Privacy
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE ONDO SERVICES.
Last Updated Date: March 10, 2021
This privacy policy (“Privacy Policy”), together with our Terms of Service, represents ONDO’s privacy practices as it pertains to our websites, hardware products, mobile applications, and any other online services ONDO may provide (collectively, the “Services”). Please read this Privacy Policy carefully. By accepting this Privacy Policy or otherwise accessing, visiting or using the Services, you acknowledge and consent to the data collection and use practices described in this Privacy Policy.
When using ONDO Services, you will be asked to acknowledge and, where appropriate, to give consent to the practices laid out in this policy.
If you are providing personal information about another individual, you must have their consent or other legal right to provide such information to ONDO.
About Us
ONDO Bands are intended to measure human body temperature and are reusable for use on individuals of all ages. ONDO also develops population health insights using aggregated data collected from our Services.
Any personal information obtained and maintained by ONDO will be in compliance with applicable state and federal laws and regulations governing the security and confidentiality of such information, including but not limited to HIPAA and HITECH.
Information Collected or Received
ONDO aims to collect the least amount of personal information needed for specified, explicit and legitimate purposes. In operating our Services, we may collect and process the following types of information about you:
DATA WHEN (examples) WHY
Device information and product usage data such as traffic data, IP address, device ID, cookies, or which pages you viewed or features you interacted with When you use our Services To help identify and troubleshoot any technical or performance issues; to provide a seamless experience for users across sessions
Health data such as temperature, symptoms, medications taken, diagnosis, time of incidence of the illness or symptoms, or treatment seeking behavior When you use an ONDO Band or enter information into our Services To allow you to track your health history over time and to provide personalized illness guidance; to aggregate geographic illness trends; to use, solely in de-identifiable form, for research purposes
Account information such as e-mail address, username, or password When you sign up to use our Services To allow you to back up your data and access it on multiple devices; to communicate with you
Profile information such as birthdate, gender, or name When you create a user profile within the Services To provide personalized illness guidance and a customized app experience; birthdate and gender may be used solely in de-identifiable form, for research purposes
Geolocation If you permit our Services to access it To enable syncing of readings from the thermometer to the Services; to aggregate geographic illness trends; to use, solely in de-identifiable form, for research purposes
Relationships to people or places such as which school your child attends or your place of employment If you sign up to participate in specific programs with ONDO’s third party customers To manage program logistics such as delivering thermometers; to provide de-identified and aggregate information on the health situation at a certain location; to use, solely in de-identifiable form, for research purposes
Other information you may provide directly to ONDO For example, when you fill out forms or if you contact customer support As necessary to fulfill your request
Use of Personal Information
ONDO collects personal information for two primary purposes:
Creating Aggregated Data Sets: ONDO uses data to help track and curb the spread of disease and allow healthcare providers to provide superior care and management. In particular we use data from ONDO products to generate aggregated data sets which help inform where and when illness is spreading. We also use de-identified health data for research purposes.
Personalizing Your ONDO Experience: In our Services you can enter or share personal information (e.g. illness history, name, age, gender, location) in order to keep a record of you and/or your family’s health information over time and receive guidance on how severe an illness may be and what to do next. You can also create an account by entering your email address or user identifier, in order to access your data on multiple devices or in the event your device is lost or stolen.
In the event that you receive your ONDO Band via your employer, health plan, health providers, or educational institution, our Services may recognize that your thermometer is associated with that particular entity and may provide customized guidance and resources. We will not share your health data nor your personal information with such entity without your explicit permission – and then only in limited or specified ways that you consent to.
We may send you communications through push notifications, email, and SMS relating to our products and Services. You may opt-out of such notifications by changing the settings in the Services or on your device, or otherwise by contacting us as set forth below. In particular, you can opt-out from receiving marketing-related emails by following the unsubscribe instructions provided in each email. If you can sign-in to your ONDO account, you may be able to change your communication preferences under the relevant section of the Services.
Additionally, we may use personal information from or about you:
1. To provide you the Services, respond to your inquiries, and fulfill your requests;
2. In a de-identified form, in combination with other de-identified data collected from third-parties for research purposes;
3. To send you important information regarding our relationship with you or regarding our Services, changes to our terms, conditions, and policies and/or other administrative information; and
4. For our internal business purposes, such as data analysis, audits, research, developing new products or services, improving our Services, identifying Services usage trends, and determining the effectiveness of our Services.
How we Share or Disclose Information
ONDO may share user information with third parties in the following scenarios:
• To our third party service providers (e.g., Mixpanel, Crashlytics, Braze, and Google Analytics) who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, IT services, email services, marketing services, auditing services, and other services, in order to enable them to provide services for us (one example is that we share email, profile name and age with a third party so that we can send personalized communications to users);
• ONDO may provide research institutions certain de-identified health data for research purposes to better predict and stop the spread of infectious disease (provided that we take reasonable steps to ensure such research institutions cannot personally identify the source of such health data);
• To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
• If you opt-in to receiving offers or communications from any of our third-party partners, we will share your name, email, and title (if applicable) with such third-party partner so they may provide you with such offers or communications. We will only share your information with the specific third-party partner(s) you have opted-in for. We may use this opt-in process with our FLUency school program, in which ONDO thermometers and software are provided free of charge to participants (which include parents, school nurses and teachers) in an effort to reduce illness levels in school communities. When you register as part of FLUency under this program you may be given an opportunity to receive certain offers and communications from the sponsoring organization helping us provide this program to the participants; or
• If you opt-in to participate in our school programs (FLUency or ONDO for Schools), we will share de-identified, aggregated symptom and diagnosis data with the school you have enrolled in and fellow school participants. In the event of limited program participation or limited symptoms or diagnoses reported, the aggregated data may only consist of the user’s de-identified data (example: 1 student has a fever today in the 4th grade at ONDO Elementary School). Users may opt-out of our school program at any time via the mobile app settings.
• If you opt-in to share IDENTIFIABLE health data with an organization, the data specified at opt-in (examples: temperature values) will be shared with the organization you have enrolled with. Users may verify and opt-out of sharing identifiable data with an organization at any time via the mobile app settings.
• When we otherwise have your consent.
In addition, we use and disclose personal information collected through the Services as we believe to be necessary or appropriate: (a) as required by applicable law, including laws outside your country of residence; (b) to comply with any legal process; (c) to enforce our Terms of Use; (d) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (e) to allow us to pursue available remedies at law.
How We Secure Your Information
ONDO is committed to protecting all data according to applicable laws, regulations and security best practices. We have put in place reasonable and current security methods, including physical, electronic, and managerial procedures designed to prevent misuse, unauthorized access, use, or disclosure of your information. However, ONDO cannot eliminate all security risks, as mistakes and breaches may happen. Please use the instructions provided below to contact us with any questions.
Your California Privacy Rights
California law permits California residents to request from us certain information regarding the disclosure of certain categories of personal information to third parties for their direct marketing purposes within the immediately preceding calendar year. A company may also comply with the law by disclosing in its privacy notice that it provides consumers choice (opt-out or opt-in) regarding sharing personal information with third parties for those third parties’ direct marketing purposes (as we do), and information on how to exercise that choice.
If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to us via the email address or the mailing address set forth below. Please put the statement “Your California Privacy Rights” in the subject field of your email or include it in your writing if you choose to write to us at the designated mailing address. You must include your name, street address, city, state, and zip code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
California Consumer Privacy Act (CCPA)
To the extent the California law is applicable to our collection of information that identifies or relates to you or your household, you as a user have the following rights:
• Right to know: Gives the user the right to request disclosure of information collected and shared, and the right to disclosure of categories of information sold by ONDO. Please use the contact information below for inquiries.
• Right to delete: As a user you have the right to delete your user profile and associate personal information (name, email). Please use the contact information below for inquiries.
• Right to opt-out: ONDO does not sell personal information (name, email) to third parties unless the user gives direct permission and consent. Please use the contact information below for inquiries.
• Right to nondiscrimination: ONDO does not use any technology to profile a user or make decisions based on automated detection and data analyzed. Please use the contact information below for inquiries.
Your Privacy and Our Global Operations
ONDO operates in multiple jurisdictions. We process data both inside and outside the United States and Europe and we may share your data among service providers based in countries other than your country of residence. Data entered in the ONDO Services may be transferred to, processed and stored in the United States.
Safeguards in place to ensure an adequate level of data protection.
Information collected within the European Economic Area and Switzerland (“EU”) may be transferred, processed, or stored outside the EU as described in this Privacy Policy. If we transfer, process, or store personal information from the EU to or in a country outside the EU, we ensure that safeguards are in place to ensure an adequate level of data protection. These safeguards may be based on a determination by the European Commission or Swiss Federal Data Protection and Information Commissioner that a country outside the EU has an adequate level of data protection, or on the use of model contract clauses approved by European Union or Swiss data protection authorities.
European Union Rights (GDPR)
This section applies only to our processing of personal data of EU country residents. It aims to provide increased transparency into our processing, retention, and transfer of EU resident personal data that is in line with the letter and spirit of the General Data Protection Regulation.
The controller for Personal Data covered under this section is ONDO Inc., 535 Mission St., 18th Floor, San Francisco, California, 94105, USA.
In the EU, “Personal Data” is defined very broadly and includes any information about a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. EU data protection law requires us to have a legal basis before processing any Personal Data about you.
Our lawful basis for processing personal data covered by this Policy will depend on the purposes of the processing. To the extent we process personal data because it is necessary to perform a contract with you, our legal basis for that processing is that it is necessary for the performance of a contract with you.
When we are required to share personal data with law enforcement agencies or other governmental bodies, or we otherwise process personal data to comply with our legal obligations, we do so on the legal basis that we are under a legal obligation to do so.
We use consent as our basis for processing to the extent required by applicable law, or as we otherwise deem appropriate, for example, before we collect information from you through our app or hardware.
We also process personal data on the lawful basis that it is necessary for ONDO’s legitimate business interests, which may include: providing, improving, and developing our products and services; communicating with and otherwise managing our relationship with you; enhancing the safety and security of our products, services, sites, employees, and others; and protecting ONDO and our business partners from wrongful conduct.
In accordance with applicable laws in the European Union, you have the following rights with respect to your personal data, which apply differently in different circumstances, and may be limited by local law: (i) right of access, (ii) right to correction, (iii) right to erasure, (iv) right to restriction of processing, (v) right to data portability, (vi) right to object to certain types of processing, and (vii) right to withdraw consent to certain types of processing. Most of these rights are not absolute. You may exercise these rights by submitting a request to us. Please note that we may ask for additional information to verify your request before responding to it.
Upon proper request, ONDO will remove all personal data as required, but under GDPR Article 17 (3) (c) and (d) we will be keeping the aggregated data. All users of the ONDO application have the right to update personal information and profiles within the application. ONDO does not sell any personal information with third parties unless the user gives explicit consent. Please use the contact information below for inquiries.
Your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected, including the United States. For example, we may store your data on a server in the United States because that is where a particular database is hosted; and that data may be “transferred” again for permitted processing. We perform such transfers using contractual protections that EU regulators have pre-approved to ensure your data is protected (known as model contract clauses).
While we hope that we can resolve any query or concern you raise about our use of your information, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
You may contact ONDO’s data protection officer regarding any issues related to processing of your personal information and to exercise your rights under applicable law regarding the processing of your personal information.
Contact Information:
ATTN: Data Protection Officer
ONDO Systems Inc.
303 Twin Dolphin Drive, Suite 600-6
Redwood City, CA 94065
legal@ondosystems.com
How We Use Cookies
A “cookie” is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree, this cookie file is stored on the hard drive of your computer. They help us and our affiliates to improve our Services and ensure that the content from our Services is presented in the most effective manner for you and your computer.
Devices have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Services.
The third parties who distribute or sell our Services may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click links from our Services or purchase and/or use our Services through other third party interfaces.
Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. The only way to completely opt out of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or device to delete and disable cookies and other tracking/recording tools. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.
We permit third-party partners to use the foregoing tracking technologies to collect information about your browsing activities over time and across different websites when you use the Services. For example, we may use advertising services provided by third-party ad partners, such as Google, to market our service to you on other websites and online services. Through a process called “retargeting,” each service places a cookie on your browser when you visit the Services so that they can identify you and serve you ads on other sites around the web based on your browsing activity. We use third party analytics packages like Google Analytics and in some cases we share personal information with these services. We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our Services. To avoid use of this information for these third-party partners, you can change your browser settings to reject cookies or to notify you when cookies are set and you could select the Do Not Track option on your browser, though we have no control over and cannot confirm whether these third-party partners honor the Do Not Track browser signal. Additionally, many advertising companies are members of the NAI or DAA and/or provide opt outs on those industry pages at networkadvertising.org/choices or aboutads.info/choices. Users can set preferences for how Google and other third party advertisements using the Google Ad Settings page.
Links to Third Party Sites
Our Services may contain links to third party websites or services, hosted and operated by a company other than ONDO. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. ONDO does not disclose or share personal information with third-party sites without your consent. If you disclose any information to a third-party after following a link to their services, this Privacy Policy no longer applies.
Compliance
ONDO will use a self-assessment approach to verify compliance with this Privacy Policy and periodically verify that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented, and accessible. If you believe that your personal information has been processed or disclosed in violation of this Privacy Policy, ONDO encourages you to raise any concerns using the contact information provided in this Privacy Policy. ONDO will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information.
Your Preferences
Our mobile applications may ask you to share your location information with ONDO. Note that this is the location reported from your phone’s operating system and typically utilizes your phone’s GPS system. You may opt out of sharing your phone’s location services by changing the settings on your phone.
If you do not want to receive communications from ONDO, you may opt out of further communications at any time. Please note that ONDO can only comply with requests relating to communications provided by ONDO. We will seek to comply with your request(s) as soon as reasonably practicable.
If applicable, and you would like to review, correct, update, or delete certain personal information that you have provided via the Services, please contact us. We will seek to comply with your request as soon as reasonably practicable.
Minors
Our Services are designed and intended to be used by those who have reached 16 years of age. By using our Services, you affirm that you are at least 16 years of age or older. No one under age 16 is authorized to submit or post any information, including personal information, on our Services. Parents or guardians may use the Applications on behalf of their child and in doing so share their child’s personal information with the ONDO system, but a child under the age of 16 may not use the Services themselves. For clarity, consent must be given or authorized by the holder of parental responsibility over the child before providing personal information of a child below the age of 16 years.
Updates to Our Policy
We reserve the right to change, add, modify or remove portions of our Privacy Policy at any time. Any changes to our Privacy Policy will become effective immediately and communicated through our Services via the last updated date set forth above. Please continue to check our Privacy Policy from time to time to learn about any changes to our privacy practices. Information collected before changes are made will be secured according to the previous Privacy Policy.