Information Collection and Use
CMI collects personal information when you register with CMI or through its Site, or when you use CMI’s products or services. When registering with CMI, we will ask you to provide us with your name, address, email address, phone number, sponsoring provider and monitored health data for which you are registering and other related information that CMI may ask of you from time to time, and you may submit additional information and comments through the Site. It is always your choice whether or not to provide us with such information. If you choose not to provide the requested information you may not be able to use certain features or functions of this Site, or CMI’s products or services. Whenever you visit our Site, CMI also receives and records information on our server logs from your browser, including your IP address, CMI’s cookie information, and the pages you request, and relates it to the PHI you provide. CMI collects and uses information you provide for the following purposes:
Registration — When you register for the Service, we may collect your information as part of the registration process, including but not limited to your name, address, location, sponsoring provider and program preferences.
Self-Reported Health-Related Information — We may collect the information that you enter during the course of using the Service, such as information regarding your health and/or medical condition and related behaviors.
Provider-Reported Health-Related Information — We may collect the information about you that is submitted with your permission by your healthcare provider during the course of using the Service, such as information regarding your health and/or medical condition, including information that is considered protected health information under the HIPAA privacy and security regulations.
Social Information — We collect information that you provide to us pertaining to the people with whom you consent to share your protected health information (such as a family member, another patient or doctor), as well as communications between you and such individuals.
Communications With a Health Professional — We collect communications that take place through the Service between you and your healthcare provider, health manager or health coach.
Public Forums — We collect information that you publicly post through the Service on message boards or other public forums.
Email — If you communicate with us via email, then we will collect your email address.
Automatically Tracked Health-Related Information — We may use automated tracking methods such as cookies, GPS data, and connected accelerometers, to collect information regarding your behaviors relative to the Service.
Demographic Information — We may also collect demographic information, such as age, gender, and geographic location, as part of your profile in the Service.
Surveys — From time to time, we may send you survey question to provide us with feedback on our Service. We collect any responses that you provide.
Mobile Devices — If you are accessing the Service through a program whereby you receive a sponsored CMI-enabled mobile device, we will collect and manage your data and other telephonic information as part of the device provision and maintenance.
CMI is committed to adhering to the Privacy Shield principles. CMI will not process your information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, CMI will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. CMI will adhere to the Privacy Shield principles for as long as it retains any information transmitted while a member of the Privacy Shield. You may affirmatively opt-out of receiving future messages and announcements and remove your name from our mailing lists. The opt-out provisions do not apply to information collected by cookies or used internally to recognize you and/or facilitate your visits to the Site, or information we may retain to comply with legal requirements. You may dis-enroll from the Service at any time by emailing CMI llc. customer service at info@CMI.com. Our Site uses a software technology called “cookies.” Cookies are small text files that we place in visitors’ computer browsers to store their preferences. Cookies themselves do not contain any PII. “Web beacons” are small pieces of code placed on a web page to monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons on our Site from time to time for this purpose.
Information Sharing and Disclosure
CMI does not rent, sell, or share your information with other people or nonaffiliated companies, except to provide products or services you have requested, when we have your authorization to share such information, or when we provide the information to companies or consultants working on behalf of or with us under confidentiality agreements. These companies and consultants may use your PHI to help us communicate with you about offers from CMI and our marketing partners. However, these companies and consultants do not have any independent right to share this information. If CMI ever transfers your information to a third-party, CMI is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. CMI will remain liable under the Privacy Shield principles if its agent processes your personal information in a manner inconsistent with the Privacy Shield principles, unless the third-party organization can prove that it is not responsible for the event giving rise to the damage. We may also be required to disclose your information in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements. We also may disclose your information in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our End User License Agreement, or to verify or enforce compliance with the policies governing our products and services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may transfer your information to an entity or individual that acquires, buys, or merges with CMI, or our other business units.
Confidentiality and Security
We have taken reasonable and necessary steps to ensure that all information collected will remain secure and in its original form, i.e., free from any alteration. We have put in place appropriate physical, electronic, and administrative procedures in an effort to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. CMI is not responsible for and will not be a party to any transactions between you and a third-party provider of products, information or services. CMI does not monitor such interactions to ensure the confidentiality of your PHI and PII, including credit card information. Any separate charges, data records or obligations you incur in your dealings with third parties linked to or in conjunction with CMI’s Service are solely your responsibility.
Accessing Your Information
You may request access to your PHI and request information about our collection, use and disclosure of such information by contacting us at info@CMI.com. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your personal information. Your rights to access your personal information are not absolute. We may deny you access when required by law or if disclosure would likely reveal personal information about a third party. Disclosure for Marketing and Business Purposes We may also license, sell or otherwise share aggregated, de-identified versions of your PHI and other data (“Aggregated Information”) with institutional clients, partners, investors and contractors for any purposes related to our business practices.
Independent Recourse Mechanism
In compliance with the Privacy Shield principles, CMI commits to resolve complaints about your privacy and our collection or use of your personal information. CMI will respond to the inquiry or complaint within forty-five (45) days. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CMI at: info@CMI.com. CMI has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield principles to the JAMS EU-US Privacy Shield program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or your complaint is not satisfactorily addressed by CMI, please visit the JAMS website at: https://www.jamsadr.com/eu-us-privacy-shield for more information or to file complaint. The services of JAMS are provided at no cost to you. Please note that if your complaint is not resolved through these channels, as a last resort and under limited circumstances, a binding arbitration option may be available before a Privacy Shield panel. The Federal Trade Commission (“FTC”) has jurisdiction over CMI’s compliance with the Privacy Shield. CMI is subject to the investigatory and enforcement powers of the FTC.
Questions and Suggestions