EXO

Exo Works Privacy Policy

EFFECTIVE April 1, 2021
To obtain a prior version of our privacy policy, if any, please contact us at privacy@exo.Inc.

Exo Imaging, Inc. (“Exo”) values your privacy and are committed to protecting your information in compliance with all applicable privacy and data protection laws globally, including without limitation the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy describes the personal information protected under applicable privacy and data protection law, which we collect or process about you or that could identify you when you use our products, services or websites, and how and why we collect or process it.

This Privacy Policy discloses the policies of Exo Imaging, Inc. (“Exo”, “we”, “us” or “our”) regarding the collection, use, and disclosure of information you submit to us through Exo ultrasound imaging device(s) (“Product”), Exo mobile application(s) (“App” or “Application”) and/or online service(s) (“Exo Works Subscription Services”) (collectively, the App and Exo Works Subscription Services are referred to herein as “Services”). By accessing or using Exo Products or Services, you agree to Exo’s Privacy Policy.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE PRODUCT OR SERVICES.

The Information Exo Collects

Whether and how we collect and store information depends on your relationship with us (e.g., whether you use the Product and/or Services). Several categories of information are collected from you, as described below.

1. Information That You Provide

a. Information About You

We may collect information about you during your use of the Product and/or Services, including your name, organization, medical specialty, username, password, email address, postal address, phone number, mobile phone number, payment information, device model and serial number, and other information you enter, provide us or allow us to access when you do certain things (collectively, “User Information”), such as when you:

  • Acquire a Product (e.g., purchase, rent, or try a Product);
  • Provide registration information and/or create an account;
  • Provide us with feedback or reviews;
  • Request certain features or information from us (e.g., updates and other products);
  • Download or use the App;
  • Contact customer support;
  • Use our Product;
  • Connect with the Services or otherwise allow us to access certain information about you via a social networking service; or
  • Post user-generated content.

b. Patient Information

When you use the Product or our App, you can enter or submit patient health information of patients you are examining (“Patient Information”). Securing and preserving the confidentiality of Patient Information you entrust to us is a top priority for Exo. Patient Information is stored securely when it is in the App or uploaded to our Exo Works Subscription Services. We will not collect, use or disclose any Patient Information other than as permitted by you pursuant to terms specified in the separate Product or Services terms and conditions you agreed to when acquiring the Product or subscribing to the Services, this Privacy Policy, as required by law, or in accordance with additional applicable written agreements (e.g., for U.S. users, a Business Associate Agreement (BAA) as specified in the Health Insurance Portability and Accountability Act (HIPAA) or for E.U. users, a similar agreement constituting a Data Protection Addendum) that govern our use and disclosure of Patient Information. In the event of any inconsistency between the terms of any applicable written agreement such as the BAA and those in this Privacy Policy, the terms of the written agreement will prevail.

c. Examination Information

Examination information, such as ultrasound images, measurements, findings, annotations, statistics, examinations, calculations, impressions, indications (“Examination Information”), may be generated during your use of Exo Products or Services. Initially, Examination Information is stored in the App, but may be exported or securely uploaded to the Exo Works Subscription Services at your discretion.

2. Automatically-Collected Information

When you use the Product or Services, there is some information that we collect automatically, as discussed in this section.

a. Device information

We may collect information about your computer, phone, tablet or other device you use to access the Services, such as your computer or mobile device model, IP address, other unique device identifiers, operating system version, system configuration, browser type, language, and settings, and device type and settings.

b. Usage information

We may collect information about the Services you use, the time, date, and duration of your use of the Services, your interaction with content offered through the Services, site engagement, and software crash reports. We also collect information stored using cookies, mobile ad identifiers, and similar technologies set on your device. Our servers may automatically keep an activity log of your use of the Services. We may collect such usage information at the individual or aggregate level.

c. Location information

We may collect and store your device’s source IP address, which may disclose the general location of your device at the time you access the Services and precise location derived from GPS-enabled services.

d. Cookies and Other Electronic Technologies

We may use “cookies” and similar technologies, such as web beacons, to help us recognize you across different Services, improve your user experience, optimize our Services, increase security, analyze use and effectiveness of our Services, and serve and measure online marketing. Cookies are alphanumeric identifiers that are placed on your computing devices. Third-parties may also place cookies and similar technologies on the Services. You can control cookies through your browser settings and other tools. By accessing and using the Services, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this Privacy Policy.

3. Anonymous or De-Identified Data.

We may store Examination Information in a de-identified manner that separates it from any associated Patient Information. We may also process other information collected by our Services or by other means so that the information does not identify any particular individual. Our use and disclosure of aggregated and/or de-identified information (including de-identified Examination Information) is not subject to any restrictions under this Privacy Policy, and we may analyze, assess, or disclose it to others (individually or in aggregate) without limitation for any purpose. For example, we may perform image analysis on collections of de-identified ultrasound images stored through Exo Works Subscription Services.

How We Use the Information We Collect.

We use the information that we collect in order to:

  • Provide you with the Product and Services you have purchased or requested and send you information about your relationship or transactions with us;
  • Notify you about new features of the Product or Services;
  • Generate and review reports and data about our user base and Product and/or Services usage patterns;
  • Analyze the accuracy, effectiveness, usability, or popularity of the Products and/or Services (for example, we may monitor and analyze traffic and usage of our App);
  • Provide you with support and improve the content and features of the Product or Services, or develop new products or services;
  • Personalize the content and marketing that you see on the Services;
  • Help prevent fraud and enforce the legal terms that govern your use of the Product and Services; and
  • Administer and troubleshoot the Product and/or Services.

Legal bases for processing (for residents of the European Union):

If you are a resident of the European Union (EU), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you the Product and Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Product and Services;
  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Product and Services and to protect our legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data to comply with a legal obligation.
  • If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer or institution) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Product or Services.

Information sharing and disclosure

We do not rent, sell, or share any collected information with third-parties except as described in this Privacy Policy. We may share your information for the following purposes:

1. Third-Party Service Providers

We may share the collected information with our service providers who use the collected information on our behalf to assist in business activities such as delivering certain features or services, order fulfillment, payment processing, marketing, and other similar services. Certain service providers, such as shipping companies, may have access to personal information needed to perform their functions but they are only provided the limited amount of information required to perform their service. When engaging these parties, we require them to safeguard personal information using strict security and privacy protections, in accordance with the law.

2. Legal Reasons

We may disclose collected information to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, or to enforce our terms of use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others. We reserve the right to release information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.

3. Prevent Illegal Activities

We may disclose your information when we believe it appropriate in order to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the terms and conditions for the Product or Services you accessed, to establish or exercise our legal rights, and/or to defend against legal claims protect our rights and property.

4. Merger or Acquisition

As we continue to develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, the collected information may be among the transferred assets.

5. App Vendor

We may provide your identity and mobile device identifier to third-party app store providers (e.g., Apple iTunes Store) to allow you to download our App.

Online Analytics

We may use third-party web analytics services on our Services, such as those of Google Analytics. These service providers use the sort of technology described in the Automatically-Collected Information section above to help us analyze how users use the Services. The information collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services.

Information Access and Retention

1. Information Access

If you are a resident of the European Union, you may have additional rights to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. These rights are explained in the remainder of this section. If you are unable to exercise your rights using the information below, please contact us using the contact information in the “How to Contact Us” section.

While some of these rights apply generally, certain rights apply only in certain limited circumstances. You can exercise some of the choices by logging into the Services (for registered users) and using settings available within the Services or your account. Where the Services are administered by an institution administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if you ask to delete information which we or your institution administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

a. Access and update your information

For registered users, our Services give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and update certain information within your profile.

b. Deactivate your account

If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you or your administrator are unable to deactivate your account, please contact us using the information below. Please be aware that deactivating your account may not delete content (e.g., Exam media, comments) you entered previously.

c. Delete your information

Our Services give you the ability to delete certain information about you from within the Services. For example, you can remove certain profile information within your profile settings. However, we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

d. Notice to End Users

Our Products and Services are intended for use by institutions or by qualified healthcare providers. For registered users where the Services are made available to you through an institution, that institution is the administrator of the Services and is responsible for the accounts and/or Services over which it has control. If this is the case, please direct your data privacy questions to your institution administrator, as your use of the Services is subject to that institution's policies. We are not responsible for the privacy or security practices of an administrator's institution, which may be different than this policy.

2. Retention of Information

For registered users, we will retain your personal information for as long as your account is active or as needed to provide you with the Services or any information you have requested. If you wish to cancel your account or request that we no longer use your information, contact us using the information below. However, if you cancel your account, you will no longer be able to use the Product or certain Services. After you cancel your account, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

How We Protect Information

We will use commercially reasonable means to minimize the risk of unauthorized disclosures. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Although we take appropriate measures to safeguard against unauthorized disclosures of information, we cannot assure you that information that you provide will never be disclosed in a manner that is inconsistent with this Privacy Policy.

No data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect information that you provide, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.

Where Information is Transferred and Stored

Patient Information, Examination Information, and other data uploaded to Exo Works Subscription Services are stored in data centers located in the United States.

Your use of the Product and/or Services may involve the transfer, storage and processing of collected information to and in the United States. Information stored in each location may be subject to the law and regulatory authorities of the United States, and such laws and regulations may not have equivalent privacy and data protection laws to the jurisdiction in which you reside. Where such consent is legally valid, by using the Product and/or Services, you consent to your information being transferred to our facilities in the United States and to the facilities of those third-party service providers with whom we share it, as described herein.

Children

We are committed to protecting the privacy of children. Our Product and Services are intended for individuals who are trained and certified to use the Product, and not geared towards children. In order to protect the privacy of children, children under 13 years of age are not permitted to provide any personal information to us and any users of our Product and Services are to ensure that any information of a minor (including any Patient Information and/or Examination Information) is only be provided to us with parental consent. Please email us at the contact information noted below if you believe we may have collected information from your child without proper consent and we will work to delete it.

How to Contact Us

If you have any questions, comments, or concerns regarding our Privacy Policy or practices, please send an email to privacy@exo.inc to the attention of our Privacy Officer, and we will attempt to resolve them quickly.

Changes to this Policy

We reserve the right to change this Privacy Policy at any time. In the event we make changes to this Privacy Policy, we will post the updated Privacy Policy here and notify you by email or by means of a notice on our website prior to the changes becoming effective. All changes are effective on the date listed at the top of this page and will apply to all information that we have about or from you. Your continued use of the Products or Services that we provide after any change is posted indicates your acceptance of the changes and your continued consent to our processing of the information that you provide. If at any point you do not agree to any portion of the Privacy Policy, then in effect you should immediately stop using the Products and Services.