Privacy Notice

Effective Date: 18-Oct-2017

Spirosure Inc. and its affiliates (referred to as "Spirosure" or "we") aim at providing the highest level of privacy and security when offering healthcare professionals with individualized care tools for patients with respiratory conditions, and when directly providing individuals suffering from respiratory conditions with convenient and easy-to-use breath-based diagnostic and monitoring devices.

This Privacy Notice applies to our website https://fenom-connect.com and to Spirosure products and services, including:

  • Our Point-of-Care Breath Analyzer, Fenom PRO;
  • Our web service and companion apps, Fenom CONNECT (together the “Services”).

The Personal Data collected by our Point-of-Care Breath Analyzer and Companions Apps are hosted in a cloud-based ecosystem. Our mobile Companion Apps allow you to access your Personal Data to better understand and anticipate the evolution and care of your respiratory diseases.

We use this Privacy Notice to inform you about the types of Personal Data we collect about you in connection with the Services, why we collect such data, whom we may share it with, and how we protect the security of your Personal Data. It also tells you about your rights with respect to your Personal Data, how you can reach us to update your Personal Data or get answers to questions you may have about our privacy practices. 

“Personal Data” means any data relating to an identified or identifiable individual, such as your name and the data you provide to use the Services.

  1. Personal Data We Collect and How We Use It

In connection with your use of the Services, we collect Personal Data about you from the following sources:

  • Directly from you when you provide your information, for example when registering to use or inputting information into our Connected Care ecosystem or Companion Apps; and
  • Via the Point-of-Care Breath Analyzer your physician uses; and via the Companion Apps or from your health care provider, if you choose to connect to the Connected Care ecosystem. You may optionally add your FENOM Code to your account in order to connect your account to your health care provider. If you do, we will receive from health care provider information from your office visits such as any symptoms you reported, your FENO scores, and your physician-provided Asthma Action Plans, so that we can make them accessible to you through the Companion App.

We will use your Personal Data as described in this Privacy Notice or as further authorized by you, including information that:

  • Can be used by us, you and your doctor to register you with our services and provide our services, such as your name, date of birth, sex, user ID, email address, password, country of residence, hospital or health care provider organization, physician name and health information, including in a de-identified form.
  • Helps us provide our services to you and keep you logged in, such as your language preference, computer or mobile device ID, IP address, and device location. We may use cookies to store this information. We will not store device location collected through our Companion Apps.
  • We use for internal research and development, including but not limited to facilitate product design and population outcome monitoring, such as de-identified health information, device usage data, or companion app usage data.
  • Enables us to monitor performance and security of our systems, such as website usage data, companion app usage data, device ID, IP address, and referral URL.
  • We use to communicate with you about our products, services and promotions, such as your name, and email address.
  • We use to provide customer support and respond to your inquiries, such as your name, your email address, and any information you may provide to us in your inquiries.
  • Helps us understand the use of our devices, its sales and share aggregated results with investors.
  • We would need to enforce our Terms of Use and other legal rights.
  • We may need to comply with applicable legal requirement, industry standards and our policies.

Where required under applicable law, we will seek your explicit prior opt-in consent for the processing of sensitive data. 

  1. Personal Data We Share

We do not sell or otherwise disclose Personal Data we collect about you, except as described below.

Health Care Providers. We will share some of the Personal Data we collect with your physicians to help them provide individualized care for your respiratory disease. For example, if you connect your Companion App to your provider, your health care provider may have access to the information included in your Companion App. This includes information about when you take your medication, symptoms you report, air quality exposure, and profile information.

Service Providers. We also may share Personal Data with our service providers who perform services on our behalf. Service providers include for example IT service providers who help us with troubleshooting for our devices and IT systems. We do not authorize these service providers to use or disclose such data except as necessary to perform certain services on our behalf, such as hosting some of the data, or comply with legal requirements. We require these service providers by contract to appropriately safeguard the privacy and security of Personal Data they process on our behalf.

Legal and Similar Disclosures. We also may disclose Personal Data about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

Aggregate Data. We also may share statistical information that has been de-identified and aggregated with third parties as allowed under applicable law. For example, we may share aggregated data about sales and business performance with our investors.

Merger, Sale, or Other Asset Transfer. We may disclose your Personal Data in the event of a sale or transfer of all or part of our business assets. If this happens, we will use reasonable efforts to request the buying company to use your Personal data in a manner that is consistent with this Policy. Following such sale or transfer, the buying company will be the entity responsible for processing your Personal Data and you may contact it directly about any inquiries relating to the processing of your Personal Data.

  1. Your Rights and Choices

Subject to applicable law, you may have different rights regarding our use of your Personal Data. You may have the right to request access to and receive information about the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, and have such information deleted. You also may have the right to object to our processing of your Personal Data and withdraw your consent to our processing of Personal Data at any time. When you request the deletion of your Personal Data, object or withdraw your consent to the processing of your Personal Data by Spirosure, we may not be able to provide all the features of our Services to you, in particular the Connected Care ecosystem and the Companion Apps. Similarly, you can choose not to provide all or parts of your Personal Data to Spirosure (e.g., by not completing all data fields in our registration forms). However, in such case, you may not be able to benefit from the full range of our Services (e.g., to create an account to use our Services).

If you would like to have your Personal Data corrected or deleted, you can contact us as described in the section “How to Contact Us” below.

You can choose to opt out of the collection and use of certain information through cookies. You can do so via your browser that allows such opt out from certain types of cookies. However, without some of these cookies, we may not be able to provide all the features of our online Services. 

You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated in the section “How to Contact Us” below.

  1. How We Hold and Protect Personal Data

We care about the security of your Personal Data. Therefore, we maintain appropriate administrative, technical and physical safeguards to protect the Personal Data we have about you, in accordance with applicable law. We restrict access to Personal Data on a need-to-know basis. The types of measures we take vary with the type of data, and how it is collected and stored. We use encryption to protect the data during transmission to our servers and pseudonymization for some of the data we collect.

All Personal Data collected will be processed for as long as is necessary to achieve the purposes for which the information was collected and processed, unless otherwise required or authorized by applicable law.

  1. Data Transfers

We may transfer the Personal Data collected about you to countries other than the country in which the information was originally collected, including the United States. Those countries may not have the same data protection laws as the country where you live. When we transfer your Personal Data to recipients in other countries, we will protect the data as described in this Privacy Notice.

If you are located in the European Economic Area (EEA) or Switzerland, we comply with applicable legal requirements providing adequate protection for the transfer of your Personal Data to countries outside of the EEA or Switzerland. Spirosure has certified its adherence to the EU-U.S. and Swiss Privacy Shield Frameworks as set forth by the Department of Commerce with respect to the processing of certain personal information transferred from the EEA to Spirosure. Spirosure’s Privacy Shield Policy is available here.

  1. Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please contact us at dpo@spirosure.com.

  1. Updates to Our Privacy Notice

We may update this Notice from time to time to reflect changes in the way we process Personal data. When we do, we will post the revised policy on the Connected Care ecosystem and Companion Apps to notify you of such changes and indicate at the top of the notice when it was most recently updated. We may also send you an email or other notification in advance and indicate when such changes will become effective. We will consider that you have read and accepted these changes if you continue to use our services after we post this notice. However, we may, in certain circumstances, also request that you provide your consent again for processing your Personal Data. Please review our Privacy Notice periodically to ensure that you are aware of any updates.

  1. How to Contact Us

If you have any questions or comments about this Privacy Notice or if you would like to exercise your rights regarding your Personal Data, please contact us by email at dpo@spirosure.com or by post at:

Spirosure Inc.
Attn: Data Protection Officer
7020 Koll Center Parkway, Suite 110
Pleasanton, CA 94566-3107
United States of America