Privacy Policy
Last Revised: January 2025
DarioHealth cares about your privacy and wants you to be familiar with how we collect, use and disclose personal information about you. References to DarioHealth include our subsidiaries and trade names, including Labstyle Innovation Ltd., Upright, wayForward, and Twill Inc. (collectively, “DarioHealth,” “us,” “we” or “Company”).
The purpose of this DarioHealth Privacy Policy (“Privacy Policy”) is to explain our data collection and privacy practices when you access our products, devices, websites, mobile applications, or other offerings, or interact with us via our customer service center, social media, product reviews, HTLM-formatted emails, or otherwise (collectively, the “Services”). We encourage you to read the Privacy Policy carefully prior to using the Services, as it describes the types of personal information we collect, how we collect it, how we use the information we collect, how long we keep the information and under what circumstances and with whom your personal information may be disclosed. This Privacy Policy also describes your rights concerning your personal information and security measures we take to protect your personal information. If you have any questions about this Privacy Policy, please email us at [email protected].
For health plan and employee assistance plan users: If you use the Services through your healthcare provider, health plan sponsor, insurer, pharmaceutical partner or related organization or company (each a “Provider Company”), this Privacy Policy is not intended to modify or supersede any privacy policy provided by your Provider Company. Also, in some cases, your information may be qualify as Protected Health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In those instances, we act as a “business associate” on behalf of your Provider Company, and this Privacy Policy does not apply. Instead, we will process your PHI consistent with the obligations in our contract with the Provider Company, and you should contact your Provider Company for a copy of the relevant privacy policy.
TYPES OF INFORMATION WE COLLECT
- PERSONAL INFORMATION: DarioHealth may collect personal information in a variety of ways, including:
- Identifiers – Including real name, alias, date of birth, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name or other similar identifiers;
- Demographic information – Including age, gender (including gender identity and expression), sexual orientation, and other personal information that may be considered a protected classification characteristic under California or federal laws;
- Internet or other electronic network activity information – Including your browser type and operating system; browsing history, clickstream data, search history on the Services, and information regarding how you interact with the Services, an internet website, application, email, newsletter, or advertisement, including access logs and other activity information related to your use of the Services; the referring URL, or the website or application that led you to our Services; and, if you link your information associated with your social media account such as your name, username, email address, gender, profile picture, other unique identifier, etc.;
- Biometric information – Including physical characteristics such as height and weight, blood tests, blood pressure tests, nutrient consumption, exercise activity and motion (e.g., steps, cardio activity, kcal, type and intensity), posture information, gait, physical, mental, and emotional health status
- Geolocation data where authorized by applicable law and subject to any consent required by applicable law;
- Audio, electronic, visual or similar information;
- Financial information – Including your payment card or online payment account information and billing address;
- Commercial information – Including records of your purchase history and transactions with us, as well as purchasing or consuming histories or tendencies;
- Communications – Including the content of communications between you and us, or between you and your coach or mental health Providing Company for wayForward users;
- Professional or employment-related information; and
- Inferences – We, and our third-party advertising and analytics partners, may collect inferences drawn from any of the information identified above to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
- PERSONAL HEALTH INFORMATION: We may collect information regarding your physical and mental health, such as information on medications, medical history, lifestyle habits, pain, fitness and training characteristics, pregnancy, body traits (e.g., posture), exercise activity and motion (e.g., steps, cardio activity, kcal, intensity), height, weight, nutrition (e.g., carbohydrate consumption), blood pressure, blood test results (e.g., last HbA1c), mental or emotional health status, and other health-related information. This may include PHI, whether you provide it only to us (such as answers to self-assessment features) or opt to share it with other users of the Service or your Provider Company. Any personal health information may be treated as sensitive or special category information under applicable laws.
- SPONSOR ORGANIZATIONS: If an organization, such as your or your partner’s, spouse’s or parent/guardian’s employer, university or health plan (including a Provider Company), is paying for your access to our Services (each a “Sponsor Organization”), use of our Services may require you to provide additional registration information. This information is collected to confirm your eligibility with the Sponsor Organization. Information collected under these circumstances may include, but is not limited to, name, email address, date of birth and phone number. This information is required to confirm program or benefit eligibility and prevent insurance and benefit fraud.
HOW WE COLLECT INFORMATION
- INFORMATION YOU SHARE WITH US: Directly from you (e.g., when you register for the Services or interact with us or certain Services or DarioHealth features, such as assessments, Dario’s artificial intelligence-based (“Al-based”) chatbot named Anna, behavioral matrices and click-throughs to third parties within the Services), from devices, including your wearable devices, connected to the Services, your coach or mental health service provider (including for wayForward Services);
- INFORMATION WE COLLECT AUTOMATICALLY: We and our third-party business partners, including advertising and analytics partners, automatically collect information when you use our Services through cookies, pixel tags, clear GIFs, or similar technologies on our Services, including the information referred to above as “Internet or other electronic network activity,” such as your browser type and operating system, web pages you view, your interactions with content or webpages on the Services, links you click, your IP address, device identifier, or other identifiers, the length of time you visit our Services, the referring webpage URL or app that led you to our Services, the information, content, or advertisements you view, hover over, or click on, and the search terms you enter. Our third-party business partners may use these technologies to collect information about your online activities over time and across different websites and services. We also collect information automatically through your wearable devices that are connected to the Services.
- INFORMATION WE COLLECT FROM THIRD PARTIES: To the extent permitted by applicable law, from public databases, where permitted by law, or from third-party private sources, such as data brokers or our business partners, including advertising and analytics partners. Additionally, you may integrate third-party software development kits (“SDKs”) with certain Services, subject to your consent where required by law, and we may collect personal information from these SDKs. Examples of SDKs include those for GPS, Wi-Fi or Bluetooth, accelerometers, or gyroscopes. We also may collect personal information from your employer, employee assistance plan or health plan as well as your coach, mental health service provider, healthcare providers you access through the Services, or other Providing Company provider.
You may refuse to disclose certain information to us, but please note that this may prevent or limit your ability to use certain Services or features within a Service.
HOW WE MAY USE PERSONAL INFORMATION
- PROVIDING THE SERVICES:
- To provide the Services’ functionality to you, such as arranging and authenticating access to your registered account, fulfilling your purchases, providing you with relevant information and insights about your health and tools to manage it, send you reminders based on location and activity, and providing you with customer service;
- To personalize our recommendations for better health management and wellness promotion (including through community learning tools, Apple HealthKit, etc.);
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments, reviews, or complaints, or when you request other information about our Services;
- To verify your information and provide related customer service;
- To send you administrative information, such as changes to our terms, conditions and policies;
- To provide rewards programs if you enroll in them; and
- To allow you to send messages to another person through the Services.
PHI is typically used within the Services for treatment purposes. In addition to the above examples, you may elect to use your PHI to bill for your use of the Services.
For processing your personal information for the above purposes we rely on the necessity to process your personal information for the establishment and performance of the DarioHealth, Inc. Terms and Conditions. We also may rely on your consent for the above processing activities to the extent required by applicable law, such as when the relevant data is PHI or you use certain Services from the EEA/EU or UK. Whenever we rely on your consent, you can withdraw your consent anytime by contacting [email protected]. However, please note that withdrawing your consent may limit or preclude your ability to access certain Services or features within a Service, to the extent the relevant data or processing activity was necessary for the provision of the Service or feature of a Service.
- PROVIDING YOU WITH INFORMATION ABOUT NEW SERVICES AND/OR MARKETING MATERIALS AND FACILITATE SOCIAL SHARING:
- To send you marketing-related communications about our services, new products and other company news. Our third-party business partners, including our advertising and analytics partners, may use your personal information to communicate with you about new features, events, or products that may be of interest to you, including based on your interactions with our Services. Our third-party business partners may also use your personal information to analyze and track your interactions and movement around the Services and elsewhere on the internet for our and their own purposes. We and our third-party business partners may merge, co-mingle, or otherwise combine information, including your personal information, in furtherance of these purposes.
Where required by applicable data protection laws, such as where you use certain Services from the EEA/EU or UK, we rely on your consent for processing your personal information for sending email marketing, which we ask for when you register for your account. You can withdraw your consent anytime by contacting [email protected], or by clicking on the ‘unsubscribe’ link at the end of the email marketing communication.
- IMPROVING OUR SERVICES: We may use your personal information to the extent necessary for the purposes of our legitimates interests in improving our Services.
- PROVIDING PERSONALIZED SERVICES: We may use your personal information to the extent necessary for the purposes of our legitimate interests in better understanding your interests and preferences so we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
- AGGREGATING AND/OR ANONYMIZING PERSONAL INFORMATION: We may aggregate, deidentify and/or anonymize personal information that it will no longer be considered personal information, subject to your consent where required by applicable law (which we may ask for when you register an account).
- ACCOMPLISHING OUR BUSINESS PURPOSES: We may further use your personal information to the extent necessary for the purposes of our legitimate interests in achieving the following objectives:
- For data analysis to, for example, improve our efficiency;
- For audits to verify that our internal processes function as intended and to address legal, regulatory or contractual requirements;
- For fraud prevention and security monitoring to, for example, detect and prevent cyberattacks and identity theft;
- For developing new products and services;
- For enhancing, improving, repairing, maintaining or modifying our current products and services, as well as undertaking quality and safety assurance measures;
- For identifying usage trends; For determining the effectiveness of our promotional campaigns.
Where we rely on legitimate interests as the basis for processing, we conduct a legitimate interest assessment to the extent required by applicable law.
DISCLOSURE OF PERSONAL INFORMATION
- AFFILIATES: We may disclose your personal information (excluding your PHI in identifiable form) with our affiliates for the purposes described in this Privacy Policy. Note, however, that DarioHealth does NOT disclose personal information to third parties in exchange for money.
- PARTNERS: We may disclose your personal information (excluding your PHI in identifiable form) with other companies, such as companies with whom we jointly offer products and services, SDK providers, and our third-party advertising and analytics partners. These third parties may access your information through cookies, pixels, clear GIFs, and similar technologies deployed on our Services.
- THIRD-PARTY SERVICE PROVIDERS: We may disclose personal information with certain service providers whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, communications and content delivery networks (CDNs), data and cybersecurity services, performance measurement services, data optimization and marketing services, content providers and our legal and financial advisors.
- INFORMATION YOU SHARE: DarioHealth enables you to share your personal information with others, including healthcare providers, friends and contacts via social media, our app or other platforms. Please use caution when sharing your personal information with others. The information you share will be shared according to your instructions and actions, and we have no control over what happens with your information once you share it with others.
OTHER USES AND DISCLOSURES OF PERSONAL INFORMATION
- APPLICABLE LAW: We may disclose personal information to comply with applicable law and regulations, which may include laws outside your country of residence. Where we transfer data outside the country you are located in, we ensure that we have appropriate safeguards in place to protect your personal data in accordance with data protection laws. If you would like more information on how to obtain a copy of the appropriate safeguards in place, please email [email protected].
- DISCLOSURE OF PHI: In accordance with HIPAA and any relevant instructions or contractual obligations with your Provider Company, you may ask us to share your PHI with family, close friends, or others involved in your care or to share your personal information in a disaster relief situation. If you are unable to tell us your preferences (e.g., if you are unconscious), we may share your PHI if we believe it is in your best interest, subject to applicable law. We also may share your PHI if we believe it is necessary to lessen a serious and imminent threat to health or safety. We will never share your PHI for marketing purposes or sell your PHI without your and your Providing Company’s consent. Further, we may disclose your PHI in ways that contribute to the public good (e.g., public health and research), so long as we meet certain HIPAA requirements before such disclosure. These disclosures include those that help with public health and safety issues (e.g., preventing disease, helping with recalls, reporting adverse reactions, suspected abuse, neglect or domestic violence or preventing or reducing a serious threat to anyone’s health or safety). We also may share your PHI for health research or if state or federal laws require it, to respond to court or administrative orders or to address workers’ compensation, law enforcement and other government requests. In addition, we may disclose your PHI to respond to organ and tissue donation requests or to work with a medical examiner, coroner or funeral director.
- TRANSACTION, LIQUIDATION: We may disclose personal information with third parties in connection with a transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or related or similar proceedings in compliance with applicable laws.
- PUBLIC AND GOVERNMENT AUTHORITIES, LAW ENFORCEMENT: Where permitted or required by applicable data protection laws, we may disclose your personal information pursuant to a legal request or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
- THIRD-PARTY ADVISORS: We may share personal information with third party advisors, such as consultants or legal advisors, in the context of our relationship with you.
- PROTECTING RIGHTS AND SAFETY: Where permitted or required by law, we may disclose your personal information with others, including law enforcement, if we believe in good faith that it will help protect the rights, property or personal safety of DarioHealth, any of our users or any member of the general public, with or without notice to you.
HOW WE MANAGE CONSENT
We may collect, use and disclose your personal information with your consent, except as required or permitted by law. When you use our Services, you are providing consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy.
Your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of DarioHealth to provide you with certain information, products, features or Services.
YOUR CHOICES REGARDING PERSONAL INFORMATION
- EMAIL AND SMS MESSAGING: With your consent or subject to applicable law, we may use your email address or phone number to send you messages, such as feature changes and special offers. If you do not want to receive such notifications, you may opt-out or change your preferences by contacting our support team at [email protected]. You also may click the ‘unsubscribe’ link at the bottom of any marketing email or reply ‘STOP’ to any marketing SMS. Subject to regulatory requirements, opting out may prevent you from receiving notification including notices regarding updates, improvements or offers. We will honor your opt-out as soon as reasonably practicable and within legally prescribed timeframes. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages that are not promotional in nature.
- MARKETING: We give you choices regarding our use and disclosure of your personal information for marketing purposes. You may always revoke your consent for the disclosure of your personal information for this purpose.
ACCESS, CHANGE, OR DELETE YOUR PERSONAL INFORMATION
If you would like to request to access, correct, update, suppress, restrict or delete personal information, object to or opt out of the processing of personal information, or if you would like to request a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us per the “Contact Us” section below. We will respond to your request consistent with applicable law.
In your request, please clarify what personal information you would like to have changed or whether you would like to have your personal information suppressed from our database. We may need to verify your identity before implementing your request. We will comply with your request to the extent required by applicable law.
If you reside in California or a U.S. state with a similar privacy law, please refer to the “Information for California Residents” section at the end of this Privacy Policy for more information about the requests you may make under California law. If you are in the EEA, EU or UK, please refer to the “Information for Users in the EEA, EU and UK” section at the end of this Privacy Policy.
THIRD-PARTY WEBSITES
This Website may contain SDKs or links to third-party owned and/or operated websites. DarioHealth is not responsible for the privacy practices or the content of such websites. Third-party websites have separate privacy and data collection practices, and DarioHealth has no responsibility or liability relating to them.
For example, if you choose to integrate the Apple HealthKit with the Services, we can add personal information to your HealthKit, at which time your personal information is subject to Apple’s privacy policy and we are no longer responsible or in control of what happens to that personal information.
HOW WE ADVERTISE
We use third-party advertising companies to serve advertisements regarding goods and services that may interest you when you access and use the Services and other websites or online services. You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as mobile phone and laptop.
- HOW NOT TO RECEIVE ONLINE ADVERTISING: For more information about this practice and how to opt out, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You also may download the AppChoices app at www.aboutads.info/appchoices specifically for mobile.
HOW WE MAY USE COOKIES AND OTHER TRACKING TECHNOLOGIES
When providing our Services, we, and our third-party business partners, including advertising and analytics partners, may place and/or store code or other types of information on your device or within your browser, such as cookies, locally shared objects, and similar tracking technologies for the purposes set out in this Privacy Policy. These technologies can track web activity over time and across third-party services. Cookies and local storage may be set and accessed on your computer. Upon your first visit to the Website and Services, a cookie or local storage may be sent to your device that uniquely identifies your browser. (Cookies and local storage are small files containing a string of characters sent to your computer’s browser and stored on your device when you visit a website. Many web-based services use cookies to provide useful features for their users. Each website can send its own cookie to your browser. Most browsers are initially set up to accept cookies.) We and third party business partners may independently or in conjunction use these technologies in connection with the Service in a way that collects personal information for the purposes described in our respective privacy policies, including without limitation to determine whether you have seen a particular advertisement before on the same or different device and to otherwise control and tailor the display of ads to you based on your perceived preferences by collecting data to track the movements of individual users through the Service and elsewhere on the internet over time and across unaffiliated websites, apps, and devices, as well as to help diagnose problems with servers, to gather broad demographic information, to conduct research, to record registration and personalization information, to inform offers that we may make to you, and to otherwise administer the Service.
If you do not want cookies, you may set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you reject cookies, you will not be able to sign into or take full advantage of our Services. Additionally, if you clear all cookies on your browser at any point after setting your browser to refuse all cookies or indicate when a cookie is being sent, you will need to reset your browser to refuse all cookies or indicate when a cookie is being sent.
Learn more about cookies at http://www.allaboutcookies.org/ and
To support our Services, we, and our third party advertising and analytics partners, may use one or more of the following cookie or similar tracking technologies for the purposes set forth in this Privacy Policy:
- TYPES OF TRACKING TECHNOLOGIES AND PURPOSES:
- Analytics and Performance Cookies – To collect information about how and when our Services are accessed. We use this information to help operate our Services more efficiently, to gather broad demographic information and monitor activity levels. Note that we also use Google Analytics for this purpose. Google Analytics uses its own cookies. Learn about Google Analytics cookies and privacy Policy here: https://policies.google.com/?hl=en-US. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available here: Google Analytics Opt-out Browser Add-on – https://support.google.com/analytics/answer/181881?hl=en
-
- Essential Cookies – To provide our Services to you. For example, essential cookies allow you to log into secure Services areas and help load content quickly. Without these cookies, Services you requested could not be provided.
- Functionality Cookies – To allow our Services to remember your user choices, such language preferences, login details, polls you voted in, poll results and any other customizable parts of our Services.
- Social Media Cookies – Used when you share information from our Services to your social media account(s). This may include selecting “share” or “like” from our Services platform or engaging with our content on our social media accounts. The social network will record that you have done this.
- Pixel Tags – These small graphic files allow us and third parties to monitor and collect data about your visit, such as the IP address of the computer that downloaded the page where the tag appears, how long you remained on the page, which browser you used to get there, and the identification number of any cookie previously placed by that server on your computer. We may use pixel tags provided by us or by third party advertisers, service providers and ad networks in combination with our cookies to provide offers and information of interest to you. Pixel tags also may enable ad networks to serve you targeted advertisements.
For more information, please visit www.allaboutdnt.com.
CHILDREN
DarioHealth is committed to children’s privacy. DarioHealth does not knowingly permit any person under 13 years of age to register directly for our Services. If you are under 13, do not use or provide any personal information to the Services. If you are 13-17 years old, we will collect your parents’ consent for your use of the Services as required by applicable law.
If DarioHealth learns that personal information of persons under 13 years of age has been collected through the Services without parental consent, then we will take appropriate steps to remove the information or maintain and use such information (in accordance with the other provisions of this Privacy Policy) in order to notify and obtain consent from the parent/guardian and/or for other purposes permitted under applicable law.
If you are a parent or guardian and discover that your child under the age of 13 has a registered account with the Services without your consent, please alert DarioHealth at [email protected] to either provide consent, request that we change your child’s account settings, or request that DarioHealth remove the child’s personal information. Please provide the child’s name, address and email address when you notify us.
RETENTION PERIOD
We will keep your personal information for as long as necessary to achieve the purposes set forth above. The criteria used to determine how long we retain personal information include: (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as applicable statutes of limitations, litigation or regulatory investigations). We will keep personal information associated with a registered account for so long as your account is active.
We may continue to retain your personal information after you deactivate your user account or stop using the Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests, in each case consistent with applicable law.
SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by emailing [email protected].
ADDITIONAL INFORMATION FOR USERS OUTSIDE THE USA
The Services are operated in the United States of America. If you are located in another jurisdiction, please be aware that information you provide to us and that we otherwise collect about you as explained in this Privacy Policy may be transferred to, stored and processed in the U.S. No transfer of any data will occur without pursuing the appropriate safeguards, including standard contractual clauses approved by the European Commission, and all necessary measures to provide adequate protection as required by applicable data protection law. Insofar as we disclose your personal information with affiliates, partners and third-party service providers (as described above in the section “DISCLOSURE OF PERSONAL INFORMATION”) that are located in the USA or other countries outside your jurisdiction that do not provide a level of data protection as considered adequate to your jurisdiction, where necessary, we have implemented appropriate safeguards and supplementary measures according to applicable data protection laws, including, for the EEA/EU and the UK, the execution of standard contractual clauses approved by the European Commission/ICO with the respective recipients, ensuring that the data processed by such recipients is adequately protected. For more information on the recipients and third countries concerned, the safeguards implemented, and for obtaining a copy of these safeguards, please contact us at [email protected].
To request to limit the use and disclosure of your personal information, please submit a written request to [email protected]. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
DarioHealth is committed to resolving complaints about your privacy and our collection or use of your personal information transferred to the USA pursuant to applicable data protection law.
ADDITIONAL INFORMATION FOR USERS IN THE EEA, EU and UK, AND USERS IN JURISDICTIONS WITH SIMILAR PRIVACY LAWS
If you are in the European Economic Area (EEA), European Union (EU) or United Kingdom (UK), or a jurisdiction with a similar privacy law (such as Quebec), your personal information may be protected by the European Union General Data Protection Regulation (GDPR), the United Kingdom Data Protection Act and United Kingdom GDPR, or a similar privacy law (collectively, and specifically including jurisdictions with similar privacy laws, “EU/UK Privacy Laws”). For individuals whose personal information is protected by the EU/UK Privacy Laws, please know that DarioHealth, Inc. is the data controller responsible for the collection, use, and disclosure of your personal information under this Privacy Policy.
If your personal information is protected by the EU/UK Privacy Laws, you may have the following rights in relation to your personal information:
- The right to access: You have the right to request from us a copy of the personal information we hold about you.
- The right to rectification: You have the right to request that we correct any personal information about you that is inaccurate, and to request that we complete the personal information we hold about you where you believe it is incomplete.
- The right to erasure: You have the right to request that we erase your personal information, under certain conditions. In the event of an erasure request, we may retain a copy of your personal information for our record keeping purposes and to avoid entering your personal information in our systems after your request.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal information, under certain conditions, and you have an unconditional right to object to the processing of your personal information for direct marketing purposes.
- The right to data portability: You have the right to request that we transfer the personal information we have collected about you to another organization, or directly to you, under certain conditions. You can also request a copy of your personal information in a structured, common, and machine-readable format.
- The right to withdraw consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Your withdrawal of consent does not impact the lawfulness of our processing up to the point of consent withdrawal.
- The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met. An automated decision making process is not carried out by DarioHealth.
- The right to make a complaint to your data protection regulator. Here is a list of the data protection regulatory authorities in the EU: https://edpb.europa.eu/about-edpb/board/members_en. The UK data protection regulatory authority is the Information Commissioner’s Office (ICO). You can contact the ICO via their website: https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/#email
Please note that there are exceptions to the various rights listed above. As an example, in certain circumstances we may have a legal obligation to retain some of your personal information.
You can submit requests to exercise these rights by emailing [email protected]. We try to respond to all legitimate requests within one month or quicker if legally required to do so. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you would like to submit a complaint regarding our practices in relation to your personal information, please email our Data Protection Officer at [email protected]. We will reply to your complaint as soon as we can.
INFORMATION FOR U.S. RESIDENTS WHO RESIDE IN STATES WITH A COMPREHENSIVE PRIVACY LAW
In accordance with applicable U.S. state privacy laws, such as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA”), in each case as such laws come into effect and are amended from time to time, the following section provides additional details regarding the categories of personal information we collect, use, and disclose about residents in states with such applicable privacy laws.
In this section, “personal information” means information that qualifies as “personal information” or a similar term under an applicable U.S. state privacy law, including information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular person. Personal information does not include de-identified or anonymized information; publicly available information that is lawfully made available from federal, state, or local government records; and information covered by certain sector-specific privacy laws, like HIPAA.
Categories of personal information
The following chart includes: (1) the categories of personal information that we have collected within the preceding 12 months; and (2) the categories of third parties to which we disclosed personal information for our business or commercial purposes within the preceding 12 months.
|
Category of Personal Information |
Business or |
Category of Recipients (sales or |
|
Identifiers A |
• Provision of Services • Business Operations and Management |
|
|
Personal A |
• Provision of Services • Business Operations and Management |
|
|
Protected Age, |
• Provision of Services • Business Operations and Management • Serving Ads* |
|
|
Internet Browsing |
• Provision of Services • Business Operations and Management • Serving Ads* |
|
|
Biometric Physical characteristics such as height and weight, blood |
• Provision of Services • Business Operations and Management |
|
|
Geolocation Physical |
• Provision of Services • Business Operations and Management |
|
|
Audio, Audio, |
• Provision of Services • Business Operations and Management |
|
|
Financial Payment |
• Provision of Services • Business Operations and Management |
|
|
Commercial Records |
• Provision of Services • Business Operations and Management |
|
|
Communications Content of communications between you and us, or between |
• Provision of Services • Business Operations and Management |
|
|
Professional Current |
• Provision of Services • Business Operations and Management |
|
|
Inferences Profile |
• Provision of Services • Business Operations and Management |
|
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
As indicated, we may also collect personal information that qualifies as sensitive data under applicable data protection laws (“Sensitive Personal Information”). Sensitive Personal Information may include race or ethnicity, geolocation, and health data. We collect race/ethnicity data for clinical data and research purposes; we may also use aggregate race/ethnicity data for customer reporting purposes. We limit the uses of geolocation data and health data we collect to those that are necessary to provide the relevant Services. We may share this data for business purposes with service providers. You have the right to request that we limit the use of your Sensitive Personal Information. If you would like to limit how we use this information, please contact [email protected].
DarioHealth will retain this data as long as you: 1) remain a DarioHealth user and 2) have not affirmatively withdrawn your consent. DarioHealth does not sell or share your Sensitive Personal Information.
“Sales” or “sharing” of personal information. DarioHealth does not sell your personal information in exchange for money. However, under the broad definitions in U.S. state privacy laws, DarioHealth may “sell” or “share” personal information through the use of cookies and pixels on our corporate website. We use these cookies and pixels for the sole purpose of providing targeted behavioral advertising based on your interest in DarioHealth. You may adjust your cookie preferences on your device or remove them by adjusting your browser or devices preferences, as they permit, and email [email protected] to request that we do not collect or use your personal information for behavioral advertising. DarioHealth does not otherwise, in any way, sell your personal information. We also do not have actual knowledge of any “sale” or “sharing” of personal information of minors under 16 years of age without requisite consent.
Submitting Personal Information Rights Requests.
Depending on where you live, you may have certain rights with respect to your personal information that we process. Those rights may include:
- Access/Data Portability: You may request confirmation as to whether we are processing your personal information, to receive a copy of your personal information delivered electronically in a portable and readily useable format (if reasonably feasible), to know specific pieces of personal information collected about you, or to know how or why categories personal information are sourced, used, or disclosed;
- Deletion: You may request that we delete your personal information;
- Correction: You may request that we correct or update personal information that is inaccurate or incomplete;
- Opt-Out of Sales, Sharing, and Targeted Advertising: You may request that we do not sell or share, or process for targeted advertising, your personal information; and
- Limit Use of Sensitive Information: You may request that we limit that we refrain from certain processing of your Sensitive Personal Information.
- Non-Discrimination: You have the right to not receive discriminatory treatment by us for the exercise of their rights conferred by applicable law.
DarioHealth currently does not engage in profiling activities that give rise to any opt-out right under state privacy laws. You may submit a verifiable consumer request to us to exercise any of these rights by emailing [email protected] or calling 833-914-3796. To opt out of sales, sharing, and disclosures of personal information for targeted advertising, please click here. To protect your and others’ privacy, we will take reasonable steps to verify your identity before fulfilling your request, which may include asking you for additional information to allow us to reasonably confirm that you are the person about whom the relevant personal information was collected. We will endeavor to respond to your request as soon as possible, and if we cannot respond within 45 days, we will let you know that we require additional time, to the extent consistent by applicable law. We will process your rights requests in accordance with applicable laws.
For other requests you may have or to register your appeal regarding our responses to requests you have made, please contact us at [email protected]. We ask that you provide your name and contact information, and we may ask for additional information about your interactions with us to verify your identity. If you have additional concerns about the result of an appeal, your local laws may afford you the right to contact your state attorney general for further assistance.
Authorized Agents. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information using the contact information stated in this Privacy Policy. You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us and/or that the authorize agent verify their right to act on your behalf.
Notice of Financial Incentives. In connection with the Healthies rewards program, we may offer the following financial incentives and/or price or service differences in exchange for our use of your personal information:
- Healthies Rewards Points: We offer rewards points and other exclusive incentives for participating in the Healthies program and taking certain actions in the Services that generate and earn points, such as taking bodily measurements, sending chat messages, reading an article, and communicating with a Dario coach. To offer these rewards, we must track your personal information, such as your use of the Services and the information you provide when doing so and performing the actions described above. We must also collect your contact information to send you rewards that you are eligible for. The value we place on the personal information in connection with these rewards is calculated by determining the approximate additional use of the Services and additional purchases per user, per year compared to individuals who are not enrolled in Healthies.
If you are enrolled in our Healthies program, you are automatically eligible for these benefits.
To withdraw from the Healthies program, please contact us by email at [email protected], or by phone at 833-914-3796. You may also unsubscribe from Healthies program-related promotional offers at any time by clicking the “unsubscribe” link at the bottom of such emails.
CHANGES TO THIS PRIVACY POLICY
DarioHealth reserves the right to change or update this Privacy Policy at any time by posting an updated Privacy Policy within the Services. We also will notify users via email and/or any other reasonable means acceptable under state and federal law, to the extent required by applicable law.
CONTACT US
DarioHealth is the controller of your personal information, except where we act as a processor to a Provider Company. If you have any questions or comments about this Privacy Policy, or to contact DarioHealth as the controller of your personal information, please email our Data Protection Officer at [email protected] or send a letter to:
DarioHealth
Attn: DPO
322 W. 57th Street, #33B New York, NY 10019
DLP-0028 RevG