Last Updated: July 1, 2021
This Privacy Policy (“Policy”) describes how QT Medical, Inc. (“we” or “our” or “QT Medical”) treats personal information. It applies to information we collect on our Website and App where it is posted. Please read this Policy to learn about what we do and your choices. By interacting with us, you consent to our privacy practices. We value the privacy of our users and visitors and make it a priority to protect any personally identifiable information that we collect, use, or disclose. This Policy is incorporated into and is subject to our Terms of Use.
QT Medical provides electrocardiogram (ECG) data acquisition, cloud storage and diagnostics services (the “Services”) through our website portal and mobile application. By using the Services, you consent to our collection and use of your Protected Health Information (as defined under the Health Information Portability and Accountability Act of 1996 and its implementing regulations, “HIPAA”) and certain Personal Information as described in this Policy. Except as set forth in this Policy, your Protected Health Information (“PHI”) and/or Personal Information (“PI”) will not be used for any other purpose without your consent. We acknowledge that in certain cases, we may be a Business Associate under HIPAA and will not use or disclose PHI collected through your use of the Services for any purpose that, where applicable, would violate HIPAA. We also do not actively collect PI for the purpose of sale of such information in a way that specifically identifies you as an individual (i.e., we do not sell customer lists).
Our Services are intended for individuals located within the United States. We do not knowingly collect any information from an individual located within the European Union (“EU”) or market to individuals residing in the EU. By accessing the Services from the EU or other regions of the world with laws governing data collection and use that may differ from U.S. laws, you are consenting to the transfer of your personally identifiable information outside of those regions to the United States and acknowledge that you may not have the same protections.
We collect information that you provide. We collect user-provided information. When you register for an account to use our Services or at any later time, you may provide certain personally identifiable and financial information such as: your name; password; age; gender; physician information, including the name of your primary care physician, cardiologist or prescribing physician and your physician’s order or prescription for you to receive our Services; email address; postal mailing address; zip code; credit or debit card number and expiration date; billing address, and home/mobile telephone number. We also collect health data about you through the use of our ECG monitoring device.
Automatically collected information. When you visit our Website, whether or not you register for an account, QT Medical may send one or more cookies to your computer. Cookies remember information about your activities on a website. Please review your web browser "Help" file to learn the proper way to modify your cookie settings. However, if you remove cookies, you may not have access to certain services or features available on the Website. Third party content displayed in connection with the Services may also contain cookies set by such third party. QT Medical does not control these cookies and you should check the privacy policy of such third party to see whether and how it uses cookies. We will not use cookies to store your PI.
We collect device and mobile information. We collect device identifiers. We may also collect information about your location. QT Medical's servers may also automatically record certain information from your browser such as your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, click stream data, operating system, and the dates and times that you visit our Website. This information is collected SOLELY for us to provide Services.
Data, Diagnostic & Login Information. You may be able to create, upload, publish, transmit, distribute, display, store, submit or share information, data, text, graphics, messages or other materials using our Services (collectively, “Data”), which may be stored and maintained on our servers.
We may collect information about you from your healthcare providers. As part of the Services and our provision of healthcare, we may collect information about you from your treatment providers. We will collect only the information necessary to provide the Services and will safeguard such information in accordance with the terms of this Policy.
We collect information directly from you. We collect information when you register for an account or use the Services. We collect information if you contact us through our Website or App.
We collect information about you passively. We use tracking tools like browser cookies, web beacons, and pixels. We do this on our Website and in emails we send to you. We collect information about users over time when they use our Website and Services. This includes usage and browser information. We may have third parties collect Non-PHI this way.
We use information to respond to your requests or questions. We use your information to respond to your questions. This includes questions about our Services or your relationship with us.
Health Information. We use your information for the provision, coordination or management of your health care, including consultations between health care providers relating to your care and referrals for health care from one health care provider to another, including but not limited to doctors, nurses, technicians, health students, volunteers, or other personnel involved. For example, copies of your ECG monitoring reports may be shared with your primary care physician or other treating practitioner pursuant to your request or otherwise as required by law.
Payment Information. We use financial information to manage your account, to provide the Services, and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use billing information except for the sole purpose of credit card processing on our behalf.
We use information to improve our products and services. We use your information to improve our Website and App. We use your information to customize your experience with us. We also use your information to serve you specific content that is most relevant to you.
We use cookies. We may use "cookies" information to: (a) remember some of your information so that you will not have to re-enter it during your visit or the next time you visit the Website; and (b) monitor aggregate information such as total number of visitors and the Website viewed.
We use information to communicate with you for notice and other transactional purposes. We might also contact you about this Privacy Policy or our Terms of Service. We may also disclose your PI or PHI in connection with a merger, acquisition, corporate re-organization, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Policy by the entity acquiring the information.
We use information for security purposes. We use your information to protect our company and our users. We also use your information to protect our Website and App. We may use your information to prevent, discover, and investigate violations of this Policy or Terms of Service.
De-Identified Information. We use aggregated, de-identified information to support our administrative, management or other business purposes. We may also use your information in a de-identified, anonymous way in conjunction with an analytics service to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, to offer new or additional service lines and features, and to monetize business intelligence. We use de-identified information for commercial purposes for which we receive compensation from third parties.
According to Section 164.514(a) of the HIPAA Privacy Rule, we follow the standard for de-identification of PHI with the removal of 18 types of identifiers in 164.514(b)(2)(i):
(A) Names.
(B) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:
(1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people, and
(2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
(C) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
(D) Telephone numbers.
(E) Fax numbers.
(F) Electronic mail addresses.
(G) Social security numbers.
(H) Medical record numbers.
(I)Health plan beneficiary numbers.
(J) Account numbers.
(K) Certificate/license numbers.
(L) Vehicle identifiers and serial numbers, including license plate numbers.
(M) Device identifiers and serial numbers.
(N) Web Universal Resource Locators (URLs).
(O) Internet Protocol (IP) address numbers.
(P) Biometric identifiers, including finger and voice prints.
(Q) Full face photographic images and any comparable images, and
(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section;
Retention. We will keep your PI and PHI for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, or account recovery. All retained PI and PHI will remain subject to the terms of this Policy.
We combine information collected offline with that we collect online. We combine information that we have collected from your healthcare providers and across other third-party sites. We combine information collected across devices, such as computers and mobile devices. We also combine information we get from third parties with information we already have.
We share information with our business partners. We may share your information with companies that provide services to us, including outside contractors or agents who help us manage our information activities, but they may only use your information to provide us with a specific service and not for any other purpose. These third parties enter into agreements with us to protect your information.
Healthcare Providers. When you access the Services through a health care provider and permit access to such healthcare provider, the provider may access and use the information you submit through the Services so they can provide health-related services to you. We may sign agreements with such health care providers to help protect the privacy and security of your information. We may share your information with other healthcare providers who have a treatment relationship with you for treatment purposes.
We share non-personally identifiable information. We may de-identify information about you or aggregate it with other information from other users in a manner that cannot be used to identify you and share that information with other parties.
We will share information if we think we have to in order to comply with the law or to protect you or ourselves. We will share information to respond to a court order or subpoena. This includes but does not limit to sharing of your information for public health activities (e.g., to prevent or control disease, injury or disease), law enforcement reasons, coroners and medical examiners, national security and intelligence activities, lawsuits and disputes, inmate health reasons, or serious security threats. Note that genetic information, HIV-related information, and alcohol and/or substance abuse records, mental health records, and other specific health information may enjoy special confidentiality protections under applicable state and federal law. Any disclosures we make for this information will be in accordance with applicable laws. We will also share information if a government agency or investigatory body requests it. This includes U.S. and non-U.S. law enforcement or regulatory authorities. We may also share information when permitted by law to protect us, the Services, and our Website.
We may share information with a successor to all or part of our business, as permitted by law. If part of our business is sold, we may include user information as part of that transaction. Where legally required, we will give you prior notice and if you have the legal right to do so, allow you to object.
At your direction. You may be able to share PI and PHI with third parties through use of the Services. The privacy policy of third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.
We may share information for other reasons we may describe to you.
Restrictions on personal information. You may decline to enter any or all of your personally identifiable information, in which case we may not be able to provide to you some of the features and functionality of the Services. If you register for an account for Services, you may update, or correct, your account information and preferences at any time by going to your account settings page. To protect your privacy and security, we take reasonable steps to verify your identity before granting you access to your account or making corrections to your information. However, you are SOLELY responsible for maintaining the secrecy of your unique account and password information at all times. Most browsers are initially set up to accept cookies, but you can choose to configure your browser to refuse all cookies or to indicate when a cookie is being sent.
You can opt out of certain marketing. To stop receiving our marketing communications please email us at privacy@qtmedical.com or follow the instructions in any message you get from us. Nevertheless, if you opt out of marketing emails, you may continue to receive messages about your relationship with us permitted by law.
Access and amendment of your information. Upon request, we will provide you with a copy of the PI we have on file for you. To request this information, please contact us via the contact information at the bottom of this Policy. If you notice any errors that you are not able to update yourself, you may also contact us, we will correct it if we determine that the information is inaccurate and we are the source of such error. However, since we collect your information from a variety of sources, we may ask you to contact the source for correction from time to time.
Our Website and Services are meant for adults age eighteen (18) years or older.
We use appropriate and reasonable security measures as required by relevant laws, including but not limited to HIPAA, CCPA, HITECH and Standard of Privacy of Individually Identifiable Health Information. We are adopting required safeguards such as Security Management Process (risk analysis, risk management, sanction policy and information system activity review), Security Official, Security Incident, Contingency Plans (data backup plan, disaster recovery plan and emergency mode operation plan). The Internet is not 100% secure. We cannot promise that your use of our Website and App will be completely safe. We encourage you to use the Internet with caution.
QT Medical uses certain physical, administrative, and technical safeguards to help protect your PI. These safeguards comply with the current security standards under the HIPAA. If we learn of a security systems breach, we may attempt to notify you electronically within 60 days following the discovery, so that you can take appropriate protective steps. We will post a notice if a security breach occurs., You may also receive written notice of security breach depending on where you live.
Information we collect may be stored and processed in the United States. If you live outside of the United States, you understand and agree that we may transfer your information to the United States which may not afford the same level of protection as the laws in your country. By submitting your information, you agree to the processing of it in the United States as permitted by law.
Under GDPR (the “General Data Protection Regulation”), “You” can be referred to as the Data Subject or as the User as you are the individual using the Services. “You” may also indicate the individual accessing or using the Services, or a company, or any other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
“Affiliate” means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
“Service Provider” means any natural or legal person who processes the data on behalf of QT Medical. It refers to third-party companies or individuals employed by QT Medical to facilitate the Services, to provide the Services on behalf of QT Medical or to assist QT Medical in analyzing how the Services are used. For GDPR, Service Providers are considered as “Data Processors.”
“Personal Data” includes any information that relates to an identified or identifiable individual, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
“Usage Data” refers to data collected automatically, either generated by using the Services or from the Services infrastructure itself.
“Data Controller” refers to QT Medical, as the legal person, alone or jointly with others determines the purposes and means of the processing of Personal Data.
“Account” means a unique account created for you to access all or part of our Services.
Legal Basis for processing Personal Data under GDPR – we may process Personal Data under the following conditions:
Your rights under GDPR – if you are “within the EU” (defined as below), you have the rights under this Privacy Policy and by law to:
GDPR applies to the following natural/legal person:
CCPA Policy.
Under CCPA (California Consumer Privacy Act), “Personal Data” means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
“Business” refers to a company as the legal entity that collects Consumers’ Personal Data and determines the purposes and means of the processing of such data, or on behalf of which such data is collected, whether alone or jointly with others, determines the purposes and means of the processing of consumers’ Personal Data, that engages in commercial activities in the State of California.
“Consumer” means a natural person who is a California resident. A “Resident”, as defined by law, includes (1) every individual who is domiciled in the US, and (2) every individual in the US for other than a temporary or transitory purpose.
“Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Data to another business or a third party for monetary or other valuable consideration.
You have the following rights, pursuant to CCPA, under this Privacy Policy, if you are a resident of California:
You have the right to request and obtain information regarding the disclosure of the following:
If you have any questions about this Policy or our data practices, please email us at privacy@qtmedical.com. You can also write or call us at:
We will not take action against you for filing a complaint. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and take appropriate measures. You may also file a complaint relating to our use and disclosure of your PHI to the United States Department of Health and Human Services Office for Civil Rights at https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
This Policy may be updated from time to time without further notice to you and this will be reflected by a "Last modified" date above. Please revisit this webpage regularly for any changes. By continuing to use the Services, you are consenting to the terms of the then-current Policy.
This website uses cookies to collect information about your browsing session so we can provide the best experience possible.