Heartbeat AI Privacy Policy
Last Updated: January 17, 2022
PLEASE READ THE PRIVACY POLICY CAREFULLY AND USE IT TO MAKE INFORMED DECISIONS. BY USING OUR SERVICES, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY AND YOUR CONTINUED USE OF THE SERVICES CONSTITUTES YOUR ONGOING AGREEMENT TO THIS PRIVACY POLICY.
1.
GENERAL
This Privacy Policy outlines the practices of Heartbeat.AI Inc. (“Heartbeat”, “we,” “us,” or “our”) with respect to collecting, using and disclosing personal information when providing our online services (collectively, the “Services”) and constitutes an integral part of Heartbeat’s Terms of Service (“Terms”, and collectively, the “Agreement”).
For residents of California, U.S.A. subject to this Privacy Policy, see the supplement entitled “Your California Privacy Rights” linked here.
For residents of Nevada, U.S.A. subject to this Privacy Policy, see the supplement entitled “Your Nevada Privacy Rights” linked here.
The Heartbeat Prospector Service works as a search engine on our website - www.heartbeat.ai (the “Site”). The Heartbeat Prospector Service allows users to find the direct contact information and professional information about healthcare and medical professionals in the United States. This contact information and professional (“Data”) consists of email addresses, direct telephone numbers, cell/mobile phone numbers, fax numbers, and postal addresses to the extent available to Heartbeat. The Heartbeat Prospector Services returns the names and Data of healthcare or medical professionals that meet the User’s search criteria.
The Data provided by Heartbeat may also include other information about a healthcare or medical professional, such as specialties, credential obtained, years of experience, whether the professional is a sole proprietor, states in which the professional is licensed, gender, information about pharmaceuticals provided and supplier relationships, education, year graduated, and license/NPI number. Please note that the Service may not be able to provide all of these categories of Data for each professional from the Service.
The Service also includes features to search for professionals, browse the Heartbeat database of professionals, create lists of professionals in bulk, manage lists of professionals, generate reports, export contacts, enrich existing contact lists, integrate with third party tools, and an API.
“Users” are Heartbeat individual customers or business customer representatives who access the Heartbeat Services or Site.
“Contacts” are individual healthcare or medical professionals whose information is provided to Users based on Users’ searches using the Heartbeat Prospector Service.
Heartbeat.AI Inc. is a Delaware corporation. In addition, Heartbeat is a registered data broker in the States of California and Vermont.
We respect your privacy and are committed to protecting the privacy and security of both our customers’ Users and the Contacts they are investigating or contacting.
The term “you” shall refer to both Users or Contacts, as applicable.
In this Privacy Policy you will read about:
-
What types of personal information we collect
-
Cookies
-
Heartbeat’s Role as a Data Processor
-
How we process and use the personal information we collect
-
Sharing personal information with third parties
-
Links to other websites
-
Controlling your personal information
-
Retention of personal information
-
How do we safeguard and transfer your personal information
-
Notice regarding minors
-
Marketing
-
Corporate transactions
-
Changes to this Privacy Policy
-
How to contact us
2.
WHAT TYPES OF PERSONAL INFORMATION WE COLLECT
As explained in detail below, we collect three main types of information. The first type is a “Profile” of a healthcare or medical professional. The second type of information (i.e. “Users’ Data”) is mainly collected to allow Users to open and maintain an account with Heartbeat and to use the Services using the Site or file upload feature. The third type is information received from Site visitors.
A. Profiles
Our third party data providers collect Profile personal information from different public sources, namely: (i) third parties who license, sell, or otherwise provide personal information they have collected to our third party data providers; or (ii) information from publicly available sources, such as via the Internet and social networks.
Profiles of healthcare and medical professionals consist of available contact information (email addresses, direct telephone numbers, cell/mobile phone numbers, fax numbers, and postal addresses to the extent available to Heartbeat). The Data provided by Heartbeat may also include (to the extent available) other information about a healthcare or medical professional, such as specialties, credential obtained, years of experience, whether the professional is a sole proprietor, states in which the professional is licensed, gender, information about pharmaceuticals provided and supplier relationships, education, year graduated, and license/NPI number.
B. Users’ Data
We collect two categories of information from our Users:
-
i.
The first category of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Services (“Non-personal Information”). We are not aware of the identity of the User from which Non-personal Information is collected. Such information includes the following:
-
a.
We collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time and the domain name from which you linked to the Services; etc.), in order to enhance the functionality of the Services and to provide you with a better user experience.
-
b.
We may also collect information about your use of the Services (including by using the Site), such as certain log files, User activity (e.g. pages viewed, the amount of time spent on particular pages, online browsing, clicks, actions, installs, etc.), time stamps, alerts, etc. The above information is collected for, among other things, troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services.
-
c.
We may anonymize or de-identify the information collected by the Services or via other means so that the information cannot, on its own, personally identify you, for instance for reporting purposes. Our use and disclosure of such aggregated or de-identified information are not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation and for any purpose.
-
a.
-
ii.
The second category of information is personal information about you that specifically identifies you or when combined with other information we have, can be used to identify you. Such personal information is collected as part of the following activities.
-
a.
When you register or connect the Site or the Heartbeat Prospector Service with your email service (each a “Platform”), we may have access to basic personal information about you from such Platform, such as your name, email address, contact list, as well as any other information you made publicly available on such Platform or agreed to share with us. At all times, we will abide by the terms, conditions, and restrictions of such Platforms.
-
b.
We collect personal information which you provide us voluntarily. For example, we collect personal information when you communicate with us via email or the Site or share additional information about yourself or about others through your use of the Services, when you respond to communications from us, or when you make a purchase through our Site.
-
c.
See Section 3(C) below regarding information collected from Users when they visit the Site.
-
a.
C. Website Visitor Information
We may collect information from Site visitors (including Users) that submit information to us using the Site, social media messages, including name, email address, phone number, and message content. We may collect information on an aggregate basis when visitors visit our Site, for instance:
-
Data about how the visitor was referred to our Site
-
Visitors’ Internet protocol (IP) addresses
-
Locations of visitors
-
Web browser visitors are using
-
Information about the visitor’s device
-
Operating systems used by users
-
Key words or search terms used by visitors to find our website
-
How many visitors view the website or specific pages on it
We use a web analytics service, Google Analytics, to evaluate how users view and use our Site. Google Analytics tells us about when and how you use our Site, the website from which you navigated to our Site, information about your system, and your location.
For more information about Google Analytics, please visit:
http://www.google.com/policies/privacy/partners/.
You can opt out to prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout.
If you begin a chat session on our Site using an email address, we may receive additional information about you from another of our third party data providers. For instance, we may receive the following information, if available:
-
Job title
-
Metrics about times you used our Site
-
Information on how you used our Site
-
Number of Twitter followers
-
Additional information about how you were referred to our Site
-
Information about your receipt of emails
Finally, our Site uses the Smartlook service operated by Smartlook.com, s.r.o. The Smartlook service records session information showing how visitors use and take action on websites and mobile apps. As with anonymized or aggregated analytics collected about website usage, recordings of uses of the Site information is collected for amongst other things troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services.
See also Section 4 regarding the use of cookies to collect information from Site visitors.
3.
COOKIES
A cookie is a small data file that is sent to your device when you first visit a website. Cookies usually include an identification number that is unique to the device you are using. Such identifiers can help us better understand our Users and how they are using the Site and the Services.
Some of our cookies are required for the operation of our Site, for instance to authenticate you as the correct User. Other cookies are functional in that they assist you in using the site. For instance, some cookies enable recognition of a User when they re-visit the Site, keeping their settings and preferences and ability to offer customized features. If you prefer, however, at any time you can change the settings in your browser so it refuses all cookies, or notifies you when a cookie is being sent.
The Site and Services may implement the following types of cookies: (i) cookies implemented by us for the purposes described above (“First Party Cookie”); and (ii) third party cookies which are set by other online services who run content on the page you are viewing, for example by Google Analytics and other third party analytics companies who monitor and analyze our web access.
You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.
4.
HEARTBEAT’S ROLE AS A DATA PROCESSOR
“Controllers” are entities that, alone or jointly with others, determine the purpose and means of processing personal data. “Processors” are entities that process personal data on behalf of a controller.
As described above, Heartbeat acts as a data controller of personal information that it collects. Heartbeat, however, also acts as a data processor in three ways:
-
When customers input personal information into our Heartbeat Prospector Service to submit search queries, Heartbeat processes that personal information and returns a response with any additional personal information it may have concerning the searched-for individuals. Regarding such search queries, it is the Heartbeat customer that is the data controller. The customer is the one determining the purpose and means of processing that personal information.
-
When a business customer enrolls users within its organization to use the Heartbeat Services, one representative of the business may provide account information (full name, email address, and telephone number) of other users within the organization to Heartbeat for Heartbeat to provision accounts for these users. The customer is the entity that collected such personal information and provided it Heartbeat for purposes of provisioning accounts.
When acting as a processor, Heartbeat processes data in accordance with the actions and instructions of the applicable customer. As a data processor, with certain exceptions such as a legal disclosure obligation, Heartbeat is required under its agreement with the customer not to disclose or otherwise transfer personal information received as a processor to a third party except to provide the Services or the customer has instructed us to disclose or transfer the information (subject to requirements under applicable law to disclose such information). Except as noted below, Heartbeat processes any personal information and other customer information solely for the purpose of providing Services to the customer.
5.
HOW DO WE PROCESS AND USE PERSONAL INFORMATION?
We use the information we collect in the ways and for the purposes described above. We may also use such information in the following ways, and for additional purposes, as follows:
A. Profiles
We may use Profiles of Contacts for the following purposes:
-
To maintain and provide the Services: Users submit queries to the Heartbeat Prospector by searching for healthcare or medical professionals by full name, specialization, credential, state of licensure, years or experience, whether the individual is a sole proprietor, city, state, zip code, gender, pharmaceuticals provides or relationships with pharmaceutical companies, school attended, graduation year, or license/NPI number.
-
Our Heartbeat Prospector Service responds to the User with a list of professionals that meet the User’s search criteria; Users can then see Profiles of professionals listed in the search results.
-
To respond to Contacts’ inquiries, support request, feedback, or questions;
-
To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;
-
To investigate violations and enforce our policies, and as required by applicable law, regulation or other governmental authority.
B. User’s Data
We may use User’s Data for the following purposes:
-
To enhance in order to enhance the functionality of the Services and to provide you with a better user experience;
-
To verify a User’s registration to the Services and verify a User’s email address;
-
To respond to a User’s inquiries, support request, feedback, or questions
-
To obtain payment for Services and otherwise manage a User’s account and provide Users with customer support;
-
To identify and authenticate a User’s access to the Services;
-
To provide our Services;
-
To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;
-
To communicate with you and to keep you informed of our latest updates, upgrades, and products;
-
To troubleshoot errors and bugs, to perform research, or to conduct analytics in order to improve and customize our Services to your needs and interests; and
-
To investigate violations and enforce our policies, and as required by applicable law, regulation or other governmental authority.
C. Use of Website Visitor Information
We use information from Site visitors to enhance the functionality of the Services and to provide you with a better user experience. Also, we use Site visitor information to troubleshoot errors and bugs, to perform research, or to conduct analytics in order to improve and customize our Site to your needs and interests. It may be necessary to use Site visitor information to investigate violations and enforce our policies, and as required by applicable law, regulation or other governmental authority. Finally, if you use the web form functionality to send us an email via the Site, we use information you provide to us via that functionality to communicate with you and to respond to questions or requests.
6.
SHARING PERSONAL INFORMATION WITH THIRD PARTIES
We may share and disclose personal information we collect, if we believe in good faith that such disclosure is necessary or required: (i) to comply with an applicable law, regulation, governmental or securities exchange requirement, court order, judicial proceeding or legal process, such as a subpoena, search warrant, or demand for disclosure under judicial or administrative process; (ii) to address a violation of the law; (iii) to investigate fraud or criminal activity, and to protect our rights or those of our affiliates, vendors and Users, or as part of legal proceedings affecting or may affect us or our affiliates, vendors or Users; and (iv) to allow Heartbeat to exercise its legal rights or respond to a legal claim.
We may also share your information in the following ways, and for additional purposes, as follows:
A. Profiles
Profiles are provided to Users in connection with their use of the Services.
We may share some Profiles of Contacts with our third party data providers to check their accuracy and make sure Third Party Databases are current.
At any time, you may decide to opt out from enabling us to disclose or allow access to your Profiles stored on Heartbeat Database with our vendors and business partners, by filing in your relevant details here - www.heartbeat.ai/Optout. You may also opt out by contacting our data protection officer by email at contact@heartbeat.ai.
We may also share Profiles stored in our database with the following recipients: (i) our parents, subsidiaries, and other affiliates; (ii) subcontractors and other third-party service providers (e.g. hosting services, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Heartbeat.
B. User’s Data
We may share a User’s personal information with the following recipients: (i) our parents, subsidiaries, and other affiliates; (ii) subcontractors and other third-party service providers (e.g. payment processors, hosting services, the Smartlook web usage analysis service, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Heartbeat.
7.
LINKS TO OTHER WEBSITES
This Privacy Policy applies only to our Services and not to websites or applications owned by third parties. We may provide links to other websites (e.g. through advertisements, marketing materials, etc.) which we believe may be of interest to you. We cannot guarantee the privacy standards of such websites to which we link or be responsible for the contents of sites and this Privacy Policy is not intended to be applicable to them.
You are knowingly and voluntarily assuming all risks of using third-party sites. You agree that we shall have no liability whatsoever with respect to such third- party sites and your usage of them.
8.
CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information in the following ways:
-
If you would like access to the personal information about you we may have in our possession, please contact us at contact@heartbeat.ai or the contact information below in the Contact Us section.
-
You may also contact us at contact@heartbeat.ai or the contact information below to correct or update personal information about you in our possession. Please keep in mind that we may have a legal right or obligation to preserve personal information as it currently exists.
-
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at contact@heartbeat.ai or using the contact information below.
-
Any email communications from us contain instructions on opting out of further email communications, although we will still send you emails relating to the support, administration, and security of our products and services.
If you wish to contact us about controlling your personal information as described in this Section, please submit a request to us using the Contact Us section at the end of this privacy policy.
9.
RETENTION OF PERSONAL INFORMATION
Personal Information will be retained by Heartbeat in such a way that you can be identified until the date on which personal information it is no longer needed for Heartbeat’s processing activities (“Processing Date”). Heartbeat will adopt the same retention policy for all Users and Contacts regardless of their place of residence, which will follow the reasonable mandatory retention period, which is 7 years as from the Processing Date. Please note that we may retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements.
If you wish to remove Profiles existing in our servers, if you prefer that we not disclose your Profiles to our Users, vendors or business partners, or if you do not wish to receive messages generated by the Message Automation, you may opt-out by filling in your relevant details here – www.heartbeat.ai/Optout -- or by contacting our data protection officer by email at contact@heartbeat.ai. In this case, we shall not continue to use or disclose your Profiles or send messages to you, except as required or permitted under applicable law.
Please be notified: if you opt out of being a Contact, we will make sure that our Services will not return any personal information associated with your email address. Nonetheless, should you change accounts or have multiple accounts, there may be duplicate records. Accordingly, the more information you can provide us when opting out, the more effectively we can block your personal information from being provided to Users.
10.
HOW DO WE SAFEGUARD AND TRANSFER YOUR PERSONAL INFORMATION?
We take great care in implementing and maintaining the security of the Services and your personal information. We employ industry standard procedures and policies to ensure the security of your personal information and prevent unauthorized use of it. Although we take reasonable steps to safeguard personal information, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure and Heartbeat cannot guarantee the security of data outside of its information processing facilities.
11.
NOTICE REGARDING MINORS
The products and services of Heartbeat are not targeted to or intended for children under the age of 18. If you are under 18, you may not submit information about yourself to Heartbeat. Heartbeat reserves the right to modify or remove any information on the Site or Services at its own discretion.
In the event that we become aware that a User is under the age of 18 has shared any personal information with Heartbeat, or if we become aware of a Contact or message recipient under the age of 18, we will discard that minor’s personal information. If you have any reason to believe that a minor has shared any personal information with us or any personal information about a minor is in one or more of our Databases of Contacts or is a message recipient, please contact us at contact@heartbeat.ai.
12.
MARKETING
We may use Users’ Personal Information, such as names and email addresses, ourselves or by using our third-party subcontractors for the purpose of providing our Users with promotional materials and newsletters concerning our Services, which we believe may interest them.
Out of respect to their right to privacy, at any time, Users may request to unsubscribe and discontinue receiving marketing offers by following the directions in the email or sending us a blank message with the word “remove” to contact@heartbeat.ai. You may also opt-out by filling in your relevant details here – www.heartbeat.ai/Optout.
13.
CORPORATE TRANSACTIONS
We may share information, including Personal Information, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale of an asset or transfer in the operation thereof) or bankruptcy or any similar insolvency proceedings of Heartbeat or any of its affiliates. In the event of the above, the acquiring company or transferee will assume the rights and obligations as described in this Privacy Policy.
14.
CHANGES TO THIS PRIVACY POLICY
Heartbeat reserves the right to modify this Privacy Policy from time to time, so please review it regularly. If we make changes to this policy, we will notify you here or by means of a notice on the Site’s homepage prior to the changes becoming effective. If the changes are material, we will notify you by email.
Please check back periodically to review the latest version of this Privacy Policy. You hereby declare that your continued use following any changed made to the Services or the Privacy Policy shall constitute your consent to any modified terms.
15.
CONTACT US; EXERCISING CONTROL; COMPLAINTS
Our point of contact is Ben Argeband, who is the officer of our company in charge of data protection.
If you have any questions, comments or concerns about this policy or about our privacy practices, seek to exercise any of your privacy rights under applicable law, or wish to access, change, or update personal information we have about you, you should first contact our data protection officer by email at contact@heartbeat.ai. You may also contact us at this email address if you are aware of abuse or misuse of our Services.
If you prefer that we not disclose your Profile to our Users, vendors or business partners, you may opt-out by filling in your relevant details at www.heartbeat.ai/Optout.
If you have a complaint about our privacy practices, contact our data protection officer by email at contact@heartbeat.ai. Our privacy team will investigate any complaints that you make concerning our privacy practices and provide you with a written response. You will need to provide enough information for us to evaluate your complaint, and we may need to ask for additional information in order to assess a complaint. Also, you have a right to submit any complaint to your local data protection authority or government regulator.