Last Updated: Oct 17, 2022
Table of Contents
- Collection and Use of Personal Data
- Patient User Rights
- Protection of Personal Data?
- Advertising, Marketing and Tracking
- California Privacy Rights
This notice describes how Personal Data (defined below) and/or medical information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.
We at Knox Medical Diagnostics, Inc. d/b/a Aluna (â€œweâ€, â€œusâ€, the â€œCompanyâ€, or â€œAlunaâ€) value your privacy and are committed to keeping your personal data confidential. We use your data solely in the context of providing the Aluna application (the â€œAppâ€) to connect you with your healthcare provider (each, a â€œProvider Userâ€) who may monitor and analyze your health conditions through lung health data such as FEV1% and PEF (as defined below) that we collect through an FDA-cleared digital spirometry device (the â€œDeviceâ€) and information about your medications, symptoms, environmental factors, and activity levels that you report on the App. The App and the Device, including all relevant content and functionality associated with the App and the Device, are referred to collectively as the â€œServices.â€
For additional information related to how we use and disclose your Personal Data, health data, PHI, and/or medical records data, please contact our Privacy Officer at firstname.lastname@example.org.
- You name;
- Your login email address; and
- A statement that you are requesting account deletion.
Questions or Concerns
Collection and Use of Personal Data
What Personal Data Does Aluna Collect?
We collect six types of information from our Patient Users: (i) demographic data; (ii) device data; (iii) self-reported health data; (iv) support data; (v) technology data; and (vi) geolocation data. Each category of data is explained in depth below.
- Demographic Data: Aluna collects demographic data from Patient Users, which may include, but not be limited to, your name, birth date, gender, height, ethnicity, phone number, and e-mail address. The collection of this demographic data is primarily used to create your User Account, which you can use to securely receive the Services.
- Device Data: We will collect information about your condition from a connected digital spirometry device. This will include data about your Forced Expiratory Volume (â€œFEV1%â€) and Peak Expiratory Flow (â€œPEFâ€). We collect this information to provide you with the Services and to provide your health care provider (i.e., the Provider User associated with your Device) with the information necessary to monitor and analyze your health condition.
- Self-Reported Health Data: In addition to Demographic and Device Data, we will collect information about circumstances that may be affecting your health including medication usage, respiratory symptoms, environmental factors, and exercise activities that you report via the App. We collect this information to provide you with the Services and to provide your designated Provider User with the information necessary to monitor and analyze your health condition.
- Technology Data: We use common information-gathering tools and similar technologies to automatically collect information, which may contain Personal Data from your computer or mobile device as you navigate our App or interact with emails or other communications we have sent you. The information we collect may include your IP address (or proxy server), Device and App identification numbers, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Services, and ensure the proper functioning and security of the App and Services.
- Geolocation Data: With your consent, we may collect information about your location from your mobile device (â€œGeolocation Dataâ€). We use Geolocation Data for the purposes of identifying environmental factors that could affect your lung health.
How Will Aluna Use Your Personal Data?
More specifically, Aluna processes your Personal Data for the following legitimate business purposes:
- To provide the Services;
- To communicate with you about and manage your User Account and/or the Device;
- To properly store and track your data within our system;
- To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;
- To protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages;
- To handle technical support and other requests from you;
- To manage and improve our operations and Services, including the development of additional functionality;
- To manage payment processing, if any;
- To evaluate the quality of service you receive, identify usage trends, and improve your user experience;
- To keep our Services safe and secure;
- To send you information about changes to our terms, conditions, and policies; and
- To enable you to share Personal Data with your designated Provider User, which enables that Provider User to monitor your condition as he/she deems appropriate.
Does Aluna Use Personal Data for Analytics?
Aluna or our third-party service providers may use Personal Data to monitor or analyze the use of the Services. Presently, Aluna uses Firebase and internal analytics tools to gather insights on how you use and interact with the Services.
Where Is Personal Data Processed?
The Personal Data we collect through the Services will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States. The App is â€œnativeâ€ to your device, meaning information you enter into the App may also be stored directly on the device that you use to access and enter information into the App.
With Whom Does Aluna Share Personal Data?
We may share your personal information with the following categories of individuals/entities:
- Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (â€œBusiness Partnersâ€). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Services on our behalf, perform Service-related functions, or assist us in analyzing how our Services are used. Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners's use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer services, and payment processing.
- Our Advisors: We may share your Personal Data with third parties that provide advisory services to Aluna, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, â€œAdvisorsâ€). Personal Data will only be shared with Advisors if Aluna has a legitimate business interest in the sharing of such data.
- Provider Users: Your App and Device must be assigned to one or more Provider Users. As part of the Services, we will share your Personal Data with your assigned Provider User(s). If at any point you want to deny access to one or more Provider Users or be assigned to a new Provider User, you can do so by emailing email@example.com.
- Third Parties Upon Your Direction or Consent: You may direct Aluna to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.
- Third Parties Pursuant to Business Transfers: In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Aluna's corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.
- Third-Party Researchers: With your consent, we may share de-identified data that is derived from your Personal Data with third parties for research purposes. This means that the data we share with third parties for research purposes will not identify you.
How Long Does Aluna Retain Personal Data?
Aluna retains your Personal Data only as long as necessary and as required for our business operations, the provision of Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention will depend on: (i) the amount, nature, and sensitivity of the Personal Data; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which we process your Personal Data, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. In general, Aluna strives to retain your data for no longer than 10 years after your Account is closed (the â€œRetention Periodâ€); however, the above factors may extend or decrease this Retention Period.
At the end of the applicable Retention Period, we will remove your Personal Data from our databases and will require that our Business Partners remove any identifiable Personal Data from their databases. If there is any data that we are unable to delete entirely from our systems for technical reasons, we will put in place appropriate measures to prevent any further processing of such data. Please note that once we disclose your Personal Data to third parties, we may not be able to access that Personal Data and we cannot force the deletion or modification of such information by third parties.
How Does Aluna Protect Minors?
The Children's Online Privacy Protection Act ("COPPA") protects the collection of identifiable information from children under the age of 13. If your child is under the age of 13, you must give parental consent prior to allowing your child to use the Services.
The Aluna App does not allow children or any user to make a child's information publicly available. You have the right to review or ask us to delete your child's personal information, as well as to refuse to permit us to further collect or use your child's personal information. To exercise these rights, please contact us at firstname.lastname@example.org with your request.
If you are a resident of California under the age of 18 and have registered for a User Account with us, you may ask us to remove Personal Data that you have entered on the App.
Patient User Rights
What Rights Do Patient Users Have Concerning Their Personal Data?
As a user of Aluna's Services, you have certain rights relating to your Personal Data. These rights are subject to local data protection and privacy laws, and may include the right to:
- Access Personal Data held by Aluna;
- Erase/delete your Personal Data, to the extent permitted by applicable data protection and privacy laws and to the extent technologically feasible;
- Receive communications related to the processing of your Personal Data;
- Restrict the processing of your Personal Data to the extent permitted by law;
- Object to the further processing of your Personal Data, including the right to object to marketing;
- Request that your Personal Data be transferred to a third party, if possible;
- Receive your Personal Data in a structured, commonly used, and machine-readable format; and/or
- Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.
Where the processing of your Personal Data by Aluna is based on consent, you have the right to withdraw that consent at any time. If you would like to withdraw your consent or exercise any of the above rights, please contact us at email@example.com.
How Can Patient Users Update, Correct, or Delete Personal Data or Their User Account?
You have the right to request restrictions on uses and disclosures of your Personal Data. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate.
If you need to make changes or corrections to information contained in your User Account, you may contact us at firstname.lastname@example.org. In order to comply with certain requests to limit use of your Personal Data, we may need to terminate your ability to access and/or use some or all of the Services. By requesting to limit use of your personal data or delete personal DATA, you acknowledge and agree that ALUNA will not be liable to you for any corresponding limitation in the scope of Services or termination of Services as necessary to comply with your request.
You have the right to request deletion of any Personal Data from your User Account or the Services. To request deletion of your Personal Data, please email us at email@example.com and include a description of the Personal Data you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.
Should you decide to delete your User Account entirely, you may do so by emailing firstname.lastname@example.org. By terminating your User Account, you agree that you will not be able to access any information previously contained in your User Account. You further understand that it may not be technologically possible to remove all of your Personal Data from our systems. While we will use reasonable efforts to remove your Personal Data, the need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
Protection of Personal Data?
Is Personal Data Secure?
Aluna understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to: (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.
While Aluna uses reasonable security controls, we cannot guarantee or warrant that such techniques will prevent unauthorized access to your personal DATA. ALUNA IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. You assume the risk that unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your personal DATA at any time.
What Safeguards Does Aluna Have in Place to Secure Personal Data?
Aluna stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access logs and controls.
Can Patient Users Protect Their Personal Data?
You are solely responsible for preventing unauthorized access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Aluna has no access to or control over your device's security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use to access our Services.
Please note that Aluna will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from Aluna, please notify us at email@example.com.
Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Aluna immediately.
What If Aluna Experiences a Data or Security Breach?
In the event of a data or security breach, Aluna will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Aluna's control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Aluna in connection with such security incident; (iii) as applicable, cooperate with any affected Aluna user or client in accordance with the terms of Aluna's contract with such user or client; and (iv) document and record actions taken by Aluna in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Aluna will notify you of any data or security breaches as required by and in accordance with applicable law.
Advertising, Marketing and Tracking
Does Aluna Send Marketing or Advertisement Materials?
Presently, Aluna does not send marketing or advertisement materials. In the event that Aluna uses your Personal Data to contact you with newsletters, marketing, or promotional materials, and other information that may be of interest to you, you may opt out of receiving such messages at any time by following the unsubscribe link within the applicable message or by contacting us.
Can Patient Users Opt Out of Receiving Communications from Aluna?
We may send important and time-sensitive communications, including emails, to you regarding your User Account, the Services, or the Device. You can choose to filter any User Account, Services, and Device emails using your email settings, but we do not provide an option for you to opt out of these communications.
If you consent to receive marketing or other communications not related to your User Account, the Services, or the Device, we will provide you with the option to opt out of such marketing communications within the applicable message.
Do Not Track Disclosure
Some web browsers may transmit do not track ("DNT") signals to websites with which the user communicates. To date, there is no industry standard for DNT, and users cannot know how a given company responds to a DNT signal they receive from browsers. Aluna is committed to remaining apprised of DNT standards. However, Aluna does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow Aluna to respond to signals or other mechanisms regarding the collection of your personal information.
California Privacy Rights
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask for and obtain from us an annual list identifying the categories of personal customer information which we shared, if any, with our affiliates and/or third parties in the preceding calendar year for marketing purposes. This list will be provided free of charge. Contact information for such affiliates and/or third parties must be included. If you are a California resident and would like a copy of this notice, please submit a written request to the following address:
Knox Diagnostics, Inc. d/b/a Aluna
345 California Street, Suite 600
San Francisco, CA 94104