HEARTMATH® CUSTOMER PRIVACY POLICY

Quantum Intech Inc (dba HeartMath Inc) hereinafter called “HeartMath.” Throughout this policy, we refer to HeartMath, Inc. as “HeartMath,” “we,” “us,” or “our.”

HeartMath recognizes the importance of protecting the privacy of all information provided by you when you:

  • Purchase, register, and use our products (“Products”),
  • Visit our websites,
  • Interact with our social media accounts,
  • Subscribe to our mailing lists,
  • Create a HeartMath account,
  • Visit our Directory or Resource Center,
  • Take a class on our learning platform, or
  • Use our cloud services.

Collectively referred to as the “Services” in this policy are the following activities: processing and collecting data generated by our Products, providing website content, distributing mailing lists, hosting events, providing account services, providing the Directory and Resource Center, offering classes, and providing cloud data access, plus any future services we might offer.

We have created this policy out of a fundamental respect for your right to privacy and to guide our relationships with you. It will describe the personal information and other data we collect, how we use it, the controls we give you over your personal information, with whom we share personal information, the measures we take to keep it safe, and your privacy rights.

For purposes of the European Union’s General Data Protection Regulation (“GDPR”) and users in the European Economic Area, the United Kingdom, or Switzerland, HeartMath acts as a data controller.

Under the GDPR, you need to have a legal ​justification (called a “lawful basis” in the regulation) to use an individual’s personal data. We list these in each section and use the term “lawful basis.”

HOW WE USE INFORMATION

This section outlines why we collect information and what we do with it. The next section outlines what information we collect. We use the information we collect for the following purposes.

Provide And Maintain The Products and The Services.

Using the account, payment, and usage information we collect, we can deliver the Products and Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your HeartMath dashboard tracking your heart rate variability, journal, and other trends, and to give you customer support. We use your postal address to ship our Products to you. The lawful basis of processing this information is to perform our contract with you. Regarding device information constituting health information, the lawful basis of processing this information is consent.

Improve, Personalize, And Develop the Services

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors, perform data analysis and testing, conduct research and surveys, and develop new features and Services. When you allow us to collect geolocation information, we use that information to provide your general location on a map of current Global Coherence App users. We may use your information to make inferences and show you more relevant content. The lawful bases of processing this information are our legitimate interests in maintaining and improving our Services, providing content relevant to our users, and develop new Services and performing our contract with you to facilitate providing the Products and Services in an effective and efficient manner. We only use this information anonymously. When data is anonymized and aggregated, we do not ask explicit permission.

Communicate With Us

  • We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Services notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email. The lawful basis of processing this information is our legitimate interests in responding to your communications and to grow our business.
  • If you post information using our forums, leaderboards, social media accounts, and other special tools, such as to post a review on the HeartMath website, our Service will display the information in accordance with your instructions. By posting such information, you consent to the display of that information. The lawful basis of processing this information is consent.

Promote Safety and Security.

We use the information we collect to promote the safety and security of the Services for our users and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. We may also use collected information to investigate violations consistent with applicable laws, regulations, or other governmental authority. The lawful basis of processing this information is our legitimate interests to maintain HeartMath’s and our users’ safety and security.

INFORMATION WE COLLECT

This section outlines what information we collect.

When you purchase our Products or use our Services, we collect the following types of personal information:

Personal Information You Provide Us

  • Account Information. Some personal information is required to create an account on our Services, such as your name, email address, password, and date of birth (optional). This is the only information you must provide to create an account with us. You may also choose to provide other types of information, such as a profile photo, biography, country information, and username.
  • Additional Information. To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, for example biographical information or a profile photo. If you contact us or participate in a survey, contest, or promotion, we collect the information you submit, such as your name, contact information, and message. If you post information using our forums, leaderboards, and other special tools, such as to post a review on the HeartMath website, we collect a username that you provide us.
  • Payment And Card Information. Some HeartMath devices support payments and transactions with third parties. If you activate this feature, you must provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. This information is encrypted and sent to your card network, which upon approval, sends back to your device a token. The token is a set of random digits for engaging in transactions without exposing sensitive card information to us. For your convenience, we store the last four digits of your card number and card issuer’s name and contact information. You can delete or change payment information via the payment settings in your account on our website. Deleting your account will also delete stored payment information. We do not store your transaction history.

    If you purchase HeartMath technology on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CCV code, and billing address. We do not store this payment information. We store your shipping address to fulfill your order and store a record of your purchase for financial purposes. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
  • Certified Professional Directory. Our directory service (“Directory”) is a platform for you to communicate with a mentor or coach. If you use our Directory, we collect information about your use of the Directory, for example, the messages set to a provider.
  • Children Under the Age Of 13. Our online Services and Product offerings are not intended for anyone under the age of thirteen (13). Children under the age of thirteen (13) may not place orders on our websites, interact with our social networking accounts, post reviews, or otherwise provide personal information to us via our websites. See Section 8 for more details about our policies regarding personal information about children.
  • Reviews. When you create an account to post reviews on our website, we collect a username from you and the text you post on our website.
  • Social Media Accounts. We review and collect information that you post on our social media accounts. Please note that the information you post will be visible to anyone viewing our social media accounts.

Information We Receive from Your Use Of Our Services

  • Device Information.
    1. When you use our Services, we collect data about you to estimate a variety of metrics such as heart rate variability, coherence, journal entries or time spent on the application. The data collected varies depending on which Services you use. Learn more about the features of our various Services in our Account Settings document and our Terms of Service for each product. When your sensor connects with our application or software, data recorded through your sensor is transferred to our servers.
    2. Some of the device information we collect is health information. To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account, grant us access to your HRV data from another service. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.
  • Geolocation Information. The Global Coherence app includes features that use geolocation data, such as latitude and longitude. We collect this type of data when you agree to the terms of use. On iPhone, you can block geolocation services by using your phone settings. Android does not permit you to turn off geolocation when you use Bluetooth. Also, you can request deletion of this data. (See Section 10 (How to Exercise Your Legal Rights) for assistance.) You can always remove our access, for example, using your HeartMath app, like Inner Balance, or HeartCloud settings. We may also derive your approximate location from your IP address. (should we put why we collect this information)
  • Usage Information. When you access or use our Services, we receive certain usage or network activity information. This includes information about your interaction with the Services, for example, when you view or search content, install applications or software, create or log in to your account, pair your device to your account, or open or interact with an application on your HeartMath app.
    We also collect data about the devices and computers you use to access the Services, operating system or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information. For further information please refer to our cookie policy in Section 3 below.

Information We Receive from Third Parties

There are instances where we may receive information from third party services, such as social media websites. If you respond to an ad on a third-party website that connects you with us, we may receive information which may include your name, profile picture, age range, language, or email address. You can stop sharing the information from a third-party service by changing settings in the applicable third party service or submitting a request for deletion to that service.

Cookie Policy

We use cookies and similar technologies for the purposes described above. For instance, we work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving advertisements on our behalf across the internet, and measuring the performance of those advertisements. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications.

  • Cookies are small data files stored on your browser or device. They may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”).
  • Web beacons are small images on a web page or in an email. They collect information about your browser or device and can set cookies.
  • The table below shows the ways we and our service providers use cookies and web beacons.

Category of Use

Purpose of Use

Preferences

To help us remember your settings and preferences, like your preferred language or country of residence, so that we can provide you with a more personalized experience.

Authentication and Security

To log you into the Services, enable us to show you your account data, and help us keep your data and the Services safe and secure.

Service Features and Performance

To provide you with functionality and optimize the performance of the Services.

For example, to keep track of products you add to your shopping cart on HeartMath.com and improve our website’s load speed and performance.

Analytics and Research

To help us understand how you are using the Services so that we can make them better, faster, and safer.

Advertising

To enable our partners to serve ads for our products and services, deliver relevant ads to people who may be interested in them on other services, measure the performance of ads, and opt you out of receiving interest-based ads if that is your choice.


  • Web browser or device settings may enable you to clear or decline the use of cookies. For example, on your iOS device, disable the “Allow Apps to Request to Track” setting, and on your Android device, enable the “Opt out of Ads Personalization” setting. However, if you disable the use of cookies, some of the features of our website or mobile applications may not function properly.

How Information Is Shared

We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.

When You Agree or Direct Us To Share

You may direct us to disclose your information to others, such as when you use our community features like the forums, leaderboards, and other special tools. For certain information, we provide you with privacy preferences in account settings and other tools to control how your information is visible to other users of the Services. You may also direct us to share your information in other ways, for example, when you give third-party application or organization access to your account. Remember that the use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party application or organization using your account settings. See Section “Your Rights to Access And Control Your Personal Data” below. If information has already been shared, you will have to revoke consent with that third-party or organization.

For Legal Reasons or To Prevent Harm

  1. We may preserve or disclose information about you to:
    1. Comply with a law, regulation, administrative or judicial process, other legal process, or governmental request;
    2. To assert legal rights or defend against legal claims;
    3. or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
  2. Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
  3. We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in research about aggregate HRV scores, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription Services.
  4. We may share or transfer personal information about you in connection with a merger, acquisition, reorganization, or sale of assets of our business, in the event of bankruptcy, or during the negotiations leading to such an event. We will seek assurances from any buyer that your personal information will be used, shared, maintained, and disclosed consistent with the terms of this privacy policy. We will also give affected users notice before transferring any personal information to a new entity.

YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA

Account Settings

We give you account settings and tools to access, control, and modify your personal information, as described below, regardless of where you live. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.

Right of Access and Deletion

  • You have the right to access, delete and edit all of your personal information within our systems. HeartCloud stores all practice session data for your personal use. The data stored on your desktop or mobile devices will be retained on those devices and requires deletion from those devices and client software separately. To login to your HeartCloud account, go to the Profile Data tab to request a download of your HeartCloud data. If you have questions about this or other data stored by HeartMath, you can contact HeartMath at: dataprotection@heartmath.com or (800) 450-9111.
  • If you choose to delete your account, please note that while most of your information will be deleted within 1 month, we may advise you that we may need an additional 1 month to delete all of your information, like the data recorded by your HeartCloud account and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the Section 4 (How Information Is Shared).
  • If you would like to completely remove your data from our marketing systems, please send your request to support@heartmath.com with “Remove” in subject line.
  • You can control your marketing subscriptions at: https://www.heartmath.com/subscription/
  • Recipients of our newsletters can unsubscribe using the instructions listed at the end of the email newsletter or by sending an email to optout@heartmath.com with the email address used to subscribe.
  • For information you post on our social media accounts, the social media service provider offers features for you to edit and/or delete information you’ve posted. Note that social media companies are subject to the California online erasure law, California Business & Professions Code Section 22581. It allows minors who have posted information on social media or other online services on which they have an account to request and obtain removal of information posted by them. Minors wishing to exercise these rights concerning information posted on HeartMaths social media accounts should contact the social media service provider to exercise these rights. For additional assistance from HeartMath in the removal process, please contact us as described in Section 10 (How to Exercise Your Legal Rights).
  • If your personally identifiable information changes (such as zip code), or if you no longer desire our products or services, please contact Customer Service at (800) 450-9111 or email us, at: support@heartmath.com

Objecting To Data Use

We give you account settings and tools to control our data use. For example, through your privacy settings, you can limit how our information is visible to other users, you can limit how your information is visible to other users of the Services. Using your notification settings, you can limit the notifications you receive from us; and under your application settings, you can revoke the access of third-party applications that your previously connected to your HeartMath account. You can also use the Inner Balance or Global Coherence applications to unpair your devices from your account at any time.

Managing Emails Received from HeartMath

If you want to manage the emails you receive, you need to do this through our subscriptions page. You can control your subscriptions at: https://www.heartmath.com/subscription/

DATA RETENTION

We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep other information, like your coherence score or amount of time spent on sensor, until you use your account settings or tools to delete the data or account, because we use this data to provide you with your personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in Section 2 (How We Use Information) and Section 4 (How Information Is Shared) sections of this document.

OUR POLICIES FOR CHILDREN

We appreciate the importance of taking additional measures to protect children’s privacy.

  • HeartMath allows parents to set up accounts for their children to use with select HeartMath programs (“Children’s Account”). Children’s Accounts are subject to a separate Privacy Policy for Children’s Accounts which explains what information we collect to set up these accounts, which information we collect form a child’s use of our Services, and how we use and share that information. Parents or guardians must consent to the use of their child’s data in accordance with the Privacy Policy for Children’s Accounts in order to create such an account.
  • Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at: privacy@heartmath.com
  • In the instance that the software is being used within a school district, it is incumbent on the school district HeartMath’s to comply with applicable law and is ascertaining parental consent prior to using the software with children under 13.

INFORMATION SECURITY

We work hard to keep your personal information safe. We have a written information security plan to implement and maintain a combination of industry-standard technical, administrative, and physical controls to maintain the security of your personal information. No method of transmitting or storing information is completely secure, however. If you have a security-related concern, please contact Customer Service.

OUR INTERNATIONAL OPERATIONS AND DATA TRANSFERS

We have alliance partners outside the US and they transfer personal information from their countries, including those in the European Union and the UK, to the United States and other countries for the purposes described in this policy.

We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clauses by contacting us.

Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a HeartMath account and click “I agree” to data transfers, irrespective of which country you live in. If you later wish to withdraw your consent, you can delete your HeartMath account as described in the Your Rights To Access and Control Your Personal Data section.

HOW TO EXERCISE YOUR LEGAL RIGHTS

Please review Section “Your Rights To Access and Control Your Personal Data” for how your account settings and tools allow you to exercise your rights under the GDPR and this policy to access and control your personal data.

In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests, including as described in Section 2 (How We Use Information). Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. Please see your notification settings on our subscriptions page at: https://www.heartmath.com/subscription/ to control our marketing communications to you about HeartMath products. Our Cookie Use statement describes your options for controlling how we and our partners use cookies and similar technologies for advertising. Please note that you can always delete your account at any time.

If you need further assistance regarding your rights, please contact our Data Protection Officer at dataprotection@heartmath.com, and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority.

NOTICE TO CALIFORNIA RESIDENTS

See Appendix A to be informed about our practices to maintain the privacy of personal information from California residents.

CHANGES TO THIS POLICY

We may change this policy from time to time. We will make changes by posting a revised copy of this policy to our website or, if we deem it necessary, by email notice to you. Your continued use of our website, applications, and/or social media accounts after a revised version of this policy appears on the website will constitute your approval of the amended version.

WHO WE ARE AND HOW TO CONTACT US

If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at: dataprotection@heartmath.com
You may also contact us at (800) 450-9111.

If you live in the European Union or the UK, you may also contact us at:

HeartMath UK
020 3198 0325
info@heartmath.co.uk

HeartMath Benelux
Op de Locht 31
6241 NR Bunde
Netherlands
+31 43 365 5626

If you reside elsewhere, you may contact us at:

HeartMath LLC
Attn: Legal Department (Privacy Policy)
14700 West Park Ave.
Boulder Creek, CA 95006
U.S.A.


APPENDIX A

NOTICE TO CALIFORNIA RESIDENTS

California Privacy Disclosures

If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act ("CCPA").

How to Exercise Your Legal Rights

You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights To Access and Control Your Personal Data section, for example:

  • By logging into your account and using your HeartMath account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
  • Your account settings also let you exercise your right to delete personal information.
  • To request a deletion, please email support@heartmath.com with the subject “remove”.
  • Here are the links to change your settings:

If you need further assistance regarding your rights, please contact our Data Protection Officer at dataprotection@heartmath.com, and we will consider your request in accordance with applicable laws.

Categories of Information We Collect, Use, and Disclose for Business Purposes

As described in the Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your device, your use of the Services, like subscription, third parties (like the other services you have connected to your HeartMath account and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How We Use Information and How Information Is Shared sections, respectively. The categories are:

  • Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, device ID, cookie ID, and other similar identifiers.
  • Demographic information, such as your gender, age, health information, and physical characteristics or description, which may be protected by law.
  • Commercial information, including your payment information and records of the Services or devices you purchased, obtained, or considered (for example, if you added them to your shopping cart on the HeartMath online store but did not purchase them).
  • Biometric information is all heartrate derived. We also note the practice times and duration.
  • Internet or other electronic network activity information, such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices and computers you use to access the Services.
  • Geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs, if you have granted us access to that information.
  • Electronic, visual, or similar information, such as your profile photo or other photos.
  • For those who received access through their employer, professional or employment related information, including any information (like your name, email address, or similar information) that your employer provides to us so that we can invite you to participate in or determine your eligibility for HeartMath Services that they offer to their employees.

We never sell the personal information of our users. We do work with partners who provide us with advertising services as described in the Analytics and Advertising Services Provided By Others section. To learn more about how these partners collect data and your options for controlling the use of your information for interest-based advertising, please read our Cookie Use statement above.

Changes to the Policy

We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.

Who We Are and How to Contact Us

If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at: dataprotection@heartmath.com

 

Last Modified: August 6, 2023

Version: 2.0

Your privacy is important to us. See our online Privacy Policy to learn more.
Use of HeartMath services and applications requires agreement with the applicable Terms of Service.

Copyright © 2024 HeartMath, Inc., and/or its affiliates.
All Rights Reserved.