Home / Terms of Use and Privacy Policy / Masimo SafetyNet / Privacy
Effective Data: April 30, 2023
1. Introduction
2. What types of personal data do we collect?
3. From what sources do we collect personal data?
4. What legal bases for processing does Masimo rely on?
5. For what purposes do we use personal data?
6. To whom do we disclose personal data?
7. How long do we retain personal data?
8. How do we protect personal data?
9. Children
10. Your Rights
11. Transfers
12. Effect of this Privacy Notice; Changes
13. Contact Us
14. ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS
Masimo Corp. and its affiliates and subsidiaries (“Masimo,” “we,” “us,” “our”), provide this Masimo SafetyNet™ Privacy Notice (“Privacy Notice”) to explain how we collect, use, disclose and otherwise process the personal data of our healthcare provider and patient end-users (“you”) who use the Masimo SafetyNet™ mobile application or the Masimo SafetyNet clinical portal (collectively, “SafetyNet”) designed to help healthcare providers to remotely manage patient’s care and conditions, and any of the data processing or storage features associated with these services (collectively, “Services”).
Only patients who have been authorized by their healthcare provider to use SafetyNet may do so, and only healthcare providers who have signed up with us to use SafetyNet may authorize individual healthcare professionals they supervise to use the services. This Privacy Notice also provides information about rights you may have related to your personal data under applicable privacy laws.
If you are located in the European Economic Area (EEA), United Kingdom, Switzerland or Turkey, “Masimo” refers to Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria.
If you reside in California, please also see our California Consumer Privacy Act Privacy Policy for additional information about the categories of personal data we collect and your rights under California law.
From Patients: We collect the following types of personal data about patients who use SafetyNet, which we have grouped together as follows:
Health Care Professionals: We collect the following types of personal data about healthcare professionals (such as employees of our customers) who use SafetyNet, which we have grouped together as follows:
Whether you are a patient or a healthcare provider, you are under no obligation to provide any of the requested personal data. However, if you do not provide the data, you will not be able to use SafetyNet.
For ease of reference, we refer to the above groups of personal data by their respective sub-heading (e.g., Registration Information) throughout this Privacy Notice.
From Patients: If you are a patient end-user, we collect Registration Information, Device Information, Usage Information and Third-Party Contact Information directly from you. We may also collect Health Information from (i) Masimo medical devices that you connect with SafetyNet, and (ii) hospitals and other healthcare providers if you have given them your consent to transfer your personal data to us. If you do not complete your registration, then we would not be able to collect any personal information from you.
From Health Care Professionals: If you are a healthcare professional, we collect Professional Information, Device Information and Usage Information directly from you.
SafetyNet is available and used globally. Most data protection laws require that we inform you of the legal bases for processing your personal data, including the data protection laws applicable in Europe such as the General Data Protection Regulation (“GDPR”), UK data protection laws and Swiss data protection laws, as well as others. Pursuant to such applicable data protection laws, we process your personal data generally on the legal bases set forth below:
Preventative or Occupational Medicine and Consent to Process Health Information: For patient users, the primary legal basis of processing your Health Information is preventative or occupational medicine, i.e., to assist in your healthcare provider’s prevention, diagnosis, and care of your health. In addition, we also collect your consent before you register to use SafetyNet; you must review this Privacy Notice and consent to, among other things, the Terms of Use and to this Privacy Notice.
The legal bases for processing of personal data which is not Health Information are:
The primary reason why we collect, use, and otherwise process the categories of personal data listed above is to:
We may disclose the personal data that we collect for the purposes described above, to provide our Services to you, as otherwise directed or consented to by you, and as follows:
Whether you are a patient or healthcare professional, your personal data may be disclosed to:
In the event of a Business Transfer, whether as part of a bankruptcy or insolvency proceeding or otherwise, we or our affiliates may transfer the personal data we have collected from or about you to the acquiring or surviving entity in accordance with applicable law, and we may also share certain personal data as necessary prior to the completion of such a transfer, such as to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for the transfer.
In general, we store your personal data for as long as is necessary to provide you with the functionality of SafetyNet and the services that you requested, or as required by applicable law. Otherwise, if you are no longer using SafetyNet or have been inactive (e.g., not logged into SafetyNet App) for 12 consecutive months we will permanently delete your account and the personal data we hold about you. Any previously anonymized or aggregated data that is not identifiable to you may be retained. We will also contact your healthcare professional to notify them that you have been inactive for 12 consecutive months and that your personal data held by Masimo in SafetyNet will be deleted within 2 weeks, and ask that the healthcare provider take immediate action to delete the personal data they have about you unless the healthcare professional is required by law to retain your personal data, or you have instructed the healthcare professional to retain your personal data.
You can also delete your personal data at any time by using the “Delete Account” function on the SafetyNet App. When you use this function, all of your personal data that we hold will be permanently deleted immediately. It is your responsibility to delete any locally saved personal data and to ask those with whom you have shared your personal data to delete any personal data that they may have saved locally.
Please note, we may be legally required to retain some personal data about you. Therefore, if we are legally obligated to retain any of your personal data we will retain those until we are no longer legally required to keep them in compliance with applicable law (e.g., for tax purposes, legal compliance, health records retention requirements, etc.).
We have taken steps intended to protect the personal data we collect from loss, misuse, and unauthorized processing, including entering into data protection agreements with our service providers/processors and encrypting personal data in transit and at rest. In addition, SafetyNet is both HITRUST and ISO 27001 security certified, and HDS certified in France. You can obtain copies of the security certification or if you are in France, you can obtain a copy of the CE mark or the HDS certification by contacting us per the information stated in Section 13 “Contact Us” below.
Please note, however, that while we have endeavored to create a secure and reliable experience for users, the confidentiality or accuracy of any communication or material transmitted to or from us over the Internet cannot be guaranteed. It is your responsibility to safeguard the username and password that you use to access SafetyNet, and to notify us immediately at the contact information provided in Section 13 “Contact Us” below if you ever suspect that your username or password has been compromised.
Our Services are not specifically designed for children. We only collect personal data about children with the consent of their parent or legal guardian. You must be at least 18 years of age to use SafetyNet. Children under the age of 18 may only use Masimo’s hardware products on instructions, under the supervision, and with the consent, of their healthcare providers and parent or legal guardian.
You may have rights under applicable privacy laws, which may include access to, review of, modify or delete the personal data we hold about you. Residents of certain jurisdictions may also have additional rights, which are set forth in Section 14 “Additional Information for Certain Jurisdictions.” If you are a California resident, please review our California Consumer Privacy Act Privacy Policy for specific information about your California privacy rights and how to exercise them.
There may be times where Masimo and its service providers may transfer your personal information to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates, subsidiaries, and service providers have operations) that do not have equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives the required adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms, data transfer agreements and/or other legally acceptable mechanisms including your consent to the transfer, in accordance with applicable local laws.
If you are in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
To obtain additional details of the mechanism under which your personal information is transferred, you may request such details by contacting us at the contact details listed in Section 13. “Contact Us” below.
This Privacy Notice is current as of the Last Effective date set forth above and applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Privacy Notice from time to time and will make the revised document available here and through the SafetyNet application and update the “Last Effective” date above. If we make material changes to how we collect, use and disclose the personal data we have previously collected about you, we will endeavor to provide you with prior notice, such as by emailing you or posting prominent notice on our website or within the SafetyNet application. Where required by applicable law, we will also obtain your consent before processing your personal data for any purpose incompatible with the purposes for which it was collected as disclosed to you at the time of collection.
If you have any questions about this Privacy Notice, please contact our privacy department at [email protected]. To exercise any rights you may have under this Privacy Notice, please submit a request using our online form available here.
If you are a California resident, please see our California Consumer Privacy Act Privacy Policy.
Data controller. For purposes of this Privacy Notice, Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria is the controller of your personal data.
DPO Information.
In addition to emailing us or using our webform as described under Section 13 “Contact Us”, individuals in the EEA, UK, and Switzerland can also contact our data protection officer Dr. Sebastian Kraska at [email protected]. Masimo’s UK representative is Masimo Europe Limited, Matrix House, Basing View, Basingstoke - Hampshire RG21 4DZ.
Additional Rights.
In the EEA, UK, Switzerland, and Turkey you have the following additional rights, subject to the conditions and limitations under the GDPR or other applicable local data privacy and protection laws:
Individuals in Turkey, also have the following additional rights, subject to the conditions under applicable data protection law:
You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
Jurisdiction
EEA
United Kingdom
Switzerland
Data protection authority’s website
https://edpb.europa.eu/about-edpb/board/members_en
https://ico.org.uk/global/contact-us/
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
You can exercise your rights by submitting a webform available here . Alternatively, you can also contact the Data Protection Officer Dr. Sebastian Kraska by email at [email protected] or Masimo’s Data Privacy Office by email at [email protected]. You can also contact us by mail at Masimo Österreich GmbH, Attn: Data Privacy Office, Mariahilfer Straße 136, 1150 Vienna, Austria.
If you reside in Singapore, the Personal Data Protection Act of Singapore (the “PDPA”) applies. If we use a term that the PDPA defines in this section for users in Singapore, the term has the same meaning as under the PDPA.
Your Rights
In Singapore, you have the following additional rights, subject to the conditions and limitations set forth under the PDPA:
(1) To withdraw consent and request that we stop collecting, using and/or disclosing your personal data for any or all the purposes listed in this or any other Privacy Notice we provide to you. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time that it is withdrawn by you in writing.
(2) To request access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data.
(3) To correct or update any of your personal data which we hold about you.
You can exercise your rights by submitting your request in writing or via email to our Data Protection Officer at [email protected].
If you reside in Australia, the Australian Privacy Principles (“APPs”) as stated in the Privacy Act 1988 (the “Australian Privacy Act”) may apply to you. The following additional information supplements the disclosures provided in this General Privacy Notice above.
Your Rights
In addition to your rights stated above, in any requests to exercise your rights, please note to include:
1. in the case of requesting access, specify how you would like access to the personal information (such as receiving a copy by email or post, or if you just want to look at the information); and
2. where applicable, specify if you have authorized another person (e.g., legal guardian or authorized agent) to access or correct your personal information on your behalf.
Furthermore, you have the right to file a complaint to the Office of the Australian Information Commissioner by contacting 1300 363 992 or by visiting the website www.oaic.gov.au. Further information about the Australian Privacy Act and the APPs is also available from the Office of the Australian Information Commissioner.
If your personal information (as this term is defined under applicable Canadian federal and provincial law) was collected in Canada, it will be handled in accordance with the main body of this General Privacy Notice and applicable Canadian federal and substantially similar provincial privacy legislation. Please note the following additional aspects about how we handle your personal information:
Data Transfers Outside Canada/Quebec
In order to provide you with SafetyNet services, your personal information may be transferred to our affiliates, subsidiaries, or third-party service providers outside of Canada, including to the United States, unless you reside in Quebec, in which case your personal information is stored in our AWS server located in Quebec. While located in those jurisdictions outside Canada/Quebec, your information will be subject to local law, including potential access by local law enforcement, which may be less protective of your personal information than under Canadian or European data protection law. As stated above, Masimo will ensure your personal information is transferred in accordance with applicable law and protected as described in this General Privacy Notice. Please see Section 11 “Transfers” above for additional information.
Consent
We will collect, use, or disclose your personal information when we have your consent, which may be express or implied depending on the circumstances, or as otherwise required or permitted by applicable law. You have the right to withdraw your consent, subject to legal and contractual restrictions. Should you withdraw your consent, we may not be able to provide all available SafetyNet services to you.
Your Rights
For rights including those relating to access, correction, and erasure, please see Section 10 above of the main body of this Privacy Notice. You may contact our Data Privacy Office should you have any questions or concerns about the handling of your personal information by using the methods set forth in Section 13 “Contact Us” above. We strive to address all such requests in a timely manner.
If you are located in the province of Quebec, we must reply to your request for access or rectification promptly and no later than 30 days after your request is received. If you are not satisfied with our response or if you wish to file a formal complaint, you may always contact the Office of the Privacy Commissioner of Canada at 1-800-282-1376 (toll-free) or via regular mail: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, QC K1A 1H3. You may also contact the Office of the Privacy Commissioner in the provinces of British Columbia and Alberta or the Commission d’accàs à l’information in the province of Quebec, as applicable.
PLCO-006725/PLMM-12193B-0523