereto, as amended, supplemented and superseded from time to time ("Israeli Data Protection Legislation"), HIPAA, and any other privacy and data protection laws applicable to HeraMED with respect to processing Personal Information, according to the terms of the Privacy Policy.


3.7.    "Healthcare Provider(s)" means a legal entity that provides the Patient with health care services such as a hospital, clinic, community health center, medical practitioner, birthing center, HMO, health system, or any other medical institution and/or provider with whom the Patient is treated and which employ the Care Provider(s). 


3.8.    "Patient(s)" means an individual using the Device(s) and who has downloaded the App from the Virtual Store to its Mobile Device in order to (i) support and manage her Care Plan and connect Devices via the HeraCARE App and (ii) use the HeraBEAT App in combination with the HeraBEAT Device.


3.9.    "Personal Information" means any information processed on the App and/or Platform, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person, consumer or household, or as otherwise defined in the Data Protection Laws.


3.10.    "Processing" shall have the meanings ascribed to it or to any essentially similar term in the Data Protection Laws.


3.11.    "User", "you" or "your" (including any alterations thereof) means any individual that uses the App and/or Platform, including, Patient and Care Provider. 


3.12.    "Services" and "Virtual Stores" shall have the meaning ascribed to it in the T&Cs.


Capitalized terms which are not defined herein shall have the meaning ascribed to them in the T&Cs. 


4.    COLLECTION OF PERSONAL INFORMATION – GENERAL PROVISIONS


4.1.    No legal requirement. You (i.e., the Patient) have no legal obligation to provide us with any Personal Information when you Use the App, and the provision of it is solely based on your free will. 


4.2.    However, you are aware that without the provision of your Personal Information, we will not be able to enable you to access and use the App and your Care Provider and/or Healthcare Provider will not be able to provide you with services through the Platform.

5.    PERSONAL INFORMATION WE PROCESS AND THE PURPOSES OF PROCESSING WHEN YOU REGISTER FOR THE APP AND THE PLATFORM


5.1.    Personal Information provided by the Patient through the App when you register for the App:
When you register for the App, you provide us with the following Personal Information:


5.1.1.    Your mandatory identifiers: your first and last name, date of birth, phone number and email address. We use this information to set up your Account in the App and contact you about the Services. We will use your email address or any other contact information you have provided us, (i) to contact you by e-mail, with general or personalized service-related messages (e.g., system maintenance notices); (ii) to contact you by e-mail with updates messages (e.g., new features and services); and (iii) to respond to inquiries. 


5.1.2.    Your mandatory medical information: your Medical Record Number (MRN) and estimated due date (EDD) or Last Menstrual Period (LMP). We will use this information to supplement and enrich your medical file.


5.2.    Care Information provided by the Care Provider through the Platform when the Care Provider invites the Patient to register for the App:


5.2.1.    Patient optional identifiers: Patient’s date of birth and phone number. We will use this information to set up Patient’s account. Please note that this Care Information is optional because the Care Provider will include it in the invitation if he/she has it and we may use this information to contact you about the Services. However, you, i.e., the Patient, will be required to review this Care Information and amend it if needed. 


5.2.2.    Patient optional medical information: Patient’s estimated due date (EDD) or Last Menstrual Period (LMP). We will use this information to set up Patient’s account. Please note that this Care Information is optional because the Care Provider will include it in the invitation if he/she has it. However, you, i.e., the Patient, will be required to review this Care Information and amend it if needed. 

5.3.    Personal Information provided by the Care Provider when the Care Provider registers for the use of the Platform: 
When you register to the Platform, you provide us with the following Personal Information:


5.3.1.    Your mandatory identifiers: your first and last name, phone number and email address. We use this information to set up your Account in the Platform and contact you about the Services. We will use your email address or any other contact information you have provided us, (i) to contact you by e-mail, with general or personalized service-related messages (e.g., system maintenance notices); (ii) to contact you by e-mail with updates messages (e.g., new features and services); and (iii) to respond to inquiries. 


5.4.    Personal Information provided by the Administrator Care Provider through the Platform when the Administrator Care Provider invites new Care Provider to register for the Platform:


5.4.1.    Care Provider optional identifiers: Care Provider’s phone number. We may use this information (i) to set up Care Provider’s account; (ii) for authentication purposes; and (iii) to contact you about the Services. Please note that this Personal Information is optional because the Care Provider will include it in the invitation if he/she has it. However, you, i.e., the Care Provider, will be required to review this Personal Information and amend it if needed.

6.    PERSONAL INFORMATION WE PROCESS AND THE PURPOSES OF PROCESSING WHEN YOU CREATE YOUR ACCOUNT FOR THE APP OR THE PLATFORM


6.1.    Personal Information provided by the Patient through the App when you create your Account:
After registering your Account for the App, we will ask you for your Account details and therefore, you provide us with the following Personal Information:


6.1.1.    Your identifiers: your first and last name, date of birth, email address, phone number and the password you choose. We use this information to personalize your Account in the App and set up your Account.


6.1.2.    Your pregnancy details: your last menstrual period date, pre-pregnancy weight, height, estimated due date (EDD) or Last Menstrual Period (LMP), We will use and share this information with your Care Provider to provide you with the appropriate Care Plan.

6.2.    Personal Information provided by the Care Provider through the Platform when you create your Account:
After registering your Account in the Platform, we will ask you for your Account details and therefore, you provide us with the following Personal Information:


6.2.1.    Your identifiers: your first and last name, date of birth, email address, phone number and the password you choose. We use this information to personalize your Account in the Platform and set up your Account.

7.    CARE INFORMATION WE PROCESS AND THE PURPOSES OF PROCESSING WHEN YOU USE THE APP OR PLATFORM


7.1.    Care Information we collect from Care Provider(s): When you, i.e., the Care Provider uses the Platform, you may record additional Care Information that you choose to the Platform, including health information (e.g., placenta position, maternity formula, gestational age, number of fetuses, spontaneous pregnancy, fundal height, covid vaccination status, comorbidities, covid outcomes) for the purpose of monitoring and assisting the Patient in the Care Plan. 


7.2.    Care Information we collect from Patient(s):


7.2.1.    When you, i.e., the Patient, use the App and the Device(s), the following health/medical Care Information collected through the Device(s) and/or the App is transmitted to the App and the Platform: Fetal Heart Rate (FHR), Maternal Heart Rate (MHR), blood pressure, weight gain, count movements, feel movements, glucose, mood surveys and other devices and assessments that may be part of the Platform. We use this information to provide the Services through the App and to provide access to such Information to your Care Provider through the Platform in order to improve your Care Plan.


7.2.2.    When you use chat messages with your Care Provider through the App, we collect any Personal Information provided to your Care Provider, such as measurement results of Device(s) that are not supported by the App and any information you include in the chat functions on the App. We use this information to improve your Care Plan and facilitate the communication with Users.

 
7.3.    Information automatically collected or generated from the App and the Platform, including Information extracted by the App from the Mobile Device and the Device: 


7.3.1.    Statistical Information from the App. HeraMED collects statistical Information about how Users locate and navigate the App, such as: your mobile device brand, mobile device model, country, time zone, operating system type and version, settings used, session time. We use this Information to (i) monitor and analyze your use of the App; (ii) develop, customize and improve the App; (iii) support and enhance our data security measures of the App, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity; (iv) technical administration and troubleshooting of the App; and (vi) research and further development, analysis and statistics.


7.3.2.    Statistical Information from the Platform. HeraMED collects statistical Information about how Users locate and navigate the Platform, such as: browser type, operating system version, referring URL, session time. We use this information to (i) monitor and analyze your use of the Platform; (ii) develop, customize and improve the Platform; (iii) support and enhance our data security measures of the Platform, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity; (iv) technical administration and troubleshooting of the Platform; and (v) research and further development, analysis and statistics.


7.3.3.    Information from the Device. When you are using the App and allow the App to automatically collect information from the Device on which it is installed, HeraMED collects information about how Patient uses the Device, such as: the Device ID, Device Firmware version, time and date of Device use, history of Device use. We use this Information to (i) ensuring the App is connected to your Device (ii) monitor and analyze your use of the Device; (iii) develop, customize and improve the Device; (iv) technical administration and troubleshooting of the Device; and (v) update the Device.


7.3.4.    Anonymous Information from the App and the Platform. In addition, we render Personal Information anonymous to create aggregated statistical data, or anonymized or pseudonymized data, which we or our business partners may use to provide and improve our respective Services.
7.4.    Tracking technologies 


7.4.1.    Usage Information. We use essential, performance, tracking technologies to collect information about your interaction with our App and Platform, such as what you access, what you click on, the frequency of access, and how much time you spend on the App and the Platform. We use this information to: (i) track you within the Services; (ii) enhance user experience; (iii) conduct analytics to improve the Services; (iv) prevent fraudulent use of the Services; and (v) diagnosis and repair Services errors, and, in cases of abuse, track and mitigate the abuse. 

7.4.2.    Device Information. We use essential, performance, tracking technologies to collect certain information about the Mobile Device you use to access the Services, such as browser type, browser language, hardware model, operating system, and Mobile Device preferences. We use this information to: (i) track you within the Services; (ii) enhance user experience; (iii) conduct analytics to improve the Services; (iv) prevent fraudulent use of the Services; and (v) diagnosis and repair Services errors, and, in cases of abuse, track and mitigate the abuse.

7.4.3.    Use of Cookies. Cookies are a commonly-used web technology that allow websites and apps to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including cookies. Cookies and similar technologies can help us automatically identify you when you return to the Platform or App. Cookies help us review traffic patterns and improve the Platform and App, determine what Services are popular. We can also use such information to deliver customized content. If a User does not want information collected through the use of cookies, most browsers allow to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the full features our Services provide. We currently use the following technological tools for the collection of Information, as detailed in Sections ‎7.3 and ‎7.4 above: 

7.4.3.1.    Google Analytics is used to analyze how users interact with our App and Platform. For information about how Google uses the information provided to Google Analytics see https://www.google.com/analytics/terms/. Depending on your browser, you may control the information provided to Google by using the Google Analytics opt-out browser add-on (if any). Further information about your option to opt-out of these analytics services is available at: https://tools.google.com/dlpage/gaoptout/ 


7.4.3.2.    Typeform is used for User surveys (e.g. Patient satisfaction survey). The Information is saved with user unique ID only. For information on how Typeform uses information it collects, see https://admin.typeform.com/to/dwk6gt?typeformsource=www.google.com 


7.4.3.3.    Firebase Crashlytics is used to get App crash information for debugging. For information on how Firebase uses information it collects, see https://firebase.google.com/support/privacy 


7.4.4.    Essential Cookies. In addition to the Personal Information identified above, when you use the App and the Platform, we and our third-party providers collect your internet and other electronic network activity (e.g., IP Address, internet service provider, browser type and version etc.) via cookies to make the App and Platform work as you expect it to. Our authentication/authorization service uses essential cookies for verification of identity of Patients using the App as well as for Care Providers using the Platform. If you do not provide this information, we would not be able to provide the App or Platform, respectively. 

7.4.5.    For Users in the US: We do not respond to web browser-based DNT signals at this time, but we do not collect information about users’ online activities across third-party websites. For more information, visit: https://www.eff.org/issues/do-not-track 

7.5.    In addition, we use Personal Information to exercise or defend our legal rights, resolve disputes, comply with any applicable law (including Data Protection Laws), or other requests from authorized authority(ies).  


8.    HOW LONG DO WE RETAIN THE INFORMATION?


8.1.    We retain the User's Personal Information for as long as such Users are using our Services. If a User ceases to use our Services, we may continue to retain certain Personal Information of that User for the period required by our legal and regulatory obligations and/or for accounting purposes (i.e., as required by applicable laws regulating our Services, for bookkeeping purposes, and in order to have proof and evidence concerning our relationship with that User, should any legal issues arise following the User’s discontinuance of use of our Services).


8.2.    Please note that except as required by applicable law, we will not be obligated to retain your Information for any particular period, and we are free to securely delete it for any reason and at any time, with or without notice to you.

9.    WHO DO WE SHARE PERSONAL INFORMATION WITH?


9.1.    We may share your Information with certain third parties, as detailed below:


9.1.1.    Compliance with Applicable Laws, Legal Orders and Authorities. We may disclose or allow government and law enforcement officials access to certain Personal Information, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally compelled to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.


9.1.2.    Service Providers and Business Partners. We share Personal Information with selected third party companies and individuals we engage to perform the Services on our behalf (such as cloud vendors, data hosting services, data analytics services, IT services, chat and video services, and our business, legal, financial and compliance advisors). We only provide such service providers with Personal Information so they can perform their required functions on our behalf. 


9.1.3.    With our Affiliates. Your Personal Information will be shared with our affiliates who are providing some of the Services and for internal administrative purposes (for example, ensuring consistent and coherent delivery of Services, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).


9.1.4.    Enforce our Rights. We may transfer Personal Information in order to take any action in case of dispute involving you with respect to the App and/or Platform; to establish, protect, or exercise our legal rights; as required to enforce the T&Cs or other contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights.


9.1.5.    Business Transfer. We may share Personal Information in connection with any proposed or actual financing, reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).


9.1.6.    Virtual Stores. To the extent required, we may share certain Personal Information with Virtual Stores, in order to comply with our contractual obligations pertaining to the use of the Virtual Stores.


9.2.    Please note that, in the preceding twelve (12) months, we may have shared your internet or other electronic network activity information collected through cookies and other tracking technologies with our data analytics providers and with our Service Providers and Business Partners. 

10.    HOW WE PROTECT INFORMATION


10.1.    We endeavor to maintain appropriate administrative, technical and physical safeguards designed to protect the Personal Information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.


10.2.    We have put in place physical, administrative, and technical policies and controls designed to help prevent unauthorized access and maintain Personal Information security and confidentiality such as, encryption in transit and at rest, periodical penetration tests, authentication and authorization controls, and secure development life cycle process. 


10.3.    However, although we make every effort to protect the Personal Information which you provide to us or we generate, we cannot completely ensure the security of any Personal Information you transmit to us over the internet or guarantee that this Personal Information will not be accessed, disclosed, altered, or destroyed nor do we have any control over the security measures incorporated by the Virtual Stores where the App is hosted.

11.    YOUR RIGHTS


11.1.    You may have the right to access and review your Personal Information that is stored in our Database(s) (as defined in the PPL) and provide a request for update, amendment and/or deletion if it is inaccurate or incorrect, by contacting us at privacy@hera-med.com or by clicking on the ‘Contact Us’ button on the top right of our website (www.hera-med.com). We will act in accordance with the applicable Data Protection Laws in order to comply with your request. However, we may retain certain Personal Information as deemed required by and/or as otherwise permitted by applicable law (including Data Protection Laws). Your rights may differ depending on your jurisdiction.


11.2.    Rights of California Residents: If our processing of your Personal Information is subject to the California Consumer Privacy Act (CCPA) you are entitled to the following rights:


11.2.1.    Right to Access. You have the right to request what Personal Information we have collected, used, disclosed, and sold about you within the preceding twelve (12) months.


11.2.2.    Right to Deletion. You have the right to request the deletion of your Personal Information that we collect or maintain, subject to certain exceptions.


11.2.3.    Right to Opt-Out. You have the right to opt-out of the sale of your Personal Information to third parties. We do not have actual knowledge that we sell Personal Information.


11.2.4.    Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA. 

11.3.    When you ask us to exercise any of your rights under this Privacy Policy and the Data Protection Laws, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the Personal Information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.


11.4.    Only you may make a request related to your Personal Information. If you are a California resident a request can be made by a person registered with the California Secretary of State that you authorize to act on your behalf, in such event you must provide us with signed documentation that you have authorized an agent to act on your behalf.


11.5.    You may terminate your Account by contacting your Care Provider or your Healthcare Provider, as applicable. We may retain any Account Information for internal purposes or as otherwise provided in this Privacy Policy and our T&Cs.

12.    INTERNATIONAL DATA TRANSFERS


12.1.    We may host, store, process, maintain or transfer the Personal Information to various sites worldwide, outside your jurisdiction including through cloud based service providers (excluding the US Personal Information) 


12.2.    By using the App and/or Platform, you hereby provide your informed consent to the use and/or processing and/or hosting, storage and/or transfer of the Personal Information to countries outside your jurisdiction or country, if such informed consent is required under Data Protection Laws (excluding US law).


12.3.    Where specific laws or regulations relating to data transfer apply to us, we will endeavor to ensure that the Personal Information is protected and transferred in a manner consistent with legal requirements.

13.    CHILDREN


13.1.    The App and the Platform is directed towards and designed for use by persons aged 18 and older. We do not solicit or knowingly collect Personal Information from children under the age of 18.


13.2.    If we nevertheless receive Personal Information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 18, we will endeavor to delete such information from our systems. 


13.3.    If you are an individual under the age of 18, you are required not to use our App and/or Services, and de-install the App from your Mobile Device.


14.    CHANGES TO THIS PRIVACY POLICY


14.1.    This Privacy Policy may change from time to time. If we decide to change our Privacy Policy, we will post new privacy policy in our App and on the Platform accompanied with a notice indicating that some changes have been made. Each version of this Privacy Notice will be identified by its effective date, which you can find at the top of this Policy. The new privacy policy will be effective from the date mentioned at the top page of the new policy. 


14.2.    If there are any material changes to the Privacy Policy, we will notify you by prominently posting on the App. 


14.3.    Your continued use of the App or Platform after we post such notice constitutes your agreement to any such changes.

15.    Contacting us


If you have any questions about this Privacy Policy, or in the event that you wish to exercise certain rights you are eligible for with respect to your Personal Information, please contact us by email at privacy@hera-med.com or by clicking on the ‘Contact Us’ button on the top right of our Website (www.hera-med.com). 

All rights reserved © HeraMED US Inc. 
 

bottom of page