Privacy Notice
Effective Date: December 29, 2022
1. PURPOSE
Sugarmate, LLC (“Sugarmate,” “we,” or “us”) respects your right to privacy. Privacy is very important to us, and we understand that privacy is very important to you. This Privacy Notice explains who we are, how we collect, protect, disclose, and use personal information about you, and how you can exercise your privacy rights.
As used in this Privacy Notice, personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal information does not include information that is publicly available, de-identified, or aggregated.
This Privacy Notice applies to personal information that we collect through or in relation to the following, which are described in greater detail throughout this Privacy Notice:
1.1. Our website at https://www.sugarmate.io (“Website”).
1.2. Sugarmate software, including without limitation, our web applications, mobile applications, and third-party integrations (collectively referred to as “Technology” or “Technologies”).
1.3. In-person or online tradeshows, conferences, seminars, webinars, focus groups, or other events in which we participate or host; our social media channels; surveys or questionnaires you voluntarily complete; and any feedback your voluntarily provide to us (collectively referred to as “Promotional and Educational Activity” or “Promotional and Educational Activities”).
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.
2. QUICK LINKS
- What does Sugarmate do?
- What personal information does Sugarmate collect and why?
- How does Sugarmate collect my personal information & interact with me?
- Cookies and similar tracking technology.
- Who does Sugarmate share my personal information with?
- European Economic Area and UK residents – Our legal basis for processing personal information.
- How does Sugarmate keep my personal information secure?
3. WHAT DOES SUGARMATE DO?
Sugarmate develops Technologies that pair with users’ continuous glucose monitor (CGM) devices. Such Technologies provide tools for CGM wearers and their followers to help track and manage many aspects of their diabetes.
4. WHAT PERSONAL INFORMATION DOES SUGARMATE COLLECT AND WHY?
In general, we will use the personal information we collect about you only with your consent or as permitted or required by applicable privacy laws and for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. Your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information we seek to collect, use, or disclose. We may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as conducting our business operations, scientific or historical research purposes, data security purposes, data anonymization purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
4.1. Specifically, the personal information which we collect depends on whether you:
4.1.1. Are the current, potential, or former user of one of our Technologies (collectively referred to as “User” or “Users”).
4.1.2. Are a User’s parent, guardian, or trusted individual who uses or creates an account in our Technologies to follow, track, or help manage a User’s diabetes therapy data (collectively referred to as a “Follower” or “Followers”).
4.1.3. Are a health care provider or a clinic administrator appointed by a health care provider (collectively referred to as “HCP” or “HCPs”).
4.1.4. Are a visitor to our Website or physical offices; attend a Promotional or Educational Activity; request newsletters from us; contact us by email or online form; engage with us through a social media channel; or otherwise voluntarily share your data with us (collectively referred to as “Visitor” or “Visitors”).
If you are an employee of Sugarmate, we will provide you with any required notices during your employment. If you are applying for a job at Sugarmate, we will provide you with any required notices during your application process.
4.2. TECHNOLOGY USER
4.2.1. New or Prospective Patient Information. New, Prospective, or Existing Customers. We may collect personal information from you electronically when you enter information on our Website, email us, send us postal mail, register for and use our Technologies, or participate in Promotional and Educational Activities. We may collect your name, email addresses, log-in credentials (such as username and password), any personal data or images you (or a Follower on your behalf) voluntarily include in your timeline notes, the contact details of your Followers, and/or the contact details of your HCPs. We may use this information to communicate with you, send you information about our Technologies, and to enable your use of our Technology’s functionalities.
4.2.2. We may also collect special category personal data in the form of health information, including without limitation, your diabetes type, your current insulin brand, insulin dosing information, glucose readings, blood sugar ranges, use of medications, information related to your sleep, eating, and exercise habits, and any health information you voluntarily enter into your timeline notes. As with the other personal data we collect, we use your health information to enable your use of our Technology’s functionalities. Our use of this personal information may include:
4.2.2.1. Establishing and managing your Sugarmate account and access to Sugarmate Technologies.
4.2.2.2. Establishing, performing or maintaining an agreement or contract with you.
4.2.2.3. Providing you information about our Technologies that may interest you, subject to applicable marketing laws.
4.2.2.4. Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
4.2.2.5. Processing and responding to your requests.
4.2.2.6. Complying with applicable law.
4.2.2.7. Establishing, exercising, or defending our legal claims.
4.2.2.8. Carrying out any other purpose(s) set forth in any additional consent you provide.
4.2.2.9. Providing technical support that you request regarding our Technologies.
4.2.2.10. Operating and managing our business (including developing, maintaining and supporting our Technologies).
4.2.3. Customer Support Inquiries. You may contact us via online chat, email, post, in person, or through our Technologies if you have a question about one of our Technologies or Promotional and Education Activities. We may collect your name, the reason for your inquiry, information necessary so that we may address the reason for your inquiry, and any other personal information you voluntarily provide us.
4.2.4. Promotional and Educational Activities. Your participation in Promotional and Educational Activities is entirely voluntary. We may use the information you provide to help us develop and improve our Technologies and other Promotional and Educational Activities, and to optimize your satisfaction, usability, and understanding of them.
4.2.5. Information that we collect automatically. When you visit our Website, use our Technologies, or participate in Promotional and Educational Activities, we may collect certain information automatically from your computer, mobile phone, table, or other device. In some countries this information may be considered personal information under applicable data protection laws.
4.2.5.1. The information we collect automatically may include, for example, your IP address, device type, device operating system, unique device identification numbers, browser-type, internet service provider, diagnostic performance reports, broad geographic location (e.g. country or county), which webpages you visited and when, and other similar technical information like software type, version, language, settings, and configuration. We may also collect information about how you or your device has interacted with our Technologies, Promotional and Educational Activities, and our Website.
4.2.5.2. Collecting this information enables us to make sure our Technologies are compatible with your devices. This information also allows us to administer our Website, diagnose problems with our networks and servers, better understand who visits our Website and/or uses our Technologies, where they are located, and what content on our Website and/or Technologies is of interest to them. We may use this information for internal analytics and to improve the quality and relevance of our Website, Products, and/or Promotional and Educational Activities.
4.2.5.3. Some of this information may be collected using Cookies and similar tracking technology, as explained and further defined under the heading “Cookies and Similar Tracking Technology” below.
4.2.6. Information we may obtain upon integrations with third parties. From time to time, we may receive personal information about you from third-party sources if you voluntarily integrate a third-party product or service with our Technologies, voluntarily integrate our Technologies with a third-party product or service, or authorize a third-party data service to provide information about you to us. The types of information we collect from third parties may include your name, your date of birth, biometrics, gender, glucose readings, existence of a health condition that may adversely impact your therapy (such as pregnancy status, retinopathy, or neuropathy), and/or daily events such as time and duration of exercise, meal times, or sleep duration.
4.2.6.1. Examples of such third parties include, without limitation, Dexcom, data received through Apple Health and/or Google Fit, data received from Nightscout, Amazon Alexa, Intercom, Siri Shortcuts, and iCloud.
4.3. FOLLOWERS
4.3.1. Information you provide voluntarily. If you sign up for a Follower account, we may collect your name, contact information, username and password, and a Sugarmate-assigned ID number. We may collect this data to provide you with access to your account, allow you to view the information of the person or people you are following, allow a User to contact you in the event of any pump-related issues or alarms, and ensure proper authentication to the Technology. If you contact use regarding a troubleshooting or Technology functionality issue, we may collect your name and any personal data you provide that helps us to address your issues. We may also collect any personal data that you voluntarily add to a User’s timeline notes if a User has given you permission to do so.
4.3.2. Information we collect automatically. This is the same as the information we may collect automatically from Users, as described above.
4.4. VISITORS
4.4.1. Information you provide voluntarily. If you enter information on our Website, visit our physical offices, participate in Promotional and Educational Activities, register for a Sugarmate mailing list, sign up for our newsletter, submit information to us via email or a web form, or contact us via post, we may collect your name, contact information, the reason you contacted us, and any personal information you voluntarily provide us.
4.4.1.1. If you interact or engage with us through Social Media platforms, including but not limited to Facebook, Twitter, Instagram, or Reddit, we may collect the content of your post (which may include photographs or videos you post), the nature of your interaction (such as a “Like” or a “Retweet”), and your screen name.
4.4.2. Information we collect automatically. This is the same as the information we may collect automatically from Users, as described above. We may also collect CCTV security surveillance footage when you are physically present on Sugarmate premises.
5. HOW DOES SUGARMATE COLLECT MY PERSONAL INFORMATION & INTERACT WITH ME?
5.1. Directly.
Sugarmate may collect personal information about you when you provide it to us directly. For example, when you enter information on our Website and/or our Technologies, post on our social media channels, email us, or otherwise provide us personal information about you.
5.2. THROUGH THIRD PARTIES
Sugarmate may collect personal information about you from third parties when you allow authorized third parties to provide it to us. For example, we may collect information about you from third parties when you integrate a third party’s product with our Technologies or otherwise authorize a third-party data service to provide personal information to us. We may also collect personal information about you from third parties who host social media webpages that we manage, consistent with applicable privacy and data protection regulations. Refer to the “Information that we obtain upon integrations with third parties” section above for more details.
5.3. INDIRECTLY
5.3.1. Cookies and similar tracking technology.
5.3.2. We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our websites and Technologies and to help collect data, including other identifiers and device information and usage data.
5.3.3. Cookies are small text files stored directly on your device that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.
5.3.4. Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website. When your browser opens a webpage that contains a web beacon, it automatically connects to the web server that hosts the image (typically hosted by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third party content on our Website (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also may include web beacons in our promotional email messages or newsletters to tell us if you open and act on them.
5.3.5. Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps may contain software that enables our third-party analytics partners to access mobile IDs.
5.3.6. We and our analytics partners use these technologies in our Website and Technologies, and may use them to collect personal information (such as browser type, mobile device identifier, the IP address of your device, the cookies stored on your browser, time spent on the services, pages visited, language preferences, and other anonymous traffic data) when you visit our Website or use our Technologies. We and our partners may also use this personal information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Technologies. We may also use cookies and similar technologies to gather statistical information about use of our Website and Technologies in order to continually improve their design and functionality, to understand how they are used, and to assist us with resolving questions regarding them. Cookies and similar technologies further allow us to fulfill other legitimate, business, and operational purposes. We and/or our partners may also share the information we collect of infer with third parties for these purposes.
5.4. The third-party analytics providers we use on our websites include:
Company
Service
Privacy Notices
Manage Settings (opt-out)
Google Analytics
https://www.google.com/policies/privacy/partners
https://tools.google.com/dlpage/gaoptout
Google Tag Manager
https://www.google.com/policies/privacy/partners
https://policies.google.com/technologies/partner-sites
New Relic
https://newrelic.com/termsandconditions/services-notices
Email requests to PersonalDataRequests[at]NewRelic.com
5.5. To learn about their privacy practices and how to opt-out from some types of their uses of cookie data, click on the links above.
5.6. Many of these companies are also members of associations, which provide a simple way to opt out of analytics, which you can access at:
5.6.1. United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/);
5.6.2. Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/); and
5.6.3. Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/).
5.7. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. If, however, you do not accept these cookies, you may experience some inconvenience in your use of the Products and Services. For example, we may not be able to recognize your computer, and you may need to log in every time you visit.
5.8. In addition, iOS and Android operating systems provide options to limit tracking and/or reset advertising IDs.
5.9. To control web beacons, most email clients have settings which allow you prevent the automatic downloading of images, which will disable web beacons in the email messages you read.
6. WHO DOES SUGARMATE SHARE MY PERSONAL INFORMATION WITH?
In general, we may share your personal information with people and organizations to accomplish the purposes of our data collection described in this Privacy Notice. Specifically, we may disclose your personal information to the following categories of recipients. At times, we may also share your data in a way that is not described in this Privacy Notice, and if we do, we will inform you of our data sharing practices at the time we collect the information and obtain your consent prior to such sharing, if required by applicable law.
6.1. A person or entity with your consent to the disclosure (for example, your Followers), if required by applicable law.
6.2. A person or entity that you allow us to share your personal data with, such as people with whom you voluntarily share your account.
6.3. Our affiliates and subsidiaries, to perform our joint business operations, and to provide you with applicable Technologies.
6.4. Third party services providers and partners who provide services to us and/or you, such as cloud service providers. We may also share your personal information with third party companies when you have given us permission to do so. Examples of third parties with whom Sugarmate may share your personal data include Dexcom, Nightscout, Zapier, FatSecret, Twilio, iCloud, or Google services.
6.5. An actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, reorganization, merger or acquisition of all or part of our business, debt financing, sale of any company assets or similar transactions as well as in the event of bankruptcy or receivership where personal information could be transferred to third parties as a business added. Provided that in each instance we must use your personal information only for the purposes disclosed in this Privacy Notice.
6.6. Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary or required: (i) as a matter of applicable law or regulation, such as in the event of an adverse event arising from use of our Technologies, or in accordance with breach notification requirements; (ii) to exercise, establish or defend our legal rights; (iii) to protect your vital interests or those of any other person; (iv) to help with public health and safety issues; or (v) to comply with law enforcement proceedings.
We do not sell your personal data. We do not share your personal information for marketing purposes unless you give us permission to do so. Pursuant to local laws, we may remove the identifiers from your personal information in a way that such personal information can no longer be used to identify you and we may share this personal information (called “de-identified” or “anonymized” data) with third-parties for any lawful purpose.
7. EUROPEAN ECONOMIC AREA AND UK RESIDENTS – OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
If you are an individual from the European Economic Area and the U.K., our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, e.g., an adverse event relating to the use of our Technologies.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Website and provide our Technologies and/or Promotional and Educational Activities to you, and to communicate with you as necessary regarding the same. In addition, we may rely on our legitimate commercial interest, for instance, when responding to your queries, improving our Technologies, undertaking marketing, protecting against or detecting illegal activities to process your information, or to protect the physical and electronic security of your data.
Given the nature of our business, we may process special categories of your personal data in the form of health information. This information includes diabetes therapy data, such as your glucose levels, biometrics, and related exercise and eating habits. We will obtain your explicit consent prior to processing such information.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
8. HOW DOES SUGARMATE KEEP MY PERSONAL INFORMATION SECURE?
We use appropriate administrative, technical, physical, and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include, but are not limited to, encryption, user access and authentication controls, and event logging. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed as being 100% secure.
9. INTERNATIONAL DATA TRANSFERS
Sugarmate Technologies are offered in several counties worldwide and we may therefor process or transfer your personal information to countries other than the country in which you reside. Your personal information may be stored on servers outside of your country of residence. If so, your personal information may be subject to those countries’ data protection laws, which may be different from the laws of your country. Those laws may require disclosure of your Personal Information to authorities in that country.
However, we implement appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. If you live Canada and would like to receive written information about our policies and practices regarding service providers outside of Canada, please refer to the “How to contact us” heading below.
10. DATA RETENTION
We retain personal information we collect from you in accordance with applicable laws and regulations. In some jurisdictions, we retain your personal information when where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). In other jurisdictions, we will retain your personal data for as long as necessary to fulfil the purposes for which that personal information was collected.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible
11. YOUR DATA PROTECTION RIGHTS
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To request to exercise these rights, please contact us in writing using the contact details provided under the “How to contact us” heading below. Please note your rights may differ depending on where you reside.
11.1. For EU or UK residents:
11.1.1. If you wish to access, request a copy of, correct, or update of your personal information, you can do so at any time. In some limited circumstances, we may be allowed to charge you a reasonable fee for the administrative costs of complying with an access request.
11.1.2. In addition, you can object to processing of your personal information and ask us to restrict or limit processing of your personal information. Please note that in some instances, we may say “no” to your request if it would affect your care.
11.1.3. You have the right to opt-out of Promotional and Educational Activities and other marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the Promotional, Educational, or marketing e-mails we send you. To opt-out of other forms of Promotional and Educational Activities and other marketing communications (such as by post or telephone), then please contact us using the contact details provided below.
11.1.4. Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Where required by law, we will inform you of the consequences of withdrawing your consent.
11.1.5. You can designate someone to act on your behalf, for example, if you have given someone power of attorney or if someone is your legal guardian, then that person can exercise your rights and make choices about your personal information including your health care data. We will make sure the person has this authority and can act for you before we take any action.
11.1.6. You have the right to complain about our collection and use of your personal information. If you have a complaint, please contact us using the mailing details under the “How to Contact Us” heading below). To contact the applicable regulators in your country:
11.1.7. If you live in the EU, you can lodge a complaint with your local data protection authority Contact details for data protection authorities in the European Economic Area are available here.
11.1.8. If you live in the UK, you can lodge a complaint with Information Commissioner’s Office, via the contact details located here.
11.1.9. You have the right to request deletion of your personal data we process.
11.2. If you are a Canadian resident, you have the following additional right under the Personal Information Protection and Electronic Documents Act (“PIPEDA”):
11.2.1. You have the right to request an account of the use that has been made or is being made of your personal information and an account of the third parties to which it has been disclosed.
12. CHILDREN’S PERSONAL INFORMATION
From time to time, Sugarmate may host a web page or pages or other online service which are available, in part, to children (the age of a “child” differs among countries and states). However, we do not intend to collect personal information from these individuals unless the information is collected from a parent or guardian.
While we cannot stop a child from accessing a web page or an online service, we do not collect any personal information without making it clear that the person providing the personal information must be at minimum a specific age.
If you are a parent or guardian and believe your child who is underaged has provided us with personal information that you would like to review or request be deleted please contact us at privacy@sugarmate.io.
If we learn that we have personal information from a child without permission from the child’s parent or guardian, we will remove and/or delete that personal information pending receipt of an appropriate consent.
13. DO-NOT-TRACK DISCLOSURES
At this time, our Website does not respond to Do Not Track (“DNT”) signals sent from your web browser. A uniform standard has not yet been adopted to determine how DNT signals should be interpreted and what actions should be taken by websites and third parties that receive them.
14. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time as we deem necessary and in our sole discretion. When we update our Privacy Notice, notice will be provided on our Website or as otherwise required by applicable law. We encourage you to periodically review this Privacy Notice to stay informed about how we collect, use and share personal information. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the Effective Date displayed at the top of this Privacy Notice. Any changes to this Privacy Notice take effect immediately after being posted or otherwise provided by Sugarmate.
15. HOW TO CONTACT US
If you have any questions or concerns about our use of your personal information, please contact our local representative by email or by post at:
15.1. If you reside in the U.S.:
Sugarmate, LLC
11075 Roselle Street
San Diego, CA 92121
Email: privacy@sugarmate.io
15.2. If you reside in the European Economic Area or UK, please contact:
Sugarmate directly at privacy@sugarmate.io, or contact Sugarmate’s Data Protection Officer at:
Fieldfisher LLP
Attn: Data Privacy
Riverbank House
2 Swan Lane
London
EC4R 3TT
Email: DPO@tandemdiabetes.com
The data controller of your personal information is Sugarmate, LLC.