Privacy Policy & Security Standards

Protecting your privacy is very important to us. We’re telling you about our privacy policy and notice so you know what information we collect, why we collect it, and what we do with it. The Embleema Service (“Service”) is owned and operated by Embleema Inc. (“Embleema”, “us”, “we”, or “our”), a Delaware corporation. We operate the http://www.embleema.com as well as the app.embleema.com website (collectively the “Website”). Your use of the Website and Service is governed by the privacy policy and notifications contained herein together (the ” Privacy Policy”, “Policy”). Please read this Privacy Policy carefully. By accessing, browsing or otherwise using the Website or any Embleema Service, you acknowledge that you have read, understood, and agree that you have been so notified of this Privacy Policy. If you do not accept the terms and conditions of this Privacy Policy, you should not access, browse or use the Website. This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at our Website.

Information Collection and Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your first name, last name, address, phone number and email address (“Personal Information”). We collect this information for the purpose of providing the Service, identifying and communicating with you, responding to your requests/inquiries, servicing your purchase orders, and improving our services. We do not collect social security number or other similar information unless you choose to provide it. We do collect other limited information automatically from visitors who read, browse, and download information from our site. We do this, so we can understand how the site is being used and how we can make it more helpful.

Use of Phone Numbers for Text Messages: Your phone number is primarily used to provide you with information about your account and important updates. Text messaging charges may be applied by your carrier. We will not share your mobile information with any third parties or affiliates for marketing or promotional purposes.
Opting Out of Text Messages: If at any time you wish to stop receiving text messages from us, you can opt out by texting STOP or by updating your settings in your account profile.

Certain information about your visit can be collected when you browse websites. When you browse the Embleema Website, we, and in some cases our third-party service providers, can collect the following types of information about your visit, including:

  • Domain from which you accessed the Internet

  • Approximate geographic location based on the IP address of the user’s local system

  • IP address (an IP or internet protocol address is a number that is automatically assigned to a device connected to the web)

  • Operating system (which is software that directs a computer’s basic functions such as executing programs and managing storage) for the device that you are using and information about the browser you used when visiting the site

  • Date and time of your visit, pages you visited, address of the website that connected you to our Website (such as google.com or bing.com)

  • Device type (desktop computer, tablet, or type of mobile device)

  • Screen resolution

  • Browser language, geographic location and time spent on page

  • Scroll depth (the measure of how much of a web page was viewed)

  • User events (e.g. clicking a button)

    We use this information to measure the number of visitors to our site and its various sections, to help make our site more useful to visitors

Cookies

When you visit a website, its server may generate a piece of text known as a “cookie” to place on your device. The cookie, which is unique to your browser, allows the server to “remember” specific information about your visit while you are connected. There are two types of cookies, single session (temporary), and multi-session (persistent). Single session cookies last only as long as your web browser is open. Once you close your browser, the session cookie disappears. Persistent cookies are stored on your device for longer periods. Both types of cookies create an ID that is unique to your device.

Session Cookies: We use session cookies for technical purposes such as to allow better navigation through our site. These cookies let our server know that you are continuing a visit to our site.

Persistent Cookies: We use persistent cookies to understand the differences between new and returning visitors to the Embleema website. Persistent cookies remain on your device between visits to our site until they expire or are removed by the user. We do not use persistent cookies to collect personally identifiable information. Embleema does not identify a user by using such technologies.

The cookie makes it easier for you to use the dynamic features of Embleema. Information that you enter into the application is not associated with cookies on Embleema. Depending on the third-party tool’s business practices, privacy policies, terms of service, and/or the privacy settings you selected, information you have provided to third parties could be used to identify you when you visit the Embleema website. These third parties do not/will not share your identity with Embleema.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.

Do Not Track Disclosure

Do Not Track (“DNT”) is a preference you can set in your web browser to inform websites that you do not want to be tracked.

Embleema automatically observes the DNT browser setting for digital advertising that uses “conversion-tracking” or “re-targeting”. If “Do Not Track” is set before a device visits the Embleema website, third party conversion tracking and retargeting tools will not load on the site. For more information on DNT or information on how to set the Do Not Track setting in your browser go to the Do Not Track website.

So you can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services and/or to assist us in analyzing how our Service is used. We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our services.

These third parties have access to your Personally Identifiable Information (“PII”) only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.

Please note that Embleema will only share your information in accordance with this Policy, except in the following situations:

You have given us your consent to share or use information about you;

We believe that we need to share information about you to provide a service that you have requested from us or from others;

We are required by law to disclose information; or

We believe that it is necessary to protect our rights or to avoid liability or violations of the law.

Communications

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you.

We also engage certain service providers for purposes of tracking and associating internet search and browsing behavior to provide improved functionality on the Embleema website. We enable them to use tracking technologies, such as cookies and web beacons, on or in conjunction with the Embleema website. These companies may use non-personally identifiable information about your visits to other websites, together with non-personally identifiable information about your purchases and interests from other online and offline sources, to provide you with newsletters, marketing or promotional materials and goods and services that may be of interest to you.

The use and collection of information by these service providers is governed by their respective privacy statements and thus is not covered by this Policy. In addition, we may share Website usage information with these service providers to manage and target ads and for market research purposes.

Finally, information obtained through these processes may be combined with personally identifiable information in order to analyze our marketing efforts. You may opt out of receiving any, or all, of these communications from us by contacting us.

Compliance with Laws

Embleema recognizes it may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations set forth thereunder at 45 C.F.R. Part 160 and Part 164 (the “HIPAA Privacy Regulations”) because Embleema provides certain services which involve (i) the use and disclosure of Protected Health Information (as defined in the HIPAA Privacy Regulations) by Embleema, and (ii) the disclosure of Protected Health Information by or on behalf of registered user by Embleema. Accordingly, pursuant to the HIPAA Privacy Regulations, Service Company may be a “Business Associate” (as defined in the HIPAA Privacy Regulations). Embleema complies with all of the requirements of HIPAA and the HIPAA Privacy Regulations applicable to Business Associates respectively.

Additionally Embleema complies in all material respects with all federal and state-mandated regulations, rules, or orders applicable to the services provided herein, including but not limited to regulations promulgated under Title II, Subtitle F of the Health Insurance Portability and Accountability Act (Public Law 104-91) (“HIPAA”). We will not disclose your Personal Information unless required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service. These regulations may require us to disclose to proper authorities information related to your usage of the Service, such as – but not limited to – time and date of your registration, your logins and logouts, your changes of passwords to the Service, time and date of your CCD and Fitbit uploads and authorizations to release your medical history.

Security

Embleema acknowledges that, during its engagement by registered users, it will have access to Personal Information including identity attributes and health information. Embleema in its collection, receipt, transmission, storage, disposal, use and disclosure of such Personal Information will be a responsible keeper of that information.

While no method of internet transmission, or electronic storage is totally secure,  Embleema strives to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store. Embleema shall implement administrative, physical and technical safeguards to protect Personal Information that are no less rigorous than accepted industry practices (including the International Organization for Standardization’s standards: ISO/IEC 27001:2005 – Information Security Management Systems – Requirements and ISO-IEC 27002:2005 – Code of Practice for International Security Management, other applicable industry standards for information security), and shall ensure that all such safeguards, including the manner in which Personal Information is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Privacy Policy.

International Transfers

Your information, including Personal Information, may be transferred and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside United States and choose to provide information to us, please note that we transfer the information, including Personal Information, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Embleema Users Located in the European Data Region

For Embleema users located in the European Data Region, all processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and Embleema ’s processing will take place in accordance with the GDPR.

Embleema Users Located in the U.S. Data Region

For Embleema users in the Embleema US Data Region, Embleema processes data solely in data centers located in the US. Embleema has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the user’s data in Embleema ’s possession. Embleema will promptly notify the user in the event of any known unauthorized access to, or use of, the user’s data.

Users Located in the European Data Region: Embleema as Controller

Embleema processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR.

Embleema adheres to the Directive of 1995 and the GDPR from May 25th, 2018.

All data collected by Embleema will be stored exclusively in secure hosting facilities provided by GDPR compliant Amazon Web Services. Embleema has a data processing agreement in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations. All transfers of data internally in the EEA is done in accordance with this data processing agreement.

See the EMBLEEMA GDPR DATA PROCESSING ADDENDUM

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the effected parties unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the affected parties is not made within 72 hours, it shall be accompanied by reasons for the delay.

Retention and Deletion

Embleema will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For user data, users have control of the purpose for collecting data, and the duration for which the Personal Data may be kept.

Conditions of Use

We assume that all users of our Website and platform have carefully read this document and agree to its contents. If someone does not agree with this privacy policy, they should refrain from using our Website and platform. We reserve the right to change our privacy policy as necessity dictates. Continued use of Embleema’s Website and platform after having been informed of any such changes to these conditions implies acceptance of the revised privacy policy. This privacy policy is an integral part of Embleema’s terms of use.

Links to Other Sites

Your activity on the third-party websites that Embleema links to (such as Facebook or Twitter) is governed by the security and privacy policies of those websites. You should review the privacy policies of all websites before using them so that you understand how your information may be used. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services. You should also adjust privacy settings on your account on any third-party website to match your preferences.

HUMAN RIGHTS

Embleema shall

(a) avoid to cause or contribute to adverse human rights impacts through their own activities, and address such impacts when they occur; and

(b) seek to prevent or mitigate adverse human rights impacts that are directly linked to its operations, products or services by their business relationships, even if they have not contributed to those impacts.

Children’s Privacy

Embleema is committed to protecting the privacy of children who visit our Embleema website. Only persons age 18 or older have permission to access our Service. We do not knowingly collect personally identifiable information from persons under 18. Embleema follows the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA, please visit https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online.

Changes to this Privacy Policy

We may revise this Privacy Policy from time to time. The most current version of the policy dated November 2, 2019 will govern our use of your information and will always be at embleema.com/privacy. If we make a change to this policy that, in our sole discretion, is material, we will notify you via email to the email address associated with your account and/or prominent notice on our Embleema website. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.