Updated January 18, 2022
Our Policy focuses on Personal Information – information about you or Authorizing Individuals that is personally identifiable, such as contact information (e.g., name, address, email address and any other non-public information that is associated with such information (collectively, “Personal Information”)) and health information (“Health Information”). When we use the term “De-Identified Information”, we mean information that is not individually identifiable. Please read this policy carefully to understand what we do.
What Information Do We Collect?
We collect two types of information: (1) information we receive from you about you or a test subject, or for consumers, an Authorizing Individual, and (2) information that we collect through your use of the Cue Health App.
COVID-19 Related Effort:
Information You Provide and Information We Collect:
- Your Account Information. When you create an account, we ask you to enter your email address. When you set up a profile in your account for yourself or others, you must provide us with their names, birthdates, and postal codes. If you are a health care provider, you may also provide us with a medical record number or other patient identifier.
- Your Cue Test Results. When you use the Cue Health App, test results are generated. If you have an account, Cue Test Results may be stored under any profile that you have created under your account. In addition, the Cue Health App generates run time data (Cue Cartridge Reader Serial Number, Cue Cartridge Reader Status Data such as battery level, Cartridge Serial Number, and date and time of the Cue Test).
- Camera, Audio, Images & Video: With your consent, the Cue Health App may access your mobile device’s camera and audio for additional limited purposes and Cue Health App features. You may have the option to use these mobile device features to: 1) scan a QR code located on the Cue Health Monitoring system to match it to your profile in the Cue Health App; 2) scan a barcode, badge, or other code to confirm your identification, if your user account is associated with other services provided by Cue; 3) take and attach a photo to the user profile in the Cue Health App; 4) record and transmit audio and video using the microphone and camera for identity verification when using Supervised Testing and Virtual Care (in limited circumstances) with your consent; and 5) any other purpose as specified and with your consent.
- Bluetooth: The mobile application must access your mobile device’s Bluetooth to connect and communicate with the Cue Health Reader in order to communicate your test results and test status to you in the Cue Health App.
- SSID: The mobile application uses SSID and WiFi to connect to the internet and for additional location capabilities described in this policy.
- Files in media/ shared directories: The mobile application uses the media on your mobile device and shared directories in order to add profile photos and save pdf results at your request.
- Mobile device and technical information. When you use the Cue Health App, we collect technical information such as the type of mobile device you use, your device-operating characteristics, a unique device identifier, location information, and other information about your session on the Cue Health App. We use this information to provide you with the Cue Health App and to improve and enhance our Services. We also use technologies, such crash logs, that provide mobile identifiers and details about your mobile device manufacturer and operating system, to collect technical information about your use of our Services that resulted in a crash or error. We use these tools to improve the quality of our service, including for storing user preferences, tracking user trends, and providing relevant advertising to you.
- Browsing Information. We use technologies such as mobile device identifiers to collect information about your use of our Services. We use these tools to improve the quality of our service, including for storing user preferences, tracking user trends, and providing relevant advertising to you.
- Customer service requests. When you contact us, such as when you contact us through the Services to inquire about our products or obtain support for our products, we collect your name and email address. We use this information that you provide to us to respond to your inquiries and to tell you about new opportunities, products or services. Our customer service is based in the United States, and if you contact us, your data may be transferred to the United States to facilitate communications and to address your inquiry.
- Device and geolocation information. When you use our Website, we may collect information about how you use the Website and the device you use to access it. This includes information like your device IP address, device ID, type of browser/operating system, and information about the pages you viewed. We use this information to ensure our Website can be used on your device, to personalize and tailor your experience on the Website, and to improve the functionality of the Website by understanding general usage traffic and trends.
- Additional Information. When you use the Cue Health App to request information from us, contact customer support, or otherwise communicate with us, you may also provide additional information to us.
Validity and Accuracy. We will take reasonable steps to ensure that any Personal Information we collect from you is accurate, complete and up-to-date, if the Personal Information is likely to be used by us to make a decision that affects you, or is likely to be disclosed to another organization. Nonetheless, you should still ensure that all Personal Information submitted to us is accurate, complete and up-to-date, and you should update your information through your account as soon as possible. Failure on your part to do so may result in our inability to provide you with the Services.
How Do We Use and Share Personal Information or Health Information?
We generally collect, use or disclose Personal Information or Health Information for the following purposes, subject to applicable legal restrictions (collectively, the “Purposes”):
- To provide you with the Services.
- To communicate with you, provide you updates, respond to your requests, and provide customer support.
- To improve and enhance our Services, including developing new products, features, and functionality.
- To create De-Identified Data.
- For security purposes to protect our Cue Health App and Services.
- For any other purposes which we provide you with notice of at the time of obtaining your consent.
We may also disclose Personal Information and Health Information in limited circumstances, where necessary for the above Purposes (subject to applicable legal restrictions) as follows:
- To subcontractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information and Health Information confidential and use it only for the purposes for which we disclose it to them.
- To your health care provider, health care professional, health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team if your use of the Services is made available and paid for by such group.
- As required by applicable laws, which can include providing information as required by statute, regulation, subpoena, court order, legal process, or government request.
- To report, either directly or indirectly, to any relevant government agencies, entities and/or organizations, including but not limited to the Health Sciences Authority, adverse events related to medical device problems.
- To report to any relevant government agencies, entities and/or organizations, including but not limited to the Ministry of Health, as may be required for public health surveillance and other related purposes.
- For a merger, sale, or other asset transfers in connection with a corporate transaction, in which we are acquired by or merge with another company.
- To any other third party which we notify you of at the time of obtaining your consent.
- As otherwise authorized by law.
Protection of Health Information. We will protect Health Information in compliance with the PDPA, as well as the following and other applicable laws. Cue will act as Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”) for Services provided to Covered Entities where applicable. In addition, as a “health care provider” under the California Confidentiality of Medical Information Act (“CMIA”), Cue will also limit disclosures of your Health Information as described above.
De-Identified Information. We may use and share De-Identified Information created by us without restriction, including to create aggregate data for research, product development or enhancement, or statistical analysis.
Other Uses with Your Consent. In addition to the sharing described elsewhere in this Policy, we will share Personal Information with companies, organizations, or individuals outside of Cue only when we have authorization to do so. If you choose, you may also email your Cue Test Results to your health care providers or other persons or entities. You may also authorize Cue to send your Test Results to your employer or others each time you take a test. For clarification, to the extent your health care provider, health care professional, health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team sponsors your use of the Services (i.e., the Services are paid for or made available by your health care provider, health plan, employer, etc.), by using the Services, you have authorized Cue to send your Test Results to such group.
Children And Minors. The Cue Health App is intended for adults who are at least age 18 or such older age as may be required by applicable laws. We do not knowingly collect or solicit any information from anyone under the age of 18 though our Services. If you are a parent or legal guardian of a minor, you may include information about that person in your account. In the event that we learn that we have inadvertently collected personal information from a child under the age of 18 (or such older age of majority) without the consent of their parent or legal guardian, we will use reasonable efforts to quickly delete that information.
How Do You Access and Update Your Personal Information?
You can access and update certain information we have relating to your account (email, profile information, and preferences) by signing into your account and going to the “My Account” section of our Cue Health App.
How Do You Withdraw Your Consent?
You may withdraw the consent that you provide for the collection, use and disclosure of your Personal Information by giving reasonable notice of your withdrawal through contacting our Data Protection Officers directly at email@example.com at any time. In doing so, you understand, acknowledge and agree that we use your Personal Information to ensure that we may properly provide you with the Services, as well as to facilitate, maintain, operate, and otherwise enable the proper functioning of the Cue Health App, and that while you have the right to withdraw your consent, doing so may result in our inability to provide you with the Services and/or facilitate the operation of the Cue Health App.
How Is Your Information Protected?
We use industry standard physical, technical and administrative security measures and safeguards in compliance with HIPAA to protect the confidentiality and security of Personal Information and Health Information, as well as to prevent any unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks regarding any Personal Information and Health Information, including preventing the loss of any storage medium or device on which the information is stored.
However, even with these safeguards, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information.
In the event you become aware of or reasonably suspect any security violations or breaches, including without limitation any loss, theft or unauthorized disclosure of your login information, you should immediately notify us by contacting us at firstname.lastname@example.org or by calling us at 833.CUE.TEST (833-283-8378), as well as change your login information.
To the fullest extent allowed by law, we disclaim any responsibility or liability for any claim, damages or loss resulting from any security breach, whether by unauthorized and/or fraudulent use of your login information or otherwise. We stress that you are personally responsible for keeping your login information safe, secure and confidential.
What Happens If There Is a Data Breach?
In the event of a data breach, our Data Protection Officers shall be notified. Where we have reason to believe that a data breach affecting Personal Information in our possession and/or under our control has occurred, we shall conduct, in a reasonable and expeditious manner, an assessment of whether the data breach is notifiable within thirty (30) calendar days. A data breach will be deemed to be notifiable if we assess that it results, or is likely to result, in significant harm to an affected individual, or is likely to be of a significant scale.
If the data breach is deemed to be notifiable, we shall take reasonable measures to contain and assess the data breach. Furthermore, our Data Protection Officers shall contact the Personal Data Protection Commission of Singapore (“PDPC”) within three (3) calendar days and notify each and every affected individual in any reasonable manner in the circumstances.
Where Will Your Information Be Maintained?
In using and accessing the Services, as well as the Cue Health App, you understand, acknowledge and consent to the transfer of your personal data out of Singapore, where it is necessary in order to provide said Services to you. In doing so, you also understand, acknowledge and consent to the transfer to and processing of Personal Information on servers located in the United States
Nonetheless, in transferring any of your Personal Information outside of Singapore, we will take appropriate measures to check, ensure and verify that the recipients thereof are bound by legally enforceable obligations, such that your Personal Information will continue to receive a standard of protection that is at least comparable to that provided under the PDPA. Such legally enforceable obligations include applicable laws, contracts, binding corporate rules, or any other legally binding instrument.
How Long Will Your Information Be Retained?
We will retain your Personal Information and/or Health Information only for the duration necessary for us to provide you with the Services and Cue Health App, and/or for such period of time that may be required for legal, regulatory and/or other business purposes.
Once it is reasonable to assume that the purpose for which your Personal Information and/or Health Information was collected is no longer being served by retention, and that retention is no longer necessary for legal or business purposes, we will cease to retain its documents containing your Personal Information and/or Health Information, or remove the means by which the Personal Information and/or Health Information can be associated with you, through disposal or by converting it to De-Identified Information in a secure manner.
How Will You Know If This Policy Changes?
How Can I Contact You If I Have Questions?
Cue Health Inc.
4980 Carroll Canyon Rd, #100
San Diego, CA 92121
Attn: Legal Department
Cue and Cue Health are registered trademarks of Cue Health, Inc.