Kesem Solutions Pty Ltd, also doing business as Kesem Solutions Corporation (“us”, “we” or the “Company”), respects your privacy and is committed to protecting the privacy of our users (“user” or “you”).
This Privacy Policy outlines our practices with respect to collecting, using, and sharing your information through the use of our website (“Site”), mobile applications (“App”), and other services made available by us (collectively, the “Services”). Our Services are designed to give our users a complete solution for personal management.
HIPAA Privacy Notice: We are committed to protecting the privacy of our users’ personal health information. Part of that commitment is complying with the privacy and security rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which requires us to take additional measures to maintain the privacy and security of our users’ protected health information (“PHI”) and to inform our users about those measures. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your PHI. This Privacy Policy describes how we may use and share your PHI, which is collected by our Site, App, and all of our Services, and how our users can get access to this information. We must follow the duties and privacy practices described in this Privacy Policy and give you a copy of it. We will not use or share your PHI other than as described in this Privacy Policy, as amended and in effect from time to time, unless you authorise us to do so in writing. For more information, see HIPPA Notice of Privacy Practices.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
GDPR Privacy Notice: As part of our commitment to protect the confidentiality, data privacy, and security of our users, we have drafted this Privacy Policy to comply with the requirements of the EU General Data Protection Regulation (“GDPR”), including providing the contact information of our Data Protection Officer and an explanation of our users’ rights regarding their personal information. However, depending on your region of residency, different regulations may apply, and we are committed to protecting your privacy in accordance with such applicable regulations.
The Privacy Policy is a part of our Terms of Use and is incorporated therein by reference.
We encourage you to read the Privacy Policy carefully and use it to make informed decisions. By using our Services, you agree to the terms of this Privacy Policy, and your continued use of the Services constitutes your ongoing agreement to this Privacy Policy.
In this Privacy Policy you will read about:
We collect two types of data and information from our users.
The first type of information is un-identified and non-identifiable information pertaining to a user(s), which may be made available or gathered via the user’s use of the Services (“Non-personal Information”). We are not aware of the identity of the user from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, and the domain name of the website from which you linked to the Services, etc.), in order to enhance the functionality of our Services.
The second type of information is individually identifiable information, namely information that identifies an individual or may, with reasonable effort, identify an individual (“Personal Information”). This includes:
Registration information: In order to use our Services, you will be required to register. As part of the registration process, we may collect your full name, gender, e-mail address, and birth date. If you register using your social network account (e.g., Facebook), we may access basic information from that account, such as your name, email address, photo, and any other publicly available information or information you agreed to share with us. We will always follow the terms, conditions, and restrictions of such social networks.
Financial information: To make purchases through our Site and carry out transactions, you may need to share relevant payment information, including your PayPal account, credit card number, etc.
Voluntary information: We also collect information that you provide voluntarily. For instance, when you respond to communications, contact our support, communicate with us via email or Services, or share additional information about yourself or others through your use of the Services.
Device Information: We may collect Personal Information from your device (e.g., geolocation data, IP address) and information on your activity within the Services (e.g., pages viewed, online browsing, clicks, actions, etc.).
Third parties’ SDKs: Within our App, we may use Software Development Kits (SDK) provided by third parties. If you grant us explicit consent, we may gather additional Personal Information about your activities, location, and behavior (e.g., Wi-Fi, Bluetooth, accelerometer, gyroscope, GPS, etc.). For additional information about SDKs, we advise you to visit the respective third parties’ websites.
By providing sensitive Personal Information to us (including health information), you explicitly consent to the collection, use, and sharing of your sensitive Personal Information in accordance with this Privacy Policy.
If we combine Personal Information with Non-personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
We may anonymise, aggregate, or de-identify the information collected by the Services or via other means so that the information cannot, on its own, personally identify you. Our use and sharing of such aggregated or de-identified information is not subject to any restrictions under this Privacy Policy, and we may share it with others without limitation and for any purpose. Generally, however, we and third parties may share aggregated or de-identified information with third parties (whether by sale or free of charge) for research and statistical analysis.
You may refuse to disclose certain information, but please bear in mind this may result in preventing you from using the Site and Services to some extent, and in some cases, may result in your inability to use the Site and Services.
A cookie is a small data file that is sent to your device when you first visit a website. Cookies usually include an identification number that is unique to the device you are using. Such identifiers can help us better understand our users and how they are using the Site and the Services. Cookies also enable recognition of a user when they re-visit the Site, keeping their settings and preferences and offering customized features.
The Services may implement the following types of cookies:
You may remove cookies by following the instructions in your device’s preferences; however, disabling cookies may cause some features of our Services to not function properly, limiting your online experience.
We may from time to time contract with third parties for analyzing users’ data, optimizing the Services and communications, etc. For this purpose, we may use web beacons, pixels, etc., provided by such third parties. The information collected will also help us improve the Services for the benefit of our users.
We use and share Personal Information in the manners described in this Privacy Policy. In addition to the purposes listed above, the Personal Information we collect is used for the following purposes:
If you are a registered user on our Services and have supplied your email address or phone number, we may occasionally send you an email or contact you via your phone number, including by SMS, telephone call, or push notifications to provide you with the Service (for example, sending you a verification code to confirm user login, tracking info on shipping a package, or a link to download the App). You hereby consent and authorise us to contact you in accordance with the above.
Notwithstanding any of the above, with respect to sensitive Personal Information, we might use or share it for research and improvement purposes. This includes providing our Services, allowing you to obtain relevant information about your health, and providing tools to manage it, personalising our recommendations for better management of your conditions, nutrition, medicines, etc. (including through our community learning tools), or sending you reminders based on your location and activity (including through SDKs). We may also use or share your sensitive Personal Information to run our organisation, including setting up your account, identifying and authenticating your access to certain features of the Services, communicating with you to keep you informed of our latest updates and features, and performing research or conducting analytics to improve and customise our Services. We can also use and share your sensitive Personal Information to bill for your services.
We do not rent, sell, or share your Personal Information with third parties except as described in this Privacy Policy.
We may transfer or share Personal Information to our subsidiaries, affiliated companies, subcontractors, SDKs, or other trusted third parties and/or service providers or partners who are located in different jurisdictions across the world for the purpose of:
In addition, under your specific acknowledgment and consent, we may share your Personal Information with third-party service providers in the healthcare ecosystem, such as hospitals, physicians, insurance companies, coaching services providers, and others to allow them to obtain a holistic view of your needs and interests. Please note that under such consent, we may disclose all relevant Personal Information that you share with us on an ongoing basis through the Services.
Please note: When we share information with third parties, such information is either anonymised or encrypted (as required by applicable laws) to effectively protect personal and/or health-related information of users. To the extent sensitive Personal Information is shared with third parties, the third parties must first agree to be bound by privacy and security protections.
We may also share Personal Information or any information you submitted via the Services if we have a good faith belief that sharing such information is helpful or reasonably necessary to:
With respect to sensitive Personal Information, you have both the right and choice to tell us to share information with your family, close friends, or others involved in your care and to share information in a disaster relief situation. If you are unable to tell us your preference (for example, if you are unconscious), we may share your sensitive Personal Information if we believe it is in your best interest. We may also share your sensitive Personal Information when needed to lessen a serious and imminent threat to health or safety. We will never share your sensitive Personal Information for marketing purposes or sell it, unless you give us written permission.
We are allowed or required to share your sensitive Personal Information in other ways that contribute to the public good (such as public health and research), provided we meet many conditions under applicable laws before doing so. These disclosures include those that help with public health and safety issues (such as preventing disease, helping with recalls, reporting adverse reactions, suspected abuse, neglect or domestic violence, or preventing or reducing a serious threat to anyone’s health or safety). We can also share your sensitive Personal Information for health research or if state or federal laws require it, to respond to court or administrative orders or to address workers’ compensation, law enforcement, and other government requests.
Information Shared Through HealthKit
You may instruct us to share information (including Personal Information and Protected Health Information (PHI)) with systems such as Apple Inc.’s HealthKit and to access and collect information from those systems to improve the Services we provide to you. If you grant our App access to HealthKit, our App can add information such as bladder activity measures and drinking events, among other data, to HealthKit. Kesem is not responsible for the protection of data stored within the Apple HealthKit database. It is strongly recommended that you review Apple’s applicable policies and procedures before syncing and back up your Apple HealthKit data (e.g., Apple’s privacy policy can be found here). You can remove this access at any time either from our App or from the Apple Health app.
We do not use or share with third parties any information gained through the use of HealthKit for advertising or similar services, other than for purposes of improving health or for health or medical research. With respect to PHI, we will only share such information to the extent permitted under HIPAA.
We do not share any of your information with third parties without your express permission (other than in anonymised and/or aggregated format). When sharing information gained through HealthKit, it will only be for the purpose of enabling third parties to provide health services or for medical research, and with respect to PHI, only to the extent permitted under HIPAA.
Third Party Collection of Information
Our policy addresses only the use and sharing of information we collect from you. If you share your information with other parties via our Services (e.g., by clicking on a link to another website or location) or other sites on the internet, different rules may apply to their use or sharing of the information you disclose to them. You agree that we shall have no liability with respect to such third-party sites and services and your usage of them.
HIPAA:
We respect your privacy rights and strive to comply with HIPAA. For example, you have the right under HIPAA to inspect or obtain copies of your PHI contained in a designated record set. Generally, a “designated record set” contains medical records we may have about you. You may contact us at any time and request the following:
For EEA Users:
If you are a resident of the European Union, Switzerland, Liechtenstein, Norway, or Iceland, you have the right to:
Complaints:
If you wish to exercise any of the aforementioned rights or raise a complaint regarding how we have handled your Personal Information or PHI, please contact us directly at hey@kesemsolutions.com
If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws, you can complain to the applicable data protection authority. Additionally, if you believe your privacy rights with respect to PHI have been violated or if you are dissatisfied with our privacy practices or procedures regarding your PHI, you may file a complaint with the U.S. Department of Health and Human Services by sending a letter to U.S. Department of Health and Human Services Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting HIPPA Complaints. We will not retaliate against you for filing a complaint.
We will retain your Personal Information for the duration required to provide our Services and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined based on the type of information collected and the purpose for which it is collected, considering applicable requirements and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications, and anything else as required by applicable laws and regulations.
We may rectify, replenish, or remove incomplete or inaccurate information at any time and at our own discretion.
We take great care in implementing and maintaining the security of our Services and your information in compliance with all applicable laws, including HIPAA requirements. We employ industry-standard procedures and policies to ensure the safety of your information and prevent unauthorised use. While we take reasonable steps to safeguard your data, we cannot be responsible for the acts of individuals who gain unauthorised access or abuse our Services. We make no warranty, express or implied, that we can prevent such access.
To further protect your information, the Company employs a Data Protection Officer (DPO). The DPO has the authority to insist on the allocation of company resources for information protection matters and possesses in-depth knowledge of information protection regulations and privacy laws. The DPO’s responsibilities include providing privacy and security compliance advice, notifying users and relevant authorities of any data breach incidents as required by law, and conducting awareness and training programs. The DPO also serves as our HIPAA privacy official.
As we operate globally, it may be necessary to transfer your Personal Information to countries outside the European Union. Data protection and other laws in these countries may not offer the same level of protection as those in the European Union. In such cases, we will take steps to ensure that your Personal Information receives a similar level of protection. By using our Services, you consent to the transfer of your Personal Information to countries outside the European Union.
If you believe your privacy has been compromised or if there has been an attempt to misuse our Services, please contact us directly at hey@kesemsolutions.com
Affiliates and Corporate Transactions
We may share your information, including Personal Information and PHI, with our subsidiaries, joint ventures, or other companies under our common control (collectively, “Affiliated Companies”). We may also share your information in the event of a corporate transaction, such as the sale of a substantial part of our business, a merger, consolidation, or asset sale. In such cases, our Affiliated Companies or the acquiring company will assume the rights and obligations described in this Privacy Policy and, with respect to PHI, under HIPAA.
Minors
Our Services are not intended for use by children under 16 years of age. If you believe that a child under 16 has provided Personal Information to us without the consent of their parent or legal guardian, please contact us immediately, and we will take steps to delete that information from our records.
Users under 18 years of age should not submit or post information to our Services without the consent of their parent or legal guardian. We encourage parents and guardians to monitor their children’s internet usage and to help enforce our Privacy Policy by instructing their children to avoid providing Personal Information and PHI on any of our Services without their permission.
We may use your Personal Information, such as your email address and mobile phone number, to provide you with promotional material that may interest you. If we or our third-party subcontractors wish to use PHI for marketing purposes, we will seek your written authorisation. By using our Services, you consent to being contacted in accordance with this policy.
You may request to unsubscribe from marketing communications at any time by contacting us by email or using the unsubscribe link provided in any marketing communication. Even if you unsubscribe from marketing emails, we may still send you Service-related updates and notifications.
California “Do Not Track” Disclosure
If you are using our Services in California, we inform you that we do not respond to Do Not Track requests or signals at this time, in accordance with the California Online Privacy Protection Act (“CalOPPA”) Amendment of 2013.
Updates or Amendments to the Privacy Policy
We may revise this Privacy Policy from time to time at our discretion. The most current version will always be posted on our Site (as reflected in the “Last Revised” heading). Changes will apply to all information we have about you and will be available upon request on our Site. We encourage you to review this Privacy Policy regularly for any changes. In the event of material changes, we may notify you through our Services or by email. If you object to any modifications, you must cease using our Site and Services and request that we delete your account. Your continued use of the Services after notification of amendments constitutes your acknowledgment and consent to the changes in the Privacy Policy and your agreement to be bound by the terms of such amendments.
If you have any general questions about our Services or the information we collect about you and how we use it, please contact us: hey@kesemsolutions.com
Kesem Solutions Pty Ltd Quality Policy Statement:
Achieve customer satisfaction for Kesem Solutions’ products, via establishment, implementation, and maintenance of an effective and efficient quality management system that consistently complies with the applicable requirements.