Nitelog Privacy Statement

Updated: May 15, 2020

At Breas, We value security and privacy in designing all our Products, software and services, including Vivo 50, Vivo 55, Vivo 65, Vivo 45, Vivo 45 LS, Vivo 1, Vivo 2, Vivo 3, Z1 CPAP, Z1 APAP, Z2 CPAP and Z2 APAP, and NiteLog (each, a “Product” and, collectively, the “Products”). By downloading and/or using a Breas App, You agree that you have read and accepted this Privacy Notice.

We collect, store and use Your data in the manner set out in this Privacy Notice for the purpose of complying with Our obligations to You when You acquire a Product.

****

In this Privacy Notice, the term “Device” refers to one or more of Breas’s ventilators, including Vivo 50, Vivo 55, Vivo 65, Vivo 45, Vivo 45 LS, Vivo 1, Vivo 2, and Vivo 3; and Breas’s travel CPAP device, including Z1 CPAP, Z1 APAP, Z2 CPAP and Z2 APAP.

In this Privacy Notice, the term “Breas App” refers to one or more software developed by Breas and licensed to You, including NiteLog, and each App includes any past, current, and future version licensed to You.

In this Privacy Notice, the term “Smart Device” refers to a third party device where a Breas App is downloaded and used by You.

In this Privacy Notice, the term “Cloud” refers to a cloud-based services that Your data can be and/or are stored. Breas Cloud is not available in Europe.

In this Privacy Notice, the terms “You” and “Yours” refer to the person using any Product.

In this Privacy Notice “We,” “Our,” “Us,” and “Breas” refer to:

Breas Medical, Inc., a Delaware corporate with a principal place of business at 16 Esquire Road, North Billerica, Massachusetts 01862, United States of America, if Your usual place of residence is in the North, South, or Central America;

Breas Medical AB, a Swedish company with a principal place of business at Företagsvägen 1, 435 33 Mölnlycke, Sweden, if Your usual place of residence is in Europe; or 

Breas Medical Ltd., a British company with a principal place of business at Unit A2, The Bridge Business Centre, Timothy’s Bridge Road, Stratford-Upon-Avon, Warwickshire, CV37 9HW, United Kingdom, if Your usual place of residence is in the United Kingdom.

****

The Privacy Notice is delivered in accordance with local data protection laws. Breas is responsible to ensure Your personal data, including special categories of personal data (such as health data), is processed and protected under the principles and safeguards in the local legislation applicable to You. The Privacy Notice provides You with information about Your rights and the privacy practices that govern how We process Your data.

About this Privacy Notice

This Privacy Notice provides the following information:

Why do We process Your personal data?

What data are collected and how are they obtained and used?

What data that are used in Breas App but We do not collect?

How do We protect Your data?

Whom do We share Your personal data with?

Where are Your data currently hosted and processed?

How long do We retain Your personal data?

What are Your personal data rights?

Use of Breas App by children

Updates to this Privacy Notice

Questions and complaints

What is Your right to lodge a complaint with a supervisory authority?

1. Why do We process Your personal data?

Under certain laws, We are required to state the legal basis for processing Your personal data and special data category, including:

(a) you have given consent to the processing of your personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which we are subject;

(d) processing is necessary in order to protect your vital interests or of the vital interests of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

(f) processing is necessary for the purposes of the legitimate interests pursued by US or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child.

We process Your personal data on the legal basis that processing is required to provide You with Breas App and that processing is required to comply with Our legal obligations. We rely on Your consent to process any health data that is classified as a special category of personal data.

2. What data are collected and how are they obtained and used?

a. Personal data when You first use Breas App.

When You first use Breas App, You will be prompted to sign up an account with Breas App with First Name, Last Name, Date of Birth, Phone Number (optional), Patient ID (optional), and email address. You are also required to create a password to access the account.

These data, which You voluntarily provide to Us, are processed to fulfil a contract with You concerning Us providing an account to You as well as administering the account and enable You to securely use Your account on Breas App and the Cloud. These data will be stored unless You, at Your decision and convenience, delete Your account.

In Europe, You will not be required to register for an account or provide any personal information.

b. Personal data when You download from device

During the use of Breas App, You have the option of download from Your device to Your Smart Device the following data: 

i. Sleep data: Time when a therapy started and stopped; the number of apnea events; the number of hypopnea events; and pressure.

ii. Device data and settings: treatment settings; Device name; Device serial number; and Device Firmware version.

Sleep and Device data are used to: (1) calculate the apnea-hypopnea index (AHI) (as set out in details in Breas App User Guide); and (2) provide compliance reports. These data do not personally identify You or any other users of Breas App.

b. Data when You upload Your Device data to Cloud through Breas App.

In Europe, You will not be able to upload Your Device data to Cloud.

In other regions, during the use of Breas App, You have the option of synchronizing Your data in Breas App with the Cloud. You can choose to transmit and store Your data either on the Cloud or locally on Your Smart Device. If You choose to store Your data in the Cloud, the following is collected:

i. Sleep data: Time when a therapy started and stopped; the number of apnea events; the number of hypopnea events; and pressure.

ii. Device data and settings: treatment settings; Device name; Device serial number; and Device Firmware version.

Sleep and Device data are used to: (1) calculate the apnea-hypopnea index (AHI) (as set out in details in Breas App User Guide); and (2) provide compliance report. These data does not personally identify You or any other users of Breas App.

c. Personal data when You contact Us with a question

If You contact Us through Our homepage, the following data are collected:

i. Personal data: email address and information that You provide as part of Your feedback; and

ii. Web browsing data: information collected through cookies, i.e., IP-address, personal data related to Your device/browser (from which area in the country You use Our website and which screen resolution you have) and Your activities on the website.

These data, which You voluntarily provide to Us when leaving feedback, are processed in order to enable Us to improve the user experience of Our website and will be stored for a period of three months after receipt of Your feedback.

d. Special categories of personal data

Other than the special categories of personal data (health data) described in this Privacy Notice, We do not intentionally collect or maintain, and do not want You to provide, any information regarding Your race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.

Note: In Europe, Breas App is designed as a stand-alone mobile application. This means that You do not need to register, have an account or log in when You use Breas App.

In other regions, You will be required to register for an account with Your First Name, Last Name, Date of Birth, Phone Number (optional), Patient ID (optional), and email address.

e. Collection and use of anonymous data

No applicable.

3. Data used in Breas App that We do not collect

a. Data displayed on Breas App

When You sync Your Device with Breas App, all of Your data will be displayed in your Smart Device but will not be collected by Us.

b. Data stored only on Breas App and not transmitted to the Cloud

If You do not allow Breas App to upload Your Device data to the Cloud, these data will be stored in Breas App locally on Your Smart Device unless You delete them.

Breas App provides you with an option of deleting data from Your Smart Device. If you choose this Option, all Device data on Your Smart Device will be deleted.

In Europe, all Device data on Your Smart Device will remain even if You close and log out Breas App. In other regions, if You close and log out Breas App from Your Smart Device, all Device data on Your Smart Device will be deleted as Well. We do not have access to any data stored on Your Smart Device.

In any event, We do not have access to and thus do not collect any data stored on Your Smart Device.

4. How We protect Your data

We use a combination of technical and administrative security controls to maintain the security of Your data. For example, We use strong encryption when You allow the transmission of data from Breas App to the Cloud and when Your data is at rest either on Breas App or in Our Cloud (if You choose to store Your data there). Despite the security measures employed by Us, You should be aware that it is impossible to guarantee absolute security with respect to data protection. If We confirm that Your personal data has been subjected to a data breach, We will follow applicable data breach notifications laws.

If You choose to store Your Device data in Breas App on Your Smart Device, We recommend that You:

In Europe, delete Your data from Your Smart Device after each use; and in other regions, close and log out of the Breas App after each use as it deletes Device data from the Smart Device;

Enable the remote data wipe function on Your Smart Device as this allows You to remotely erase personal data from Your Smart Device if it goes missing (refer to Your Smart Device user instructions);

Enable PIN, fingerprint, or facial recognition security on Your Smart Device (refer to Your Smart Device user instructions);

Avoid unsafe modification of the Smart Device operating system such as “rooting” or “jailbreaking”;

Keep Your operating system up-to-date with security patches;

Update Your Breas App whenever updates are available from the App Store™ and Google Play™ store. Ensure that You always have the latest version installed on Your Smart Device.

We will make reasonable efforts to ensure that the personal data collected is the minimum necessary to fulfill the purposes described in this Privacy Notice.

5. Whom do We share Your personal data with?

We do not sell or rent Your personal data. We only share Your personal data in accordance to this Privacy Notice, with Your consent, and only to the extent permitted by applicable law.

We may share Your personal data with any affiliate or subsidiary of Breas, and any company owned or controlled by Breas;

We may share Your personal data if some or all of the business of Breas is transferred to another entity by way of merger, sale of its assets or otherwise.

We may share Your personal data in limited circumstances and in a controlled and secured manner, with third-party data processors and service providers We engage to provide certain aspects of Breas App service on Our behalf. These data processors and service providers are contractually required to keep Your personal data confidential and to use Your personal data for the sole purpose of performing the services We asked them to provide. They may not use Your personal data for any other purpose.

We may share Your personal data if We are required to do so by law.

You control what healthcare or home medical equipment provider You want to share Your Device data with.

6. Where are Your data currently hosted and processed?

a. Sleep and Device data

If You choose to store Your data on the Cloud, the data will be hosted and processed according to where You are located:

European users: Cloud is not available

All other users: United States

If You choose not to have Your sleep and Device data on the Cloud, Your data will only be hosted locally on Breas App on Your smart device.

You can change Your data storage by selecting “Data” in the main menu and selecting either “Download Data from Device” or “Sync with Cloud.” You can also delete data from Your Smart Device by selecting “Delete Data from This Phone” option.

b. Contacting Us by email

Whenever You send Us an email at breasinfo@breas.com, SupportUS@breas.com, or orderUS@breas.com, any personal data provided in the email, including the email address, will be stored on Our servers in the United States.

Whenever You send Us an email at breas@breas.com, any personal data provided in the email, including the email address, will be stored and processed on Our servers in Europe.

The European Commission has the power to determine whether a country outside the European Union offers an adequate level of data protection if data is processed in that country. We rely on the European Commission’s adequacy decision in relation to Canada.

7. How long do We retain Your personal data?

In Europe, We do not retain any of Your data.

In other regions, any data retained in Cloud will remain.

8. What are Your personal data rights?

Subject to local laws and when applicable, You can request that We:

provide a copy of personal data We have about You on file, including a copy of the personal data You knowingly and actively provided Us (including any data We may generate by Your activity);

delete Your personal data from Our systems;

restrict how We process Your personal data if the accuracy of the data is being disputed, processing is unlawful, You oppose its deletion or the data is no longer needed by Us but needed for Your personal legal reasons.

If We have a legal obligation to retain any of Your personal data, We will inform You of this obligation.

Upon Your request, We will transmit a copy of this data to another data controller or processor.

You can send Us a request by emailing Us at supportUS@breas.com.  Your rights are not absolute and We will assess them on Your request. As We do not control or process Your data if You are in Europe, We will not be able to provide any of Your data, delete Your data, or otherwise process Your data.

When You send Us Your request, We may need to verify Your identity prior to disclosing Your personal data or taking any action on it.

9. Use of Breas App by children

We do not knowingly collect personal data from children. Breas App is not intended for, or directed to, children. If You are under 13 years of age or otherwise considered a minor under the laws of Your country of residence, please do not download or use Breas App at any time or in any manner. If a parent or legal guardian becomes aware that their child has provided Us with personal data without appropriate consent, please contact Us by sending an email to supportUS@breas.com. If We confirm that a user is a minor and has provided Us with their personal data, We will delete their information from Our databases. As We do not collect any personal data in Europe, We do not control or process who uses Breas App and the right of control or processing personal data resides with You.

10. Updates to this Privacy Notice

We may update this Privacy Notice from time to time. We encourage You to review this Privacy Notice regularly. Each Privacy Notice includes the date on which it was last updated. If We change this Privacy Notice, We will notify You as appropriate. If We make a material change, We will ask You to review and re-accept the Privacy Notice. Your continued use of Breas App and the Device confirms Your acceptance of Our Privacy Notice, as amended. If You do not agree to Our amended Privacy Notice, You may choose to discontinue using Breas App and the Device.

11. Questions and complaints

If You have questions or concerns about this Privacy Notice, or You want to make a complaint about a possible breach of local privacy laws, please contact one of the following offices:

Europe

Information Government

Breas Medical AB

Företagsvägen 1

435 33 Mölnlycke, Sweden

Outside Europe

Privacy Office

Spire DME, LLC

16 Esquire Road

North Billerica, Massachusetts 01862

United States of America

12. What is Your right to lodge a complaint with a supervisory authority?

If You are unsatisfied with Our response to Your personal data question or request, You have the right to complain to a supervisory authority in the location where You live or work, or where the alleged infringement of Your personal data rights took place. 

If You ask us, We will try to provide You with information about relevant complaint options that may be applicable to Your circumstances.