PRIVACY NOTICE Effective Date February 14, 2025

UNITED STATES USERS

1. OVERVIEW

EnsoData (“we“, “our“, or “us“) is committed to protecting the privacy of personal information. This Privacy Notice (this “Notice“) applies to your use of our website available at www.ensodata.com, any sub-pages, and any related services or applications maintained or accessible through our website or any of our Application(s) (collectively, this “Website“), and any personal information EnsoData collects from or about you. This Notice also describes how we collect and use information through this Website. By using this Website, you agree to the terms of this Notice, and consent to the collection and use of personal information about you as described in this Notice. If you do not consent to the contents of this Notice, you may not use this Website. This Website is not designed or intended for use by minors, and we do not knowingly collect personal information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at connect@ensodata.com, so we can promptly delete that information.

For the purposes of this Notice, personal information (“personal information”) shall mean information that can identify an individual directly or indirectly through reasonably available information but does not include information that is used solely for the purpose of communicating or facilitating communication with an individual in relation to their employment, business, or profession.

2. CHANGES TO THIS NOTICE

We reserve the right to modify this Notice at any time. The effective date of the current version of this Notice will be posted at the top of this page. It is your responsibility to review this Notice periodically. If we modify this Notice, we will post the modified version to this Website. By continuing to access or use this Website, you indicate that you agree to be bound by the modified Notice.

3. INFORMATION WE COLLECT AND METHODS OF COLLECTION

By using this Website, you agree that you are providing any information that we collect voluntarily and with your consent. Information that we collect about you may include your name, contact details, or information about the device that you use to access this Website. If you navigated to this Website through a link provided through third-party social media (such as Facebook or LinkedIn), that social media provider may provide us with additional information related to your account with that provider. The information that we obtain from any social media provider is governed by that provider’s terms of use and privacy policy. Information about the device or browser that you use to access this Website may be collected automatically. Some of this information may be collected or stored in the form of “Cookies.” Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on this Website, pages visited, language preferences, and other anonymous traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using this Website. We also use cookies to gather statistical information about use of this Website in order to continually improve their design and functionality, to understand how they are used, and to assist us with resolving questions regarding them. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers or devices that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your device of a particular cookie (or cookies) from a particular site. If, however, you do not accept these cookies, you may experience some inconvenience in your use of this Website.

The full list of information we collect from you as of the date of this Privacy Policy is:

  • Identifiers such as
    • First Name
    • Last Name 
    • Address
    • Internet Protocol address
    • Date of Birth
    • Phone Number
    • Email address
    • Sex
  • Biometric information (e.g., height, weight, BMI, or other data that contain identifying information)
  • Internet or other electronic network activity information (e.g., interaction with our Website, computer and connection information such as browser type and version, operating system, and platform, the full Uniform Resource Locator (URL) clickstream to, though, and from the Website, including date and time, cookie identifier and related cookie information, etc.)
  • Geolocation data captured via mobile app including latitude, longitude, time zone, and address information.
  • Audio, electronic, visual, or similar information (e.g., mobile app recordings) 
  • 3rd party device information used in recording a sleep study including device model and serial number
  • Other types of personal information provided as part of user inquiries (e.g., personal information provided in a support/help request) or job applications

4. USE OF INFORMATION

We use and/or disclose the personal information we collect for our operational purposes and for one or more of the following business purposes (note the term ‘customers’ refers to users of our software that provide Sleep medicine service):

  • To develop, provide and improve products and services to our customers 
  • To respond to potential customers’ requests
  • To provide customer service
  • To provide information to patients  medical providers
  • To improve and personalize customer access to and customer experience on our Website and mobile applications, for example, by telling and surveying customer about new features, products, or services that may be of interest to them
  • To contact potential customers, through phone calls, emails, SMS (Short Message Service), or messaging apps, with information that might be of interest to them, including information about products and services of ours and of others
  • For advertising and marketing
  • For analytical purposes and to research, develop, and improve programs, products, services, and content
  • For U.S. healthcare providers, to link name, and/or IP address to web pages they visit, for compliance, marketing, and sales activities
  • To conduct audits and perform troubleshooting activities of our Website, products, and services
    • To detect and protect against security incidents and deceptive, malicious, fraudulent, criminal, or other unlawful activity
    • For verifying customer information
    • To ensure the Website, products, and apps, and other services function as intended, including debugging, and repairing
    • To enhance EnsoData products and services
    • For activities to monitor and maintain the quality or safety of our products and services
    • For the group’s organizational and administrative purposes
  • To protect someone’s health, safety, or welfare
  • To combine with other information and to create data that does not have any personal identifiers, such as names, e-mail addresses, or social security numbers, that identify unique individuals. Once we have de-identified information, it is non-personal information, and we may treat it like other non-personal information.
  • For human resources purposes, employment application and hiring, and employee-related activities. When you submit an inquiry about a job through our Website, we may use the information you provide to match your experience and preferences with the job openings we have, and someone from EnsoData may contact you about a possible employment opportunity. Please note that by submitting your information regarding employment opportunities with us, you authorize us to transmit and store your information in our recruitment database.
  • For training purposes
  • To comply with laws, regulations, court orders or other legal processes or to protect our rights or property, including without limitation to enforce this privacy policy and other terms and conditions regarding your use of the Website. We may use and disclose personal information in special instances when we have reason to believe disclosing this information is necessary to investigate, identify, contact, or bring legal action against someone who may be causing injury to or interfering with our rights or property, other Website visitors, or anyone else. We may disclose visitor information when subpoenaed, if ordered or otherwise required by a court of law, arbitrator, or other similar proceeding or the rules governing such a proceeding, for government investigations, with government agencies if required by law, and when Inspire otherwise believes in good faith that any applicable law requires it.
  • In connection with an actual or potential sale, merger, acquisition, assignment, or other transfer of the business of EnsoData, or as part of a reorganization, bankruptcy, or change in ownership or control, in which case we will require any such recipient to use personal information in accordance with this privacy policy.
  • We also may disclose personal information to any other person with your explicit consent.

The automatically collected information described above may also be used to personalize your experience with this Website, to facilitate certain functions of this Website, and to track user trends and preferences. We may also use information that we collect to create aggregated, anonymous data based on user-specific information, such as information about how you use or interact with the Website. When we collect anonymous data or de-identify data, we will do so in a manner that ensures it no longer can be identified to you and will therefore not be considered personal information.  This aggregated, anonymous data will be de-identified in such a way to leave no reasonable basis for identifying you or any other individual. We may use this aggregated, anonymous data for any lawful purpose, such as identifying performance trends, or developing new methods of monetizing this Website. We may also use information to comply with our legal obligations. We reserve the right to retain data and content for archival, troubleshooting, or other purposes. Please note that some user information, including information used as part of analysis of this Website, may be preserved. We retain aggregated, anonymous data indefinitely.

5. DISCLOSURE OF INFORMATION

We may disclose information that we collect through this Website for the following purposes: Service Providers: Information collected through this Website will be shared with third party service providers (including, but not limited to, cloud storage and data processing providers, cybersecurity and testing providers, website hosting companies, advertisers, and sales and marketing consultants) who process it on our behalf for the purposes of providing this Website. Government Authorities: We may share information collected through this Website in order to comply with our legal obligations, or if we believe , in good faith that such disclosure is necessary to comply with a subpoena, warrant, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a valid government request. Business Transfer: In the event that we are involved in a corporate merger, sale, acquisition, dissolution, bankruptcy or other transfer of all or a portion of our assets, we may share information collected through this Website with the third party(s) involved in the transaction. Aggregated Data:  We may disclose aggregated, anonymized data without limitation for any business purpose.

We limit the personal information provided to the aforementioned affiliate and third-party service providers to the extent necessary for them to provide the services. We do not allow these third-party service providers to use your personal information for their own purposes and only permit them to access and process your personal information for specified purposes and in accordance with our instructions. Such service providers are required by contract to safeguard any personal information disclosed or transferred by us.

6. SECURITY

We take care to ensure that personal information you provide to us is accessed internally only by individuals that require access to perform their tasks and duties, and externally only by service providers and other third-parties with a legitimate purpose for accessing it.  All employees, service providers and contractors are expected to maintain the confidentiality of personal information. We will not use or disclose any collected personal information outside of the purposes described in this Notice unless you have otherwise consented, or it is required or permitted by law.

We employ commercially reasonable technology and operational controls to protect this Website and information that we collect through this Website. However, you understand that no method of transmission over the Internet is 100% secure. We do not make any guarantee with respect to the security or privacy of information collected through this Website.

In the event there has been a breach of our security safeguards which involve your personal information, including the unauthorized access, use or disclosure of your personal information, loss of your personal information, or other breach, and where there is a risk that significant harm will come to you as a result of that breach, we will notify you and any applicable regulatory authority within the period specified by applicable law.

7. RETENTION OF PERSONAL INFORMATION

We will store your personal information only for as long as is reasonably necessary to fulfill the purpose for which the personal information was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once your personal information is no longer needed, we will securely and effectively dispose of it.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you), in which case we may use this anonymized information indefinitely without further notice to you.

8. CONTACT US AND REQUESTS FOR INFORMATION

You may contact us to ask questions about how we use information that we collect through this Website by emailing us at connect@ensodata.com. Our Privacy Officer is responsible for the implementation of this Notice and monitoring our adherence to its terms and all applicable laws. The Privacy Officer also handles questions and concerns about this Notice, as well as personal information access requests and complaints.  For your protection, we may need to verify your identity before acting on any question or request. If you have any questions about this Website, or this Notice, please send an email to connect@ensodata.com. You may also mail questions to us at: EnsoData, Inc. 10 E. Doty St., Suite 449, Madison, WI 53703.

9. PROTECTED HEALTH INFORMATION

Some of your information collected may be Protected Health Information (“PHI”) as defined by Health Insurance Portability and Accountability Act (“HIPAA”) or other regulations.  This PHI may be subject to additional protections and restrictions.  If our Website (or Application(s) as included in the definition of Website) collects or uses PHI, we will follow the regulations and guidelines for such PHI.  We will not sell or disclose your PHI except as permitted by these rules and regulations.  You may have certain rights governed by HIPAA, CCPA, or other regulations and if you have questions, you may contact us at: connect@ensodata.com

10. VERSION

This Privacy Notice is effective dated February 14, 2025, and hereby supersedes all previously posted versions of this Notice.

CALIFORNIA RESIDENTS

If you are a resident of the State of California, you may have certain rights governed by the California Consumer Privacy Act of 2018, as amended, and its associated regulations (“CCPA“). This includes the right to contact us to explicitly object to us selling personal information about you to third parties. You understand that this right does not apply to personal information that we share with third parties that are involved in the operation of this Website, or to information that we have collected through this Website that we have de-identified.

CANADIAN USERS

If you are a Canadian resident, you may have certain rights under data protection laws in relation to your personal information.  The information below are requirements to use the Website and/or Application in Canada and/or information about your rights: 

11. PRIVACY POLICY REQUIREMENT

If you are a Canadian user Canadian Law requires you to affirmatively agree to the Privacy Policy at: https://www.ensodata.com/privacy-policy/.  Your use of the Application will have prompted you to agree to this Privacy Policy.  If you do not agree to this Privacy Policy, then you are not allowed to use the Application in Canada. 

12. CHANGES TO THIS NOTICE FOR CANADIAN USERS

We reserve the right to modify this Notice at any time.  If we modify this Notice, we will post the modified version to this Website as well as give you notice through the Application and/or via email. 

13. REQUEST ACCESS TO YOUR PERSONAL INFORMATION

This enables you to receive a copy of the personal information we hold about you.

14. REQUEST CORRECTION OF YOUR PERSONAL INFORMATION

This enables you to have any incomplete or inaccurate personal information we hold about you corrected, though we may need to verify the accuracy of the new personal information you provide to us.

15. REQUEST ERASURE OF YOUR PERSONAL INFORMATION

This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

16. RIGHT TO WITHDRAW CONSENT

Where we are relying on consent to process your personal information, you can withdraw consent at any time, subject to certain legal and contractual limitations. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

17. OTHER PRIVACY RIGHTS

Canadian residents have the right to receive information that identifies any third-party companies or individuals that we have shared your personal information with, as well as a description of the categories of personal information disclosed to that third party.  If you wish to exercise any of the rights set out above, please contact our Privacy Officer.  You have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you make a complaint, so please contact us in the first instance.

18. PROTECTED HEALTH INFORMATION UNDER CANADIAN LAW

Some of your information collected may be Protected Health Information, Personal Health Information, or other similar term (collectively, “PHI”) as defined by the Health Insurance Portability and Accountability Act, the Personal Health Information Protection Act (Ontario), the Personal Health Information Privacy and Access Act (New Brunswick),  the Personal Information Health Act (Newfoundland and Labrador), the Personal Health Information Act (Nova Scotia) or other similar legislation (collectively, “Health Privacy Laws”).  This PHI may be subject to additional protections and restrictions.  If our Website (or Application(s) as included in the definition of Website) collects, uses, or discloses PHI we will follow the regulations and guidelines for such PHI contained in the applicable legislation.  We will not sell or disclose your PHI except as permitted by applicable rules and regulations.  You may have certain rights governed by Health Privacy Laws or other regulations and if you have questions, you may contact us at: connect@ensodata.com.

19. TRANSFERS OF PERSONAL INFORMATION

You understand that we are established in the United States, and that we process your personal information in the United States. By using this Website, you consent to your personal information be transferred from your country of residence to the United States for processing and may be subject to the laws of those jurisdictions. For example, information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries. If you do not consent to this transfer, you may not use this Website.

UK AND EU RESIDENTS

We do not specifically market this Website, or our services to individuals outside of the United States and Canada. However, we understand that our Website is available worldwide, and as such, some visitors to our Website may reside within the United Kingdom (the “UK“) or the European Union (the “EU“). If you are a resident of the UK or EU, you may have certain rights governed by the EU General Data Protection Regulation (“GDPR“). You may contact us if you have questions about how we process personal data by emailing us at connect@ensodata.com.