Last Updated: July 27, 2022
You understand and agree that Altoida and its authorized business partners, affiliates, subsidiaries or agents (collectively, “Altoida”, “us” or “we”) may collect, maintain, and process information provided by you, on and through the Services. You represent and warrant that you have permission to share any information you elect to provide Altoida, you consent to such information being shared with third parties, including, if applicable, healthcare providers, and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information. In the event you have prescribed the AMD to a patient, you attest that you have notified your patients that Altoida will be collecting patient Personal Information on your behalf, and the patient has consented to such collection and use.
The information on this site is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. All content, including text, graphics, images and information, contained on or available through this web site is for general information purposes only. Altoida makes no representation and assumes no responsibility for the accuracy of information contained on or available through this web site, and such information is subject to change without notice. You are encouraged to confirm any information obtained from or through this web site with other sources, and review all information regarding any medical condition or treatment with your physician. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THE SERVICE.
Altoida does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific tests, products, procedures, treatments, services, opinions, health care providers or other information that may be contained on or available through the Service. ALTOIDA IS NOT RESPONSIBLE NOR LIABLE FOR ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER INFORMATION, SERVICES OR PRODUCTS THAT YOU OBTAIN THROUGH THE SERVICE.
COLLECTION AND USE OF PERSONAL INFORMATION AND OTHER DATA
Account Information: In order to use the Services, users may be required to have a valid Altoida account to log in to the Website (an “Account”). When you register for the Services, Altoida collects your name, email address, birth date, gender, zip code, your business phone number and business address (“Account Information”). Altoida will also have access to information about your use of the Services such medical appointments made, test results, geo-location data and other information available that is combined with your Account Information. Once you create an account with us and sign in to our services, you are not anonymous to us.
Altoida collects Personal Information (both for our Customers and, in the event our Customers are health care providers, their patients) in the following general ways:
- Altoida collects Personal Information you knowingly choose to submit to us through the Services, such as your name and email address, or Personal Information of individuals to whom the AMD class II medical device has been prescribed.
- When you access or use the Services, Altoida may automatically receive and record information on our server logs from your browser, including your IP address, cookies, and the pages you request. IP addresses are automatically reported by your browser each time you view a web page. Your IP address is stored by Altoida when you register with Altoida.
Generally, Altoida uses the Account Information (including Personal Information) to deliver the Services to you, to improve the delivery of our Services and related products and services, to conduct our business, to develop analytics and aggregated data that allow us to improve our Services and related products and services, or to correspond with you. Specifically, Altoida uses Personal Information to:
- Authenticate access to the Account and provide access to the Services;
- Provide, operate, maintain and improve the Services
- Send technical notices, updates, security alerts and support and administrative messages
- Provide and deliver the Services and features you request, process and complete transactions, and send you related information, including confirmations and invoices;
- Respond to comments, questions, and requests and provide customer service and support;
- Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about us and our select partner
- Investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
- Personalize and improve the Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the Services;
- Monitor and analyze trends, usage, and activities in connection with the Services and for marketing or advertising purposes;
- Link or combine with other information we receive from third parties to help understand your needs and provide you with better service;
- Enable you to communicate, collaborate, and share files with users you designate; and
- For other purposes about which we will notify you about and seek your consent.
Practice Users: Altoida makes its Website and the Services available to medical practices for a variety of uses described in our Terms of Service. In order to provide the Services to our medical practice clients (“Practice Users”), Altoida collects certain Personal Information such as contact and registration information from the Practice User employee signing up on behalf of the Practice User. Altoida collects and uses Practice User information the same way we collect and use Personal Information.
Prospective Customers: We collect names, email addresses and other business contact information about individuals who we consider to be prospective Customers and business partners (“Prospects”). Altoida uses third-party service providers in order to collect, store and process Personal Information about Prospects. We use these third-party service providers to identify Prospects and locate contact information to contact Prospects about our products and services.
Website Visitors: As you visit or browse the Website, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. This information is logged to help diagnose technical problems for analytics and for quality control purposes. We also collect Personal Information submitted by any visitor to our Website through messaging features we make available on our Website and use such information for the purpose of responding to your requests.
App Users: Through the App, Altoida makes the AMD available for personal devices and allows individuals to understand how their performance compares to other App users. The App does not disclose diagnostic output to the user at any time. The results returned by the App do not replace a clinical diagnosis. Please consult your doctor before making any medical decisions based on information obtained through the App.
When you take a test the App uses the TrueDepth API through the front facing camera on compatible devices to register your eye movements. Only abstract statistical data of the eye movement is analyzed and no images are stored or transmitted at any time. No device IDs, UDIDs, or any other information capable of re-identifying your device is recorded, stored, or transmitted. Altoida only associates your test results with an examination code provided at the end of your test. Your rest results are not associated with any of the Personal Information described above. Your test results are stored for analysis and will upon your request be deleted. If you want to make such a request, please contact us and include a reference to the examination code associated with your test.
A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our Website.
If you prefer, you can turn off cookies in your web browser by changing its security settings. Please note, however, some features of Products and Services may not function properly if your cookies are disabled. You may be able to set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether or not to accept it. If you disable cookies, you may not be able to take advantage of all the features of the Website and/or Services. We do not link any of the information we use in cookies to any personally identifiable information submitted by you when you are on the Website.
Altoida also combines data derived from our usage of cookies with Account Information of registered users for the purposes set out above.
At this time, this Service does not support Do-Not-Track signals.
Log Files: Like many internet and mobile services, we may automatically gather certain information about our Services traffic and store it in log files. This information includes mobile device identifiers, browser type, IP address, mobile or internet service provider, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the Services, to track users’ movements around the Services, and to gather demographic information about our user base.
We also store in our log files information identifying users who have accessed data that we store about patients, and any changes they make to such data. We use this information to comply with legal obligations relating to such data and to keep a record of such changes. We may also use it to improve our Services.
We may link this automatically collected data to Personal Information. Device identifiers may be tied to Personal Information to troubleshoot access issues.
We may use third-party tracking services that use log files, cookies, and possibly other techniques to track non-Personal Information about visitors to the Services in the aggregate. These services capture usage and volume statistics as well as geographical location data to compile usage reports and maps for optimization and troubleshooting purposes.
STORAGE LOCATION AND TRANSFER OF PERSONAL INFORMATION
Altoida processes and stores its data, including Personal Information, on cloud servers located in North America. Altoida also transfers data to the third-party service providers described herein.
By submitting Personal Information or otherwise using the Services, you agree to this transfer, storing or processing of your Personal Information in the USA. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in the United States under lawful access regimes or court order.
DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
Your Consent to Share: By providing any Personal Information to us, you fully understand and unambiguously consent to the transfer of such Personal Information and the collection and processing of such Personal Information to third party healthcare providers, credit card processing vendors, or other third parties as described in the Terms of Service. We may share aggregated data to conduct our business, improve the delivery of our Services, to develop analytics, and to enable us and our partners to improve and promote our products and services.
Processing of Medical Practice Data: As a service provider to our Practice Users we collect and analyze data related to our medical practice customers on their behalf. In this role, Altoida is processing data upon instruction from such clients. This data is shared only with the relevant client.
Service Providers and Business Partners: We may from time to time employ third parties to perform tasks on our behalf and we may need to share Account Information and other Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. We currently engage third party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, Web analytics and general improvement of the Services, and businesses who engage our Services (to the extent provided for above). We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Information.
Business Transfers: If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.
As Required by Law: We may disclose Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other end users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce our contracts or user agreement, including investigation of potential violations hereof; and (iii) detect, prevent, or otherwise address fraud, security or technical issues. We may disclose Personal Information if we believe it is necessary to investigate potential violations of our Terms of Service, or to enforce those Terms of Service. The above may include exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Notwithstanding the general terms of this policy, the collection, use, and disclosure of Personal Information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders.
ACCESS, CORRECTION AND ACCURACY
You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
YOUR OPT IN/OPT OUT CHOICES
You may “opt in” and/or “opt out” of certain uses of your Personal Information. For example, you may have the opportunity to choose whether you would like to receive email correspondence from us. Your Personal Information will not be shared with third-party service providers unless you give consent. You will have the opportunity to opt out of Altoida marketing emails by clicking the "opt out" or “unsubscribe” link in the email you receive. You can also request this by filling out a web form via our Data Subject Access Request (DSAR) Portal. If the Altoida (DSAR) Portal is unavailable, requests can be sent to firstname.lastname@example.org.
Please take note that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions, and communications with us.
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Information to Altoida via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
Altoida may share customer information within our family of companies for a variety of purposes, for example, to provide you with the latest information about our products and services and offer you our latest promotions. To facilitate our global operations, Altoida may transfer Personal Information from your home country to other Altoida locations across the world. To protect your Personal Information, we will only transfer data to countries who provide an “adequate” level of Personal Information protection. If the data is transferred to counties without ‘adequate’ protection as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.
ALTOIDA RESPONSE TO A DATA REQUEST AND/OR SECURITY BREACH
In regard to the aforementioned rights to voice questions, make requests regarding your data privacy or withdraw consent, we will respond to your request within 30 days. In some cases, however, we may limit or deny your request if: the law permits or requires us to do so, if it infringes on the privacy of other individuals or internal procedures, if we find the request to be unfounded or excessive or if we are unable to verify your identity.
If the volume or complexity of the request requires internally processing at Altoida beyond 30 days, Altoida will inform the requester within 30 days of the reasons for an extension and may charge a reasonable fee to cover administrative costs.
Security of all information is of the utmost importance for Altoida. Altoida uses technical and physical safeguards to protect the security of your Personal Information from unauthorized disclosure. We use encryption technology to keep all information secure. We also make all attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse, or alteration of Personal Information and, unless otherwise agreed in a written agreement between Altoida and the applicable party, we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will notify you without undue delay of any loss, misuse or alteration of Personal Information that may affect you. We will notify relevant regulatory bodies within 72 hours of a breach.
IMPORTANT NOTICE TO EUROPEAN UNION INDIVIDUALS: THE GENERAL DATA PROTECTION REGULATION
To facilitate our business practices, your Personal Data may be collected, transferred to, and stored by us in the United States. As a result, your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission, and which may not provide for the same level of data protection in the EEA. In this event, we will ensure an adequate level of protection, for example by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
Altoida commits to resolve complaints about your privacy and our collection or use of your personal information under GDPR. European Union individuals with inquiries or complaints should use our Data Subject Access Request (DSAR) Portal to submit complaints about your privacy and our collection or use of your personal information.
Alternative means of contact:
If the Altoida DSAR Portal is unavailable, requests can be sent to email@example.com
or to our mailing address:
80 M Street SE, Suite 100
Washington, DC 20003
If you have any unresolved privacy concerns that we have not addressed satisfactorily after contacting us, you have the right to contact the EU Data Protection Authorities by clicking on the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
THIRD PARTIES WHO MAY RECEIVE PERSONAL DATA (ONWARD TRANSFER)
Altoida may employ and contract with third-party service providers and other entities to assist in providing our services to customers by performing certain tasks on our behalf. These third-party providers may offer customer support, data storage services (data centers), or technical operations. Altoida maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance. These third parties may access, process, or store personal data in the course of providing their services. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents. We may be liable for the appropriate onward transfer of UK, EU, and Swiss personal data to third parties.
YOUR RIGHT TO ACCESS YOUR DATA
We acknowledge the right of UK, EU, and Swiss individuals to access their personal data. Your ability to access, limit use and disclosure, for specific instructions on how you can access this right.
YOUR ABILITY TO CHOOSE HOW YOUR DATA IS TO BE USED
CALIFORNIA CONSUMER PRIVACY ACT
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect and sets new requirements and rights relating to personal information of California consumers. This section for California residents applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||No|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||No|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||No|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||No|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
FAIR INFORMATION PRACTICES
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify the users via email Within 7 business days
- We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
Altoida does not knowingly solicit or collect data from children nor knowingly market to anyone under the age of 18. If you are under the age of 13, you are explicitly not authorized to use this Service. If you become aware that your child has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org. If we become aware that a child under 18 has provided us with Personal Information, we will take reasonable steps to remove such information from our systems and terminate the applicable account.
TERMS OF SERVICE
Please also visit our applicable Terms of Service, which govern the use of our Services.
80 M Street SE, Suite 100, Washington, DC 20003 - USA