Masimo Corp. and its affiliates and subsidiaries (“Masimo,” “we,” “us,” “our”), provides this Privacy Notice in connection with the Masimo Halo™ mobile App and the Opioid Halo™ device (the “Privacy Notice”) to explain how we collect, use, disclose and otherwise process the personal data of the users (“you,” and “your”) of  Masimo Halo™ mobile application (“Halo App ” or the “App”) and rights you may have under applicable privacy laws related to your personal data.

For information about the privacy choices you have regarding your personal data, please refer to the Section 7 “Your Rights”, as well as the Section 11 “Additional Information for Certain Jurisdictions” below, which includes additional information about privacy rights applicable to residents of specific jurisdictions.

If you are a resident of California, please also refer to our California Privacy Notice for additional information about the categories of personal data we collect and your rights under California law.

1.  What Personal Data Do We Collect?

As further described below, we collect personal data directly from you, automatically from your use of the Halo App, and from third parties whose personal information you share in the App. 

You are under no obligation to provide us with the requested personal information. However, if you do not provide the requested information, you will not be able to use the Halo App.

The categories of personal data we collect through your use of the Halo App include the following categories and types of personal data:

• Registration Information: your name, registration information (which you enter yourself when you download and activate the Halo App).
• Health Information:  your physiological health information, such as your oxygen saturation level, perfusion index, and pulse rate, and current/past trends regarding these metrics.
• Third-Party Contact Information: the names and contact information of the third party emergency contacts with whom you choose to share your personal and health information.  This can include your family, friends, healthcare, and/or emergency response services.  Please inform and obtain the consent of your contacts before inputting their personal information into the Halo App.   Please remember to share your personal data with only those people who you trust and with whom you have clearly communicated your expectations regarding the confidentiality of your information. 
• Device and Technical Information: personal information collected from the devices you connect with the App. This also includes the collection of information about your device on which you run the App, such as, device identification number, IP address, internet service provider information, general location data, mobile operating system, and where you connect additional devices.
• Activities and Usage: We also collect activity information related to your use of the Halo App, such as information about time spent and other activities, interactions, and preferences relating to your use of the App.
• Location Information: We may collect or derive location information about you, such as through your IP address.  Further, with your permission, we may collect geolocation information from your device. You may turn off location data sharing through your device settings.

2.  From What Sources Do We Collect Personal Data?

We may collect your personaldata from (i) you directly, (ii) Masimo devices  that you connect with the Halo App, and (iii) automatically when you access,  install, navigate through, interact with, or otherwise use the Halo App.

3.  What Are the Legal Bases for Processing Your Personal Data?

Opioid Halo™ is available and used globally.  Most data protection laws require that we inform you of the legal bases for processing your personal data, which laws may vary depending on the country or state of residence. Pursuant to such applicable data protection laws, we process your personal data generally on the legal bases set forth below:

• Consent: In these cases, you can withdraw your consent at any time with future effect.
• Contract Performance:  Necessary for us to perform a contract with you or take steps at your request prior to entering into a contract;
• Legal Obligations:  Necessary for us to comply with an applicable legal obligation;
• Legitimate Interest:  Necessary for us to realize a legitimate interest based on an assessment of that interest and your privacy and other fundamental interests; and
• Defend Our Rights:  Necessary for us to establish, exercise or defend against legal claims

4.  For What Purposes Do We Process Your Personal Data?

In general, we collect, use, disclose, and otherwise process your personal data listed above as necessary to:

• Services: to provide you with the Halo App and related services, including to contact your designated contacts in case of a detected health emergency, manage your relationship with us, communicate with you about the services, and for similar support purposes;
• Support:  Respond to or fulfill your requests, communicate with you about your use of services, provide troubleshooting and technical support regarding our product and services;
• Analytic and Improvement:  For research and analytical purposes, development, algorithms and statistical purposes in order to evaluate and improve user experience, services, business operations, usability and effectiveness, to better understand how users access and use Opioid Halo™ and the Halo App.  In addition, to develop new services and features for both the Opioid Halo™ product as well as new products, and for internal quality control and training purposes;
• Security:  To protect our services and business operations; ensure the security of our services; prevent and detect fraud, unauthorized activities and access; and other misuse; 
• Protection of Rights:  To exercise our legal rights, including to defend against claims and advance our legal interests where we believe necessary to investigate, prevent, protect against or take action regarding actual or suspected fraudulent, harmful and illegal activity, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our [Terms of Use];
• Compliance and Legal Process:  To comply with applicable laws, to respond to legal process and related to legal proceedings; and
• General Business and Operational Support:  To administer our general business, auditing, compliance, recordkeeping, and legal functions. In addition, if we consider or take steps to enter into a reorganization, restructuring, merger, acquisition or transfer of assets, and other business transaction (“Business Transfer”), we may also use your personal data to consider or give effect to that Business Transfer.

5.  To Whom Do We Disclose Personal Data?

We may disclose the personal data that we collect for the purposes described above to the following:

• third party individuals with whom you choose to share your personal and health information as described in Section 1 above;
• our affiliates and subsidiaries, including their employees as is needed to provide services related to your use of Opioid Halo™ and the Masimo Halo™ App. These may include, IT service providers, help desk, and other persons who provide customer or technical services;
• service providers (also known as “data processors”) that perform services for Masimo. These may include, but is not limited to, analytics providers, marketing and advertising consultants, marketing campaign auditors, and legal counsel;
• We may disclose personal data where we believe doing so is necessary to protect our services, rights and property, or the rights, property and safety of others.  For example, we may disclose personal data in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of, our Terms of Use;
• We may also disclose information, including personal data, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions; and

In the event of a business transfer, whether as part of a bankruptcy or insolvency proceeding or otherwise, we or our affiliates may transfer the personal data we have collected from or about you to the acquiring or surviving entity in accordance with applicable law, and we may also share certain personal data as necessary prior to the completion of such a transfer, such as to lenders, auditors, and third-party advisors.

6.  How Long Do We Retain Personal Data?

In general, we store personal data as long as is necessary to provide you with the functionality of the Halo App and services that you requested unless we are required or permitted by law to retain the personal data for a longer period of time. For example, if we need to keep your information, including personal data, for tax, audit, or other legal compliance for a legally prescribed time period thereafter, or if we need it to preserve evidence within the statutes of limitation, we will retain your personal data for such purposes.

7.  Your Rights

We make available several ways you can manage your privacy choices and submit privacy requests related to your personal data. These include:

• Privacy Settings:  You can add or remove designated third-party contacts to adjust how they receive and view your personal data, by logging into your account and adjusting the privacy settings of your Halo App account.
• Requests to Exercise Your Rights:  Depending on the country or state where you reside, you may have rights under applicable privacy laws.  These rights can include the right to access, review, modify or delete the personal data we hold about you.  Please read Section 11 “Additional Information for Certain Jurisdictions” below. Further, if you are a California resident, please review our California Privacy Notice for specific information about your California privacy rights and how to exercise them.

For additional information on how Masimo processes personal data outside the context of the Halo App, please see our General Privacy Notice.

8.  Contact Us

If you have any privacy-related inquiries or questions regarding this Privacy Notice, please contact our privacy department at [email protected]. To exercise any rights you may have under this Privacy Notice, please submit a request using our online form available here.

9.  Changes to this Privacy Notice

This Privacy Notice is updated as of the Last Updated date set forth above and supplements any other notices that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Privacy Notice from time to time and will make the revised document available here and through the Halo App. 

10.  Additional Information:

For general information about how Masimo processes personal data, please see Masimo’s California Privacy Notice.

11.  ADDITIONAL INFORMATION FOR CERTAIN JURISDICTIONS

In this Section, we supplement this Privacy Notice by providing: (i) additional information related to rights you may have under applicable privacy laws in the jurisdiction you reside; and (ii) applicable disclosures required by the privacy laws of these jurisdictions.

A.   IF YOU RESIDE IN CALIFORNIA

If you are a California resident, please see our California Privacy Notice.

B.  IF YOU ARE IN THE EUROPEAN ECONOMIC AREA (EEA), THE UNITED KINGDOM (UK), AND SWITZERLAND

Data Controller. For purposes of this Privacy Notice, Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria is the controller of your personal data.

DPO Information. Our data protection officer is Dr. Sebastian Kraska and you can contact him at [email protected]  You can also contact our privacy office at [email protected].  Masimo’s UK GDPR representative is Masimo Europe Limited, Matrix House, Basing View, Basingstoke - Hampshire RG21 4DZ.

Legal Bases of Processing.  To the extent we collect health data, the legal basis of processing is your express consent You have the right to withdraw your consent at any time. Such withdrawal does not affect the lawfulness of processing based on your consent before your withdrawal.  However, after such withdrawal, we will no longer be able to provide you with the full scope of the Halo App services. In extenuating circumstances, such as where the processing is necessary to protect the data subject’s vital interests or to establish, exercise and defend legal claims, the legal basis of processing your health data may be another legal basis set forth under applicable law.  Please see Section 3 “What Are the Legal Bases for Processing Your Personal Data” above for the list of legal basis that we currently rely on for the processing of your personal data.

Your Rights:

In the EEA, the UK and Switzerland you have the following additional rights, subject to the conditions and limitations under the GDPR or other applicable local data privacy and protection laws:

• to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data;
• to obtain from us the rectification of inaccurate or incomplete personal data concerning you;
• to ask us to erase your personal data to the extent no exception under the law applies;
• to request restriction of processing of your personal data, such as where you contest the accuracy of that personal data or you object to our use or stated legal basis, in which case, it would be marked and processed by us only for certain purposes;
• to object, on grounds relating to your particular situation, to the processing of your personal data by us where our processing is based on our legitimate interests (other than marketing purposes);
• to object to marketing and ask us to stop processing your personal data to the extent we do so on the basis of our legitimate interests for marketing purposes. If you do so, we will stop such processing for our marketing purposes;
• to request not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you unless it is necessary for entering into or performing a contract between us.  Please note, Masimo does not engage in automated decision-making;
• to receive or transmit your personal data which you have provided to us in a structured, commonly used and machine-readable format to another entity without hindrance from us;
• to withdraw your consent, in the event your personal data is processed on the basis of your consent, at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal; and
• to lodge a complaint with a supervisory authority.

In certain jurisdictions such as France and Portugal, you also have the right to provide Masimo with guidelines as to the processing of your personal data after your death.

You may view a list of supervisory authorities in the European Union and their respective contact information here: https://edpb.europa.eu/about-edpb/board/members_en. You may view the UK supervisory authority's contact information here: https://ico.org.uk/global/contact-us/. You may view the Swiss Federal Data Protection and Information Commissioner's contact information here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Contact Us.  You can exercise your rights by contacting us by email at [email protected] or by submitting an online form available here. Please see Section 8 above for more information.

Cross-Border Data Transfers:

Masimo, its subsidiaries, affiliates and service providers may transfer your personal data to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates, subsidiaries, and service providers have operations) that do not include equivalent levels of data protection as your home jurisdiction. In such cases, we will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms, data transfer agreements and/or other legally acceptable mechanisms, including your express consent, according to applicable local laws.

If you are in the European Economic Area, the United Kingdom, or Switzerland and we process your personal data in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal data, such as by putting in place Standard Contractual Clauses as approved by the European Commission (the form for the standard contractual clauses can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en). To obtain additional details of the mechanism under which your personal data is transferred outside of the EEA or UK, you may request such details by contacting us at the contact details listed above.

C.  IF YOU ARE IN CANADA

If your personal information (as this term is defined under applicable Canadian federal and provincial law) was collected in Canada, it will be handled in accordance with the main body of this Privacy Notice and applicable Canadian federal and substantially similar provincial privacy legislation. Please note the following additional aspects about how we handle your personal data:

Data Transfers Outside Canada/Quebec:

In order to provide you with our services, your personal data may be transferred to our affiliates, subsidiaries, or third-party service providers outside of Canada/Quebec, including to the United States. While located in those jurisdictions, your information will be subject to local law, including potential access by local law enforcement, which may be less protective of your personal information than under Canadian or European data protection law.  As stated above, Masimo will ensure your personal information is transferred in accordance with applicable law and protected as described in this Privacy Notice. 

Consent:

We will collect, use, or disclose your personal information when we have your consent, which may be express or implied depending on the circumstances, or as otherwise required or permitted by applicable law. You have the right to withdraw your consent, subject to legal and contractual restrictions. Should you withdraw your consent, we may not be able to provide all available Services to you.

Your Rights

For rights including those relating to access, correction, and erasure, please see Section 7 “Your Rights” above. You may also contact our Data Privacy Office should you have any questions or concerns about the handling of your personal information by using the methods set forth in Section 8  “Contact Us” above.   We strive to address all such requests in a timely manner.

If you are located in the province of Quebec, we must reply to your request for access or rectification promptly and no later than 30 days after your request is received.  If you are not satisfied with our response or you wish to file a formal complaint, you may always contact the Office of the Privacy Commissioner of Canada at 1-800-282-1376 (toll-free) or via regular mail: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, QC K1A 1H3.  You may also contact the Office of the Privacy Commissioner in the provinces of British Columbia and Alberta or the Commission d’accàs à l’information in the province of Quebec, as applicable.

Additional Information:

For general information about how Masimo processes personal data, please see Masimo’s General Privacy Notice.