The Global Kinetics group of companies, being Global Kinetics Pty Ltd and its subsidiaries (listed below) (“GK”, “we”, “our” or “us”) is committed to safeguarding the privacy of our providers, patients, customers, website and web-based portal and e-learning portal users and of the data collected on individuals through the use of our Services. GK is the provider and manufacturer of a system inclusive of the medical device known as the PKG® Watch; the GK websites, the web-based portal, the e-learning portal, iPad or tablet-based application used to upload data, download and display results, the PKG Report generated from the data collected through the aforementioned components; and the PKG as system hereinafter referred to as the (“Services”). The GK websites, web-based portal, e-learning portal and the iPad and tablet-based application are collectively referred to herein as the “Sites”.
Global Kinetics Pty Ltd (GK P/L) is a corporation formed and operating in Australia with offices in the United Kingdom and the United States. The following are GK P/L subsidiaries:
A. GKC Manufacturing Pty Ltd
B. Global Kinetics Corporation EU Sales and Marketing Limited
C. Global Kinetics Corporation GmbH
D. Global Kinetics USA Corporation
E. Global Kinetics Corporation UK
F. Global Kinetics Corporation Sweden Filial
GK P/L’s principal place of business is at Level 9/31 Queen Street, Melbourne, VIC 3000, Australia. Should you have any privacy questions you may contact GK by sending an email to GK’s Privacy and Data Protection Officer at firstname.lastname@example.org or Global Kinetics Pty Ltd Attention: Privacy and Data Protection Officer Level 9, 31 Queen Street Melbourne, Victoria 3000, Australia.
3. Personal Information Collected and How We Use It
4. Types of Information Collected from you or Third Parties
5. How we use your Personal Information
6. Sharing Personal Information with Third Parties
7. Your Privacy Rights
8. Data Retention
9. For Individuals Located in the EU/EEA and the UK
10. International Data Transfers
12. US Residents
13. California Residents and your Rights Under The California Consumer Privacy Act Of 2018 (“CCPA”)
15. Security and User Credentials for Services
16. Complaint Information
1.1. “Personal Information” means any information relating to an identified or identifiable natural person. Such a person is one who can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
1.2. “Protected Health Information” (“PHI”) means any health information, including demographic information that is created or received by GK that relates to the provision of health care for an individual, decisions about the individual’s healthcare, payment for health services for an individual, or can be used to identify the individual receiving health care services. Health information that does not identify a patient is not PHI and does not need to be treated consistent with the principles set forth in this policy.
2. Personal Information Collected and How We Use It
2.1. When PHI and/or Personal Information is Collected from you or Third Parties
2.1.1. GK collects PHI and Personal Information when it is voluntarily submitted to us for purposes of receiving Services, when a user registers for updates, or when we are contacted via the Sites or other channels. In some cases, GK is required by the law to collect Personal Information to comply with its regulatory obligations, such as responding to safety concerns about its products.
2.1.2. If you are a healthcare professional, GK may collect Personal Information from you when communicating with you by telephone, mail and email, including when providing technical and customer support, when you participate in GK sponsored educational events, conferences and research grants, or when you use GK’s e-learning portal or customer or product information services.
2.1.3. If you are a patient, GK may collect PHI and Personal Information from or about you in the course of providing technical assistance about its products to you or to your healthcare professional, communicating with you by telephone, mail and email, including when providing technical and customer support, when you participate in GK sponsored programs, including clinical trials, or when you use GK’s customer or product information services.
2.1.4. Healthcare providers, when directly engaged by a patient, may provide us with information about their practices, including address, phone number, email, job title, and the name and contact information of other providers involved in a patient’s care.
2.2. Information Collected Via the Sites
2.2.1. When you visit our Sites, we and our third-party partners automatically obtain certain information about you from your computer.
2.2.2. The information collected may include the:
220.127.116.11. name of the domain from which you access the Internet;
18.104.22.168. Internet Protocol address (“IP Address”) of the computer you are using;
22.214.171.124. type of browser and operating system you are using;
126.96.36.199. date and time you access our Sites;
188.8.131.52. internet address of the site from which you linked directly to our Sites;
184.108.40.206. pages on the Sites you have visited;
220.127.116.11. search terms you use; and
18.104.22.168. links on which you click.
2.3. Cookies and Web Beacons
3. Types of Information Collected from you or Third Parties
3.1. GK collects, stores and uses PHI or Personal Information, including, full name, date of birth, payment information (e.g. credit card) and contact details such as email address, phone number, shipping/billing address and contact preferences.
3.2. In addition to section 3.1, if you are a patient, GK may collect PHI and Personal Information which includes the identity of physicians and other health care providers who have examined and/or treated you, disease-specific diagnostic information about you, and any information about you that you or a health care provider inputs into GK’s Sites, details of your Parkinson’s disease medication times, dosages, and types, your movement data collected by the GK device when you wear it, a patient code, prescription code, or other patient assignation assigned by your treating clinic, whether you are treated with advanced Parkinson’s disease therapies, the side of your body most affected by Parkinson’s disease, information about your daily activities or symptoms, details of your healthcare professional, details of your use of the GK device, the performance of your GK device, product data, such as the model and usage of your device, any specific products or services you want to learn about, and data that is collected directly from the GK device itself after it has been worn by you. Some of this information is generated in the analysis process. This includes the movement recording data which comprises raw accelerometry data, bradykinesia, dyskinesia and fluctuation scores, immobility, tremor, off-wrist time and self-reported medication timing.
3.3. In addition to section 3.1, if you are a healthcare professional, additional Personal Information GK may collect from you includes your title, medical specialty, the clinic you practice at and your clinical interests.
4. How we use your Personal Information
4.1. GK will use your PHI and Personal Information for the primary purpose for which it is collected, which includes the following purposes:
4.1.1. in the course of sale, distribution or provision of Services that have been requested by you or your healthcare provider(s);
4.1.2. supporting you and your healthcare professional in your use of the Services and your ongoing care including in providing your healthcare professional with your PKG report and, in some cases, a written summary of key measures on your PKG report. (Your PHI and Personal Information may be shared with third parties who are contracted to assist GK in preparing or summarising the PKG report. These third parties are obliged by law to protect your PHI and Personal Information);
4.1.3. administering training programs including the e-learning portal, clinical trials or other similar programs that you agree to be involved in;
4.1.4. compliance with legal and regulatory requirements, such as maintaining a record of medical queries, complaints, adverse events and recalls relating to GK medical devices, maintaining tax and accounting-related records, or complying with transparency or anti-gift obligations;
4.1.5. providing you with updated product or safety information regarding GK medical devices;
4.1.6. managing, planning and arranging meetings between you and a GK representative that you have agreed to participate in;
4.1.7. maintaining business records;
4.1.8. accessing applications for employment and acting as an employer;
4.1.9. managing accounts and ensuring that GK receives payment for its products and Services;
4.1.10. using data in connection with dispute resolution, legal claims, compliance, and/or regulatory and investigative purposes as deemed necessary by us or our advisors (including disclosure of such information in connection with legal process or litigation);
4.1.11. pursuing all purposes permitted or required by law, and purposes for which you have provided affirmative consent; and
4.1.12. we may also compile anonymous aggregate statistics. GK uses various technical measures to gather and anonymize these statistics to mask them from being associated with any particular individual. This tracking is necessary to help us customize and continually improve our users’ experience, to gather demographic information about our user base and the visitors to our Sites, to offer our products and Services, to monitor and track our marketing programs, and to serve targeted advertising on our Sites and on other websites around the Internet.
4.2. With your consent where required (and otherwise in our or third parties’ legitimate interests), GK may send you promotional communications, including updates on products and Services offered by GK, or about activities, products or developments in medical technology that GK believes may be of interest to you. You may opt-out of receiving marketing/promotional communications by updating your account settings, by sending written request to stop receiving marketing communication to email@example.com, or by following the unsubscribe instructions within any marketing/promotional communication you receive from GK.
5. Sharing Personal Information with Third Parties
5.1. GK will only use or disclose your PHI or Personal Information for a purpose that was not the primary purpose for which GK collected it only if GK has your consent, or, for individuals subject to Australian Privacy laws, if you would reasonably expect us to do so.
5.2. If you are a user of the GK e-learning portal we may share your Personal Information, including information about your use of the e-learning portal, with your employer. GK does so in its legitimate interests to fulfil its contractual obligations with your employer.
5.3. GK will only disclose patient PHI without consent in only very limited circumstances, such as where required by law, in the event of a serious threat to life or health, or where doing so is necessary in connection with a patient’s ongoing care.
5.5. GK will not sell or rent your Personal Information to any other company or organization. Information about you, including Personal Information, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy or receivership in which information is transferred to one or more third parties as one of our business assets.
6. Your Privacy Rights
6.2. If you would like to access, review, correct, delete, or inquire about your PHI or information, place limitations on the collection or processing of your information, or revoke your consent, please send us a written request to firstname.lastname@example.org. GK may need to take additional steps, such as to verify your identity, before GK can grant your request. As permitted by law, GK will notify you of any legal basis for any delay or denial in fulfilling your request. GK’s continued use of your Personal Information, after you withdraw your consent to its use, may be required for GK to comply with applicable laws and regulations or other purposes for which your consent is not a legal prerequisite. In certain situations, GK also may charge you a reasonable fee to provide you with a copy of your records.
7. Data Retention
7.1. Where our retention of certain data is required by law (such as medical device laws), we retain it for the period implicitly or explicitly required by those laws.
7.2. If we have a contract with you, the Personal Information provided in connection with that contract will be retained (at least) for the duration of your contract and for an appropriate duration after its termination to protect us from, or otherwise be used in connection with, legal or administrative proceedings.
7.3. Any Personal Information we store for analytics purposes will be retained for 8 years.
7.4. Otherwise, your PHI and Personal Information will only be retained to the extent reasonably required for the above purposes and as required or permitted by law.
7.5. Upon expiration of the applicable retention period we will securely destroy your Personal Information in accordance with applicable laws and regulations.
8. For Individuals Located in the EU/EEA and the UK
8.2. If you are a patient we generally process your data under the instructions of your healthcare provider, who will be the controller for your data. Your healthcare provider, as controller, will determine the legal bases for processing your personal data and should be contacted if you have any questions about your personal data. GK processes the following types of personal data when acting as a processor for a healthcare provider as controller:
|To deliver the PKG System or e-learning portal and provide associated customer and technical support including (a) if you are a patient, your contact details such as email address, phone number, shipping/billing address and your contact preferences; data to help us confirm your identity including, date of birth, a patient code assigned by your doctor, health insurer codes (where applicable), your NHS number (for UK patients) and details of other healthcare providers involved in your care or (b) if you are staff of a healthcare provider, your name, username, email, name of hospital or clinic you work with, your job title and your preferred language; Correspondence or contact from you via our website or other channels connected with the set up and operation of the PKG System.|
|To record your symptoms, medication regime and any side effects from treatments using the PKG System and to report on your health status. Data includes Health data: movement information (changes in movement, immobility, tremor), consideration of and ordering of tests, medication doses and timings and confirmation of taking medications (where this feature has been enabled). Periods where the watch was not worn are also captured. We analyse the data collected by the watch by extracting it and the end of the recording period and putting it through a special algorithm. The data produced will also be your Personal Information.|
|Effectively anonymising the data for research purposes|
8.3. Where GK is acting as a controller of personal data, the following applies:
|To provide our Services: To deliver the e-learning portal and provide associated user and technical support we may collect your name, username, email, name of hospital or clinic you work with, your job title, your preferred language, your interactions with the e-learning portal, the results of any training exercise undertaken on the e-learning portal, and correspondence or contact from you connected with the set up and operation of the e-learning portal. We may share this information with your hospital or clinic employer.||Legitimate interests|
|Responding to Requests or Inquiries: We may use information that you provide to us to take the steps necessary to respond to your requests. For example, you may inquire about a product or subscribe to one of our mailing lists. Depending on your request, we may collect your contact information (such as your name, mailing address, telephone number) and any other information you provide to us.||Consent; Legitimate interests|
|Personalising your Experience. We may collect certain information about you, your preferences, and how you have interacted with us in the past in order to understand your interest in our products and Services so that we can best serve you. This may include information about your contact and product preferences, languages, marketing preferences, and demographic data.||Consent|
|To run and maintain our Sites. We use this information to secure our Sites, network systems, and other assets. This may include information concerning your IP address, geographic location, resources you have accessed, and similar information.||Legitimate interests|
|To send important notices regarding our Services, including changes to our terms, conditions, and policies. If we need to contact you regarding important notices, we will use information you have provided to us such as your name and email address.||Legitimate interests|
|To comply with GK’s legal obligations GK. We may use all information we have collected from or about you as necessary to comply with a legal obligation to which we are subject including those relating to the safety of our device (including complaint handling or post market surveillance as required by medical device regulation) and where this is in our legitimate interests in the context of legal claims.||Legal obligation|
|In the event of a corporate transaction such as a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, to transfer, or assign to third parties information concerning your relationship with us, including, without limitation, Personal Information that you provide to us and other information concerning your relationship with us.||Legal Obligation; Legitimate interests|
8.4. With respect to English NHS patients and social care users, we will comply with the National Data Opt-out policy, to the extent applicable; more information about this can be found here.
8.5. If you are located in the UK, we may also process your health data on an effectively anonymous basis for research purposes. This means that GK undertakes a process to remove personal identifiers in such a way that individuals are no longer identifiable.
8.6. If you are located in the EU, we may also process your health data on a pseudonymised basis for research purposes if instructed by the data controller.
8.7. With respect to Personal Information that is collected through your use of the Sites, the GK entity that provides the respective Site will be the controller unless otherwise set out at the point where we collect data (e.g., on a contact form). Please refer to the information on the respective Site to find out who the provider for a particular Site is.
8.8. For interactions that do not go through one of our Sites, please refer to the information provided at the point of contact to find out which GK entity is processing on behalf of the point of contact or is the controller.
8.9. The relevant GK entity for your information is as set out below:
8.9.1. For the UK, Global Kinetics Corporation UK;
8.9.2. For the Netherlands, Germany, France, Global Kinetics Corporation GmbH;
8.9.3. For the Nordics, Global Kinetics Corporation Sweden Filial.
8.10. If you are located in the EEA or the UK, you have certain rights in relation to Personal Information collected about you:
8.10.1. Access: You have the right to obtain confirmation as to whether we process your Personal Information, access to such Personal Information as well as to information regarding the purposes of such processing, the categories of Personal Information concerned, the recipients, the period for which the information will be stored, your rights, and possibly the source of the information.
8.10.2. Portability: You have the right to receive a copy of the information we hold about you in case you have given us consent and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
8.10.3. Correction: You have the right to request correction of any personal information about you we hold that is inaccurate.
8.10.4. Erasure: In certain circumstances, you have the right to delete the information we hold about you.
8.10.5. Restriction of processing to storage only: You have the right to require us to stop processing the information we hold about you, other than for storage purposes, in certain circumstances.
8.10.6. Objection: You have the right to object to our processing of Personal Information about you on grounds of your particular situation in case we process such information for our legitimate interests.
8.10.7. Objection to marketing: You can object to marketing at any time, including by opting-out using the unsubscribe/opt-out function displayed in our communications to you.
8.10.8. Withdrawal of consent: You have the right to withdraw your consent at any time.
8.11. A number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain personal information about you.
8.12. To exercise any of the rights in this section, please contact the Data Protection Officer at email@example.com. We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).
9. International Data Transfers
11. US Residents
11.1. For patients or providers residing within the US, all Protected Health Information is stored, transmitted and maintained in compliance with the Health Information Portability and Accountability Act (HIPAA) as well as the Health Information Technology for Economic and Clinical Health Act, (“HITECH”), enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111–5). If you are a US resident and believe that GK has violated your privacy rights under HIPAA or HITECH you may file a written complaint with the US Department of Health and Human Services – Office for Civil Rights. GK honors your right to express concerns regarding your privacy. GK would not – nor could it legally or ethically – retaliate or take action against you for filing a concern or complaint regarding the use, disclosure, and rights of your protected health information.
11.2. US patients may request access to any PHI GK holds in a designated records set as defined under the HIPAA privacy rule. This right of access includes an individual’s right to inspect or obtain a copy, or both, of their PHI held by GK, or request GK direct a copy of that individual’s PHI to a third party, within thirty (30) calendar days, or sooner if required within your state of residence. This right of access to PHI will remain in place for as long as GK maintains the PHI. A copy of electronic PHI may be obtained upon written request, for a reasonable fee. To request a copy of your designated records set, please contact GK’s Privacy and Data Protection Officer at firstname.lastname@example.org or Global Kinetics Pty Ltd Attention: Data Privacy Officer Level 9, 31 Queen Street Melbourne, Victoria 3000, Australia. Upon receiving your request, GK will take appropriate steps to verify your identity and alert you to any fees that may be associated with your request.
12. California Residents and your Rights Under The California Consumer Privacy Act Of 2018 (“CCPA”)
12.1. California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. GK, through our Sites or through the provision of Services, may have collected information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. GK does not knowingly disclose to third parties any Personal Information about users for their use for direct marketing purposes. To learn more about the Personal Information we may have collected and what your rights are under the CCPA please review the Notice to California Residents under the CCPA. https://oag.ca.gov/privacy/ccpa.
13.1. If you are considered a minor in the country in which you live (for example, under the age of 13 in the United States, under 16 in the EU and under 18 in Australia), you must obtain the authorization of a responsible adult (parent, legal custodian) before using or accessing the Site. We will not knowingly collect or use any Personal Information from any minors. If we become aware that we have collected any Personal Information from minors without their parent or guardian’s consent, we will promptly remove such information from our databases.
14. Security and User Credentials for Services
14.1. You may be issued a secure user ID and have the opportunity to set up your password for access to any of the Sites and GK Services. Individuals with user IDs are solely responsible for the maintenance, confidentiality and security of their copy of their individual user ID and password. Save as otherwise provided by law, you also agree that you will be solely responsible for any activities conducted in connection with the Sites and the Services using those credentials. User IDs and passwords are personal, unique to each individual user, and should never be shared with or disclosed to anyone other than the designated user.
14.2. Please immediately notify GK at email@example.com of any known or suspected unauthorized use of your user ID and/or password of which you become aware.
14.3. Information that you provide to GK through our Sites or Services is encrypted using industry standard Secure Sockets Layer / Transport Layer Security (SSL/TLS) technology, with the exception of information you send to us via email. Your information is processed and stored on controlled servers with restricted access. Due to factors outside our control (patient-owned computers infected with malware, etc.), we cannot ensure or warrant the security of any information you transmit, and you therefore understand and agree that you do so at your own risk.
15. Complaint Information
15.1. You have the right to complain to the data protection authority in the location in which you live, work or believe a data protection breach has occurred. In the United Kingdom, the lead supervisory authority is the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/. In the EEA, the lead supervisory authority is the Irish Data Protection Commission: https://www.dataprotection.ie/en/contact/how-contact-us. In the US, the applicable supervisory authority is the U.S. Department of Health & Human Services (HHS) Office of Civil Rights (OCR): https://www.hhs.gov/ocr/about-us/contact-us/index.html. In Australia, the applicable supervisory authority is the Office of Australian Information Commissioner (OAIC): https://www.oaic.gov.au/about-us/contact-us/.
Date: 22 November 2022