Privacy Policy

SUMMA, INC.

Mobile App Privacy Policy

Last Revised: December 1st, 2019

Summa, Inc (“Summa”, “Company”, “we” or “us”) respects the privacy of the users (“User(s)” or “you”) of its mobile application used by our customers which include universities, hospitals, laboratories, and other research institutions conducting research studies (each a “Researcher”) to collect, access, and manage health related data and other information from participants’ mobile and wearable devices (the “App”), and any additional functionalities and services related thereto (collectively, the “Services”, as further detailed in the Terms of Use available at www.WeAreSumma.com/Terms (“Terms”)). We are committed to protect the information you submit through our App and Services. We believe that you have a right to know our practices regarding the information we may collect and use when you use our App and/or Services.

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in the Terms of Use into which this Privacy Policy is incorporated.

  1. Your Consent

BY (A) INSTALLING AND/OR DOWNLOADING THE APP ON YOUR MOBILE DEVICE, (B) ENTERING INTO, CONNECTING TO, ACTIVATING, USING AND/OR ACCESSING THE APP AND/OR THE SERVICES, AND/OR (C) CLICKING THE “I AGREE” BUTTON WHEN SETTING YOUR PASSWORD FOR THE APP, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE POSSIBLE COLLECTION AND PROCESSING, MONITORING, STORING AND SHARING OF THE INFORMATION SPECIFIED HEREIN. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES AND DO NOT INSTALL THE APP, DO NOT CONNECT TO, ACCESS, OR USE THE APP, AND PROMPTLY ERASE THE APP FROM YOUR MOBILE DEVICE.

  1. Which information we may collect on our Users?

We collect two types of data and information from our Users:

  1. The first type of information is un-identified and anonymous information (“Non-Personal Information”). We are not aware of the identity of the User from whom we have collected the Non-Personal Information. Non-Personal Information is any unconcealed information which does not enable identification of an individual User, and which is available to us when such User installs the App and when he/she uses the App. Non-personal Information which is being gathered consists of technical information, behavioral information and aggregated information, and may contain, among other things, browser type, the type of the User’s mobile device and its operating system and version, device language, device storage, screen resolution and other modes (e.g. vibration mode, camera, Bluetooth), User’s ‘click-stream’ in the App, time spent on various screens of the App, date and time stamps, Internet connectivity, etc.
  2. The second type of information is individually identifiable information, namely information that identifies, or may with reasonable effort identify an individual, or may be of a private and/or sensitive nature (“Personal Information”) including, but not limited to:
    • Users of the App automatically provide access to the following information, services and resources on your mobile device: their mobile device ID, phone state and identity, carrier information, phone number, location and Bluetooth connection, data from other apps, photo and video libraries, camera, microphone, and internet and data services.
    • Your name, your home address, cell phone number, email address, and demographic information. This information is stored on our servers. 
    • We note that the App requests access to the User’s image and video capture, camera function, photos, ambient light sensors in order to enable the User to take images using the App, and for the Company to access such images.
    • We note that the App may require as part of certain surveys access to your GPS, and other location identification data.
    • We note that the App requests access to Medical history and information, such as your height/weight, prior medical diagnosis and testing (e.g., diagnosis of an irregular heart rhythm), current and previous use of certain medications (e.g., blood thinning medications), certain family history (e.g., history of atrial fibrillation) and health habits (e.g., smoking). This information may be collected through in-app surveys or other health surveys that you may be asked to complete.
    • We note that the App requests access to Biometric and other sensor information, such as heart rate and beat to beat calculations, pedometer, altitude and movement sensors.

 

For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.

We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of the Terms and this Privacy Policy.

  1. How Do We Collect Information on Our Users?

There are a few methods that we use:

  1. We collect information through your installation and use of the App. In other words, when you are using the App we are aware of it and may gather, collect and store the information relating to such usage, either independently or through the help of our authorized third-party service providers as detailed below. Non-personal Information is collected from your mobile device automatically through your use of the App once your mobile device is on.
  2. We collect information which you provide us voluntarily. We collect Personal Information when you, at your discretion, decide to provide us (e.g. your name, email and phone number). We may gather, collect and store the Personal Information either independently or through the help of our authorized third-party service providers as detailed in Section 9 below.

 

  1. What are the Purposes of the Collection of Information?

We collect Non-Personal Information and Personal Information in order to provide the Services.

We collect Non-Personal Information in order to:

  • Provide the Services
  • Use it for statistical and research purposes and for customization and improvement of the App and our Services.
  • Improve our metrics and the quality of the Services and gather statistics for commercial purposes and in order to enhance the User’s experience.
  • Engage with third parties for commercial or research purposes.

We collect Personal Information in order to:

  • Provide the Services
  • Allow you to export it to your, your organization’s or third parties’ systems for your own purposes.
  • Verify the User’s identity when he/she signs in to the Services.
  • Be able to reply to the User’s support requests or other question concerning the Services.
  • Determine geo-location information from which the User’s mobile device or computer is connected to the Internet in order to render the Services, for statistical purposes as well as in order to safeguard our Services.
  1. Sharing Information with Third Parties

We may share Personal Information only in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy, the Terms of Use, including investigation of potential violations thereof or dishonest or fraudulent activities; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to respond to User’s support requests; (e) to respond to claims of violations of any right of a third-party through the App and Services; (f) to protect the rights, property or personal safety of Summa, its users, Researchers or the general public; (g) when Summa is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of Summa (in which event your Personal Information may be transferred to a third party located in a country that does not have the same data protection laws as your jurisdiction, upon your prior approval); (h) to collect, hold and/or manage the Personal and Non-Personal Information collected within the App through our authorized third party service providers, with appropriate agreements and safeguards in place to maintain HIPAA compliance, as reasonable for business purposes (which may be located in a country that does not have the same data protection laws as your jurisdiction upon your prior approval); (i) to cooperate with third parties for the purpose of enhancing the User’s App experience; and/or (j) pursuant to your explicit approval prior to the disclosure.

For avoidance of doubt, Summa may transfer and disclose Non-Personal Information to third parties at its sole discretion and without restriction. 

  1. Security

We take industry accepted standards to maintain the security and integrity of our App through a quarterly software release cycle and regular security reviews, so that we may protect our User’s information and our User’s Employers’ information, and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.

The information which is gathered from the App is sent to our servers over a secure channel using HTTPS protocols. We also limit access of third parties to the Services by requiring the use of a password and by determining different access levels to Users.

If we learn of a security breach, then we will notify you electronically so that you can take appropriate protective steps as well as post a notice on the App.

Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur. WE WILL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION. 

  1. Your Compliance with Privacy and Health-Related-Information Laws

   YOU MUST COMPLY WITH ALL APPLICABLE PRIVACY LAWS AND REGULATIONS. YOU MUST REFRAIN FROM UPLOADING OR SUBMITTING PERSONAL MEDICAL DATA WHICH MIGHT BE CONSIDERED AS PROTECTED HEALTH INFORMATION UNLESS YOU HAVE OBTAINED THE NECESSARY AUTHORIZATIONS AND CONSENTS TO ALLOW SUCH UPLOADING OR SUBMISSION. OBTAINING THE APPROPRIATE AUTHORIZATION AND CONSENT IS IN YOUR SOLE RESPONSIBILITY. BY UPLOADING OR SUBMITTING INFORMATION, YOU REPRESENT AND WARRANT THAT YOU CAN UPLOAD OR SUBMIT SUCH INFORMATION IN FULL COMPLIANCE WITH ANY APPLICABLE PRIVACY LAWS AND REGULATIONS. WE WILL NOT ASSUME ANY LIABILITY IN THIS RESPECT.

  1. Deletion or Modification of Personal Information

If for any reason you wish to update or modify the Personal Information, close your Account or delete the Personal Information included therein, you may do so using the Settings of the Account or by sending us an e-mail request to Info@WeAreSumma.com and we will make reasonable efforts to do so pursuant to any applicable privacy laws.

We may retain and use your Personal Information for a reasonable time after termination as necessary to comply with our legal or business requirements or obligations (including as required by applicable law), to resolve disputes and/or to enforce our Terms of Use, all as permitted under any applicable privacy laws. Aggregated and/or anonymous data derived from your Account may remain on our servers indefinitely. Summa cannot ensure that third parties to which you chose to transfer Personal Information deleted it and cannot monitor their use of such information.

Cancelling your Account may cause an inability to access your Account and/or the loss of certain information (including, without limitation any Personal Information). We do not and will not accept any liability for information loss. It is in your sole responsibility and liability to document your information as required by law (including without limitation, under applicable privacy and/or health-related-information-law or regulation).

  1. Third Party Software/Service

In order to provide you with the Services via the App, we may use third party service providers who may collect, store and/or process the information detailed herein, such as Validic, Inc., whose privacy policy can be found at https://validic.com/privacy-policy/. If Protected Health Information (PHI) is transmitted to any third-party provider, Summa will sign an agreement with such third-party service provider, to comply with HIPAA and HITECH. In those cases in which PHI is not transmitted, Summa uses commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, retention, processing and use of Non-Personal and Personal Information. We do not control such third-party service providers. Please read their terms of use and privacy policies to better understand their privacy practices.

  1. International Data Transfer

We may transfer information collected about you, including Personal Information, to affiliated entities, or to other third-party service provides (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that we may transfer such information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to such transfer of information.

  1. Cookies & Local Storage

When you access or use the App, we and/or our third party service providers may use industry-wide technologies such as “cookies” and local storage (or other similar technologies), which store certain local information on your device (e.g. geo-location information, camera mode and Internet connectivity) (“Local Storage”) which may enable, inter alia, automatic activation of certain features and make the User’s App experience and usage simpler, more relevant, convenient and effortless. Such information is locally stored in the User’s mobile device. Summa and/or our authorized third-party service providers may access such information. Summa and/or our authorized third-party service providers may use both session cookies (which expire once you exit the App) and persistent cookies (which stay on the User’s mobile device until he/she deletes them) for the purpose of confirming the user’s validity and for analytic purposes. Such Local Storage used by the App may store Non-Personal information (such as the different pages viewed by a User within the App or Internet connectivity) as well as geo-location data, which will be collected in accordance with the terms specified herein. In order to erase or disable the Local Storage option you may use the settings option of your browser or device or according to the specific instructions provided by the third-party service provider’s privacy policy and terms of use. However, if you block or erase cookies, or change the settings of your device or browser, your App experience may be affected and may be limited.  

  1. Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the App and the Services and any information collected therein. Summa may change the terms of this Privacy Policy at any time and at its sole discretion, you should re-visit this page frequently to review the Privacy Policy and any changes thereto. In case of any material changes, we will post a notice on the App and send you an e-mail (to the extent that you provided us with such e-mail address) regarding such change. Such material changes will take effect seven (7) days after such notice was provided on our App or sent via e-mail, whichever is earlier. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the App and/or the Services on or after the Last Revised date will constitute your acceptance of, and agreement to be bound by, those changes. In the event that the Privacy Policy should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice. If you object to any such change, you will have a right to terminate the Terms in accordance with the provisions of Section 11 thereof.

  1. Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are most welcome to send us an e-mail to the following address, and we will make an effort to reply within a reasonable timeframe: Info@WeAreSumma.com.