Last Revision: 08/23/2024

Privacy Policy

This privacy policy (“Privacy Policy”) describes how Data (defined below) and/or medical information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully ⚠️.

Introduction

We at Sunrise United States, Inc. (“Us” or “We” or “Our” or “Company”) value your privacy and are committed to keeping your personal data confidential. We use your data solely in the context of providing a telehealth platform (the “Platform”),  associated connected equipment and devices (the “Products”), and Website (the “Site(s)”) (collectively, the Platform, the Site(s), and the Products including all relevant content and functionality associated, are collectively referred to as the “Services”) through which you can access Company’s affiliated network of sleep medicine specialists. As part of the Services, we may collect and process personally identifiable information, including Protected Health Information (as this term is defined under the Health Insurance Portability and Accountability Act (“HIPAA”).

This Privacy Policy describes what personal data we collect, how and why we collect it, how we protect it, and your rights as a data subject.

Definitions

In this Privacy Policy, terms and expressions beginning with a capital letter have the meaning given to them below or elsewhere in this Privacy Policy:

👉 Account: The account opened by a User for the purpose of using the Services.

👉 Connected Equipment: Any Product connected to the internet network, mobile application, website, or web application allowing to carry out Data Processing.

👉 Data: Data collected from Users, including, but not limited to, any personally identifiable information and Protected Health Information. Data may include first and last name, physical address, e-mail address, telephone number, Social Security Number, or any other identifier that permits the physical or online contact of that User.

👉 Data Processing: Any operation or set of operations relating to Data, such as collection, storage, or use.

👉 Protected Health Information: This term has the meaning set forth in the Health Insurance Portability and Accountability Act and its implementing regulations.

👉 Partners: Company’s business contacts, customers, providers, and suppliers.

👉 Product(s): All medical equipment and devices, accessories, and software made available by the Company.

👉 Services: This term refers collectively to the Platform, the Site(s), and the Products, including all relevant content and functionality associated with.

👉 Site(s): Any website published and/or hosted by or on behalf of the Company.

👉 User: Any person of legal age accessing the Services.

Privacy notice applicability

This Privacy Policy applies to Data that the Company collects from Users of the Services, Connected Equipment, and Sites. Please note that the term “Data”, as described above, includes any information that can be used on its own or with other information in combination to identify or contact one of our Users. Some of the Data we collect and transmit may be considered “health data” (i.e., data related to your physical or mental health), “Protected Health Information” or “PHI” (i.e., information that relates to your past, present, or future physical or mental health or condition(s); the provision of health care to you; or the past, present, or future payment for the provision of health care to you), and/or medical records as defined by state law.

We believe that privacy and transparency about the use of your Data are of utmost importance. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”) and relevant state laws related to the use and disclosure of medical records, where applicable. Additionally, in this Privacy Policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your Data. This Privacy Policy explains what kind of information we collect, when and how we might use your Data, how we protect your Data, and your rights regarding your Data.

For additional information related to how we use and disclose your Data, please contact our Data Privacy Officer at hello@dreamhealth.com.

Please note that this Privacy Policy does not address the use of cookies and other tracking files. These elements are described in the cookie management policy accessible on any Company Sites or on the Platform.

Note regarding third-party sites: Our Services and Sites may contain links to other sites that are not operated by the Company. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy(ies) of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to your use of or access to any third-party sites or services.

Agreement To Privacy Notice Terms

By accessing and/or using the services and sites, you are acknowledging that you have read and agree to the terms of this privacy notice ⚠️. If you do not agree, you must immediately cease using the services and sites.

Rejection by you of the current Privacy Policy or any new version of the Privacy Policy will preclude you from using Our Services, and will result in the deletion of your Data, except where it is prohibited by law or regulation.

Your withdrawal of consent or your objection to the processing of your Data that is necessary for the performance of Our Services, will result in the termination of Data, and subsequently, will result in the termination of your ability to use Our Services. The termination of Our Services will result in the return of Our Products and/or the cessation of the use of the Products, including the cessation of use of Our mobile applications, Platform and Sites.

Pursuant to applicable law, any Processing of Data carried out prior to your objection or withdrawal of consent to such Data Processing, remains lawful. Data that has been collected and processed prior to your objection or withdrawal of consent will be retained for a specific and specified period of time. In addition to the right to object or withdraw consent, you may exercise your rights with respect to the Data processed prior to such objection or withdrawal of consent, as described above.

Legal basis for data processing

We process your Data based on legitimate business interests, the fulfillment of Our Services to you, compliance with Our legal obligations, and/or your consent. We only use or disclose your Data when it is legally mandated or where it is necessary to fulfill those purposes described in this Privacy Policy. Where required by law, We will ask for your prior consent before disclosing your Data to a third party. Our legal bases for processing your Data depend on the particular processing purposes, and include, but are not limited to, the following:

  • Contract: When We process Data for the purpose of providing you with access to our Services, we process data on the basis of a contract between you and Us, which is formed at the time of Account creation and acceptance of the Terms of Use.

  • Consent: Where required by law, We will ask for your prior consent before processing or disclosing your Personal Health Information.

  • Legitimate Interest: We may process Data on the basis of its legitimate business interests for the purposes of marketing Services a, providing customer service, and/or improving Services .

  • Legal Obligation: We must process certain Data to comply with legal obligations, which may vary in each country.

Purposes of data processing

If we provide you with Product, we will, with your consent, carry out the following Data Processing functions:

  • The collection and remote processing by electronic transmission of your Data relating to the use of the Product, and

  • Electronic transmission of usage data to your healthcare provider, if requested and if the Product allows for such transmission.

In addition, we may process your Data for the following legitimate business purposes in compliance with applicable law:

  • To provide Services and/or Products;

  • To fulfill our obligations to you under the Terms of Use;

  • To communicate with you about and manage your Account;

  • To properly store and track your data within our system;

  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;

  • To protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages;

  • To handle technical support and other requests from you;

  • To enforce and ensure your compliance with our Terms of Use or the terms of any other applicable services agreement we have with you;

  • To manage and improve our operations and the Platform and Sites, including the development of additional functionality;

  • To manage payment processing;

  • To evaluate the quality of service you receive, identify usage trends, and improve your user experience;

  • To keep our Platform and Sites safe and secure;

  • To send you information about changes to our terms, conditions, and policies;

  • To allow us to pursue available remedies or limit the damages that we may sustain;

  • To enable you to connect with or share Data with your healthcare provider, which enables that healthcare provider to monitor your progress and overall condition as he/she deems appropriate;

  • To conduct surveys relating to Our activities and the Services provided; and

  • To carry out research, study, or evaluation programs that respect your privacy, after all the conditions required by the applicable regulations have been met. This may include: (i) research, study, or evaluation programs of our activities, practices, or materials provided as part of the Services; and (ii) the development, coordination, and/or improvement of our activities, including the materials and tools used in the course of our activities, such as computer tools and/or algorithms.

In addition, for the purpose of continuous improvement of the quality and content of our services, We analyze aggregated statistics in such a way as to guarantee the anonymity and respect of the privacy of our Users.

Collected and processed data

To enable the use of the Services, Products, and/or Sites, the collection and processing of Your Data by the Company is necessary.

We collect five types of information from our Users: (I) demographic data; (II) medical data; (III)support data; (IV) technology data; and (5) economic data. Each category of data is explained in depth below.

1️⃣ Demographic Data: We collect demographic data from Users, which may include, but not be limited to, your name, birth year, gender, height, weight, phone number, and e-mail address. The collection of this demographic data is primarily used to create your Account, which you can use to securely receive the Services.

2️⃣ Medical Data: In addition to demographic information, We may collect information regarding your health conditions, including, but not limited to, images, age, gender, weight, height, medical history, symptoms, and communications between you and your healthcare provider who is providing services to you via the Platform. We collect this information to provide you with the Services and to provide your health care provider with the information required to provide medical treatment through the Platform. As part of our Services, We may also collect sleep and other data that you provide through Products.

3️⃣ Support Data: If you contact Us for support or to lodge a complaint, We may collect technical or other information from you through log files and other technologies, some of which may qualify as Data (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Platform and related Services in accordance with this Privacy Policy. Calls with Us may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

4️⃣ Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Data from your computer or mobile device as you navigate our Platform or interact with emails or other communications we have sent you. The information we collect may include your IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Services, and ensure the proper functioning and security of the Platform and Services.

5️⃣ Economic Data: We may collect economic and financial data, including payment data and purchase data, if you elect to purchase a Service or Product through Us.

We may collect this Data directly from you, indirectly on Our Sites, or by Our Partners. Further, this Data may be transmitted via telephone calls, telecommunication services (e.g., via the Internet), or through the automatic remote electronic transmission capabilities of the Products.

In certain instances, We may require you to provide specific Data before accessing a Service or Site. When this occurs, the required Data will be indicated by an asterisk. You will then need to provide this required Data to continue the use of the Services. If you do not wish to provide the required Data, you can stop using the Services.

Data accuracy

The proper use of the Products  that We provide to you (if applicable) is essential to ensure that the Data collected is accurate. The integrity of the Data and its accuracy is ensured only in the absence of intervention by someone other than our staff or our authorized Partner’s staff.

We maintain reasonable technical controls to ensure the confidentiality, accuracy, durability, and integrity of the Data placed under our responsibility.

Data storage and transfers

Your Data are stored in the United States of America. Your Data may be transferred to and stored in other locations such as the European Economic Area. These locations may be maintained by Us, or Our service providers, or Our Partners. The purpose of the transfer and storage of data in other locations includes, among other things, the provision of support services. By submitting your Data, you consent to such transfer and storage.

Your rights in regard to the data Dreem Health collects

Depending on the legal basis of collection, the location of the collection, and the purpose of the collection, You may have different rights with respect to your Data. These rights may include:

👉 Right of access and correction: You may request access to your Data and, if you believe such data is inaccurate, you may request correction of that Data.

👉  Right to withdraw consent: You may at any time withdraw your consent to the processing of Data concerning you. Any withdrawal of consent will only be valid for the future and will not apply to previously collected or used Data.

👉  Right to object: You may object to the processing of your Data, provided that you give a legitimate reason. A legitimate reason is not necessary if you object to the processing of your Data for a commercial purpose.

👉  Right to be forgotten: You have the right to have your Data erased after a certain period of time.

👉  Right to limitation of processing: You may request that your Data be subject to limited processing in certain circumstances.

👉  Right to portability: You may request (i) a copy of the Data you have provided to Us, or (ii) that We transfer your Data to another entity.

Data security

Transmission of Data over the Internet is never 100% secure or error-free. However, We take reasonable and appropriate measures to protect your Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. The measures include, but are not limited to, implementation of technical, organizational, and physical controls to safeguard Data.

However, it is your responsibility to safeguard your Account credentials (passwords and User IDs) and to notify Us if you ever suspect that your credentials for Our Services have been compromised. You are solely responsible for any unauthorized use of Our Services conducted via your credentials. We shall not be liable for unauthorized access if it's the User’s fault.

We agree to notify You within the legally required timeframe upon becoming aware of any unauthorized access to your Data that is maintained by Us or one of Our Partners, for fulfillment of Our Services. Notification of any such Data breach is a legal obligation and shall not be construed as an admission of any liability on Our part for its occurrence or operation.

You acknowledge and agree that Our security obligations are limited to the scope of Our Services.

Disclosure of data

We do not share, sell, or otherwise disclose your Data for purposes other than those outlined in this Privacy Policy. We may use or disclose aggregated or pseudo-anonymized information about Users, and information that does not identify any individual, without restriction.

We may disclose Data that is collected from, or provided by, you as described in this Privacy Policy. In particular, we may share your Data with the following categories of individuals/entities:

1️⃣ Business Partners and Vendors: We share Data with a limited number of Partners, service providers, and other persons/entities who help run our business (collectively, “Business Partners”). Specifically, We may employ third-party companies and individuals to facilitate our Services, provide Services on Our behalf, perform Service-related functions, or assist us in analyzing how Our Services are used. Our Business Partners are contractually bound to protect your Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer services, and payment processing. Additionally, We share Data with our contractors, service providers, and other third parties that help support our Products.

2️⃣ Our Advisors: We may share your Data with third parties that provide Us advisory services , including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Data will only be shared with Advisors if We have a legitimate business interest in the sharing of such data.

3️⃣ Provider Users: To use the Services, Users will be affiliated with one or more healthcare providers. As part of the Services, We will share your Data with your assigned healthcare provider. If at any point you want to deny access to one or more healthcare providers, you can do so by emailing privacy@dreemhealth.com.

4️⃣ Third Parties Upon Your Direction or Consent: You may direct Us to share your Data with third parties. Upon your request and consent, we may share such Data with those third parties that you identify.

5️⃣ Third Parties Pursuant to Business Transfers: In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Company’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may share your Data with a third party.

6️⃣ Government and Law Enforcement Authorities: If reasonable and necessary, we may share your Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Use; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of the Company or any third party, including other users of our Services.

Retention period

We will not retain Data beyond a reasonable period of time and will only retain it for as long as we have a legal basis to do so. When we no longer have a legitimate ongoing business need or contractual/legal obligation to retain your Data, we will delete or anonymize it or, if this is not possible (for example, because your Data has been stored in a backup archive), then we will store your Data and secure it using the same, or materially similar safeguards, and isolate it from further processing until deletion is possible.

The exact data retention period varies according to the nature of the Data and the processing involved.

What happens to personal data submitted by minors?

We do not knowingly collect Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request that these individuals not provide Data to us. If we learn that Data from users under the age of 18 has been collected, we will deactivate the Account associated with that data and take reasonable measures to promptly delete such data from our records. If you are aware of a user under the age of 18 accessing the Services or Platform, please contact us at hello@dreemhealth.com.

If you are a resident of California under the age of 18 and have registered for an Account with us, you may ask us to remove content or information that you have posted to our Platform.

Update, correct, or delete data

You have the right to request restrictions on uses and disclosures of your Data. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate.

Except for your email address and your insurance details, You may change or correct information directly in Your Account. If you need to make changes or corrections to other information, you may contact us at  privacy@dreemhealth.com. In order to comply with certain requests to limit use of your Data, we may need to terminate your ability to access and/or use some or all of the Services. By requesting to limit use of your personal data or delete personal data, You acknowledge and agree that We will not be liable to You for any corresponding limitation in the scope of services or termination of services as necessary to comply with your request.  

You have the right to request deletion of any Data directly from your Account. You may also send us a deletion request  of your Data to privacy@dreemhealth.com and include your login email address and a description of the Data you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.

You understand that it may not be technologically possible to remove all of your Data from our systems. While we will use reasonable efforts to remove your Data, the need to back up our systems to protect information from inadvertent loss means a copy of your Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

Changes to this privacy policy

Please note that we occasionally update this Privacy Policy, and it is your responsibility to stay up to date with any amended versions. Any revisions to this Privacy Policy will be posted on the applicable Company Site and the applicable Platform. Any changes to this Privacy Policy will be effective immediately upon publication and will apply to all Data that we maintain, use, and disclose. If you continue to use the Services and Sites following such notice, you are agreeing to those changes.

Account deletion

If at any point you no longer agree to the use and disclosure of Data, as described in this Privacy Policy, you can delete your User Account either directly via your Account or by sending a deletion request to  privacy@dreemhealth.com with the following information:

  • Your login email address; and

  • A statement that you are requesting account deletion.

By terminating your Account, you agree that you will not be able to access any information previously contained in your Account.

Questions Or Concerns

If you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us at privacy@dreemhealth.com. We appreciate your feedback.