The personal and other information that we collect about you is controlled by Embr Labs, which is headquartered in Boston, Massachusetts. As described in the section below, entitled “Information for Users from Outside the United States,” the information that we collect through or in connection with the Services may be transferred to and processed in the United States.
What personal and other information we collect about you
Embr Labs collects both “personal information” and “other information” about users. For purposes of this Policy, “other information” is information that the Company cannot directly associate with a specific person without the aid of additional information. By contrast, “personal information,” is information such as a name or email address that the Company can directly associate with a specific person or entity without additional information. When we combine other information with personal information, we treat all of the combined information as personal information.
Personal information. Through our Services, we may collect some personal information from you. Such information could include, for example, the following:
- Contact and account information. This may include your name, email address, account and login information, physical address and telephone number.
- Financial information. We may collect information such as your credit card or debit card number, bank account information and your payment, service and purchase history.
- Sensitive personal information. We may collect information such as general geolocation data, gender, height, weight, and date of birth. Our device may also collect skin temperature readings and health needs from you.
- Social media information. We may also receive personal information from your social media or other third-party account provider (such as Facebook, Google, or Twitter) if you log into our Services using your social media account or link your social media or other account to the Services. In those circumstances, we may receive information from the third party, such as your email, username, and certain other information.
- Other information. Our online contact form also contains a “comments” field through which you may submit additional personal information.
We may combine personal information collected through the Services with other information that we or third parties collect about you in other contexts—such as our communications with you via email. We will treat such combined information as personal information and protect it in accordance with this Policy.
Other information. We also collect other information through the Services. Such information may be collected passively using various technologies, or via submission of data by devices configured to work with the Services. We may use such information to track, for example, your usage of the mobile application and Embr Wave® devices. Other information may be collected in the following ways:
Log data. When you use the Services, we automatically receive and record certain information from your computer, mobile phone, or other devices. This may include data such as your IP address and domain name, the pages you visit or the features you use within the Services, the date and time of your activities on the Services, the files that you download, the URLs from the websites you visit before and after navigating to the Services, your software and hardware attributes (including operating system type and version, app version, device type, and device IDs), your browser type and version, your general geographic location (e.g., your city, state, or metropolitan region), and certain cookie information (see below). To obtain such information, we may use web logs or applications that recognize your computer or device and gather information about its online activity.
Web beacons. The Services or the emails that you receive from us may use an application known as a “web beacon” (also known as a “clear gif” or “pixel tag”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include personal information. For example, it allows an email sender to determine whether a user has opened a particular email.
Third-party online tracking and interest-based advertising. We also may partner with certain third parties to collect, analyze, and use some of the information described in this section. For example, we may allow third parties to set cookies or use web beacons on the website or in email communications from us. This information may be used for a variety of purposes, including online interest-based advertising, as discussed below (see the section entitled “Third-party analytics and interest-based advertising”).
How we use the personal and other information that we collect
Company uses the information that we collect for a variety of purposes. If we have personal information about you, we may use it, for example:
- to enable our Services and products to bring cooling or warming sensations to relieve your symptoms;
- to respond to your questions or requests concerning the Services offered by us or our partners;
- to fulfill the terms of any agreement you have with us;
- to fulfill your requests for our services or otherwise complete a transaction that you initiate;
- to send you information about the Services and other topics that are likely to be of interest to you, including newsletters, updates, or other communications;
- to deliver confirmations, account information, notifications, and similar operational communications;
- to improve your user experience and the quality of our products and services; to comply with legal and/or regulatory requirements; and
- to manage our business.
We use the non-personal information that we collect for such purposes as:
- counting and recognizing users of the Services;
- analyzing how the Services are used; improving the Services and enhancing users’ experiences with the Services;
- creating new products and services or improving our existing products and services;
- enabling additional website analytics and research concerning the Services; and
- managing our business.
Company may link information gathered using cookies and web beacons with personal information. But in that event, we will treat the combined information as personal information.
We also may use the personal and other information that we collect to send you marketing emails and promotional communications, including emails about the products and services offered by us or our partners. To opt-out of these communications, see “Choices and Access to Information” below.
How we share personal and other information with third parties
We share your personal information and other information with other parties for a variety of purposes, as described below.
Affiliates. We may share personal and other information with our corporate affiliates for the purposes described in this Policy.
Third-party service providers and business partners. Company uses third-party service providers to help us manage and improve the Services. These service providers may collect and/or use your personal or other information to assist us in achieving the purposes discussed above in the section entitled “How we use the personal and other information that we collect.” For example, we use third parties to help us target and implement our email communications, host our website, collect payment for our products, and manage our information system. We also use third-party platforms to help us manage our relationships with the people and companies that use our services.
We may share your personal or other information with other third parties when necessary to fulfill your requests for services; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.
Your direct sharing of personal information through third-party websites and services. The Services may enable you to directly share personal information with websites or services operated by third parties. For example, the website contains links to third-party websites that incorporate comment and social media features. The website also contains links to follow us on social media. If you choose to use these features, you may disclose your personal information not just to those third-party websites and services, but also to their users and the public more generally. Because these third-party websites and services are not operated by us, we are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third-party websites or services, and not this Policy.
Please note that any information and material you post or disclose on message boards, forums, online chat programs, profile pages, and blogs will become public information and may be available to users and to the general public. We urge you to be very careful when deciding to disclose your personal information, or any other information, online.
Surveys. We may ask you to participate in surveys (processed by us or third parties) that help us understand your use of the Services. Any personal or other information provided to Company (or supplied by you or Company to such third-party survey providers) in connection with these surveys will only be used in relation to that survey and as stated in this Policy.
Legal purposes. We also may use or share your personal or other information with third parties when we believe, in our sole discretion, that doing so is necessary:
- to comply with applicable law or a court order, subpoena, or other legal process;
- to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
- to establish, protect, or exercise our legal rights or defend against legal claims; or
- to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
Aggregated information. From time to time, we may also share anonymized and aggregated information about users, such as by publishing a report on trends in the usage of the Services.
Third-party analytics and interest-based advertising
Online interest-based advertising. The Services also enable third parties to collect information through cookies, web beacons, and device identifiers, such as IDFA or Advertising ID, for use in online interest-based advertising. For example, third parties may use the fact that you visited our website or used our app to target online ads for Company to you on non-Company websites or mobile apps. In addition, we or our third-party advertising networks might use information about your use of the Services to help target non-Company advertisements to you on unaffiliated websites or mobile apps based on your online activity in general. For information about behavioral advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance website.
We and our third-party providers may use collected information to establish connections among related web browsers and devices (such as smartphones, tablets, and computers) for advertising, analytics, attribution, and reporting purposes. We may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on websites or apps on your current browser or device may be combined and used with information collected from your other browsers or devices. For example, we or our third-party providers may use this information to deliver the same ad on multiple devices, to limit the number of times you see an ad across your devices, and to help measure the effectiveness of advertising campaigns across devices.
You may opt out of our third-party service providers’ interest-based advertising practices and cross-device technologies in web browsers and mobile apps by following the instructions below. Please note that the opt-out will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile identifiers, change browsers, or use a different device, any opt-out cookie or tool may no longer work and you will have to opt out again.
Web Browser Opt-Out. To opt out in web browsers, please visit:
- Network Advertising Initiative Consumer Opt-Out Page at www.networkadvertising.org/choices
- Digital Advertising Alliance Consumer Choice page at www.aboutads.info/choices
- Digital Advertising Alliance of Canada Consumer Choice page at www.youradchoices.ca/choices
- European Interactive Digital Advertising Alliance Choice page at www.youronlinechoices.eu.
You can opt out of targeted advertising platforms by visiting the following:
Mobile Application Opt-Out.
To opt out in mobile apps, please download and follow the instructions provided in the Digital Advertising Alliance’s AppChoices tool at www.aboutads.info/appchoices. In addition, some mobile operating systems allow you to opt out by adjusting the advertising preferences on your mobile device. For example:
- In iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking.
- In Android, visit Settings > Google > Ads > Opt out of interest-based ads.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you also may set your browser to block cookies. Please note that we do not alter our data collection and use practices when we see a Do Not Track signal from your browser. However, you can limit tracking through these third-party programs by taking the steps discussed above.
Company uses commercially reasonable physical, electronic, and procedural safeguards to protect your personal information against loss or unauthorized access, use, modification, or deletion. However, no security program is foolproof, and thus we cannot guarantee the absolute security of your personal or other information.
Your Rights Under the General Data Protection Regulation
This section of the Policy applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopted this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this Section.
We hope to ensure that the Personal Information we possess are always accurate and therefore we encourage you to update your information in your own account in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Information, subject to applicable law. We take every reasonable step to ensure that the Personal Information that we process are limited to the Personal Information that are reasonably required in connection with the purposes set out in this Policy.
If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:
- The right to access, update or delete the information we have collected from you. Whenever made possible, you can access, update or request deletion of your Personal Information by contacting us at the contact information below.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Information.
- The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Company relied on your consent to process your Personal Information.
Legal Basis for Processing Personal Information
Company is the data controller of Personal Information. As such, we determine the purposes and means of processing your Personal Information, such as when we collect, use, and share Personal Information, and must have a lawful basis for processing for doing so.
We rely on the following legal bases for processing your Personal Information:
- Processing of your Personal Information that you provide to us when you interact with our Services, such as making a purchase or return, contacting customer support or leaving a review, is necessary to respond to or implement your request prior to entering into a contract with us.
- We use account-related data to set up accounts for users in our platform and to administer and support those accounts (such as usernames, email address and billing information), provide you with access to the Services, contact you regarding your use of the Services or to notify you of important changes to the Services. Such use is necessary for the performance of the contract between you and us.
- We will send you information by email on our new services or other promotions only with your consent or if you otherwise opt-in to receiving those communications. If you do not provide us with your consent to the processing of your Personal Information for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.
- Our use of data relating to your use of the Site and/or the Services, described above, is necessary for our legitimate interests in understanding how the Site and the Services are being used by you, to improve your experience on it and our Services offerings. We have also a legitimate interest in aggregating and/or anonymizing the information that we collect through our Site and/or the Services and using this information for our business purposes, as described above. When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below.
Retention of Personal Information
Company will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
All information you provide to us is stored on our secure servers or those of our third-party data storage providers.
Exercising Your Rights Under GDPR
If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request using this webform.
You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You may need access to the email address associated with an account in order to complete a data subject request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA in order to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.
Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.
Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us as follows:
- Use the contact form at embrlabs.com/contact (select Data Privacy in the What Can We Help With? section)
- Write to us at Embr Labs, 24 Roland St Ste 102, Boston, MA 02129 USA.
Your Rights Under the UK GDPR
If you are based in the United Kingdom, the following provisions also apply:
UK GDPR means the Retained Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
If we share your personal data with our group company(ies) or third parties located outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your personal data, such as by entering into the international data transfer addendum to the European Commission’s Standard Contractual Clauses, adopted by the UK Government under section 119A of the Data Protection Act 2018.
You have the same data subject rights as those for the EU listed above, except that references to the "GDPR" should be read as references to the "UK GDPR" and complaints should be filed with the UK supervisory authority, the Information Commissioner’s Office.
Designated UK representative:
Name: Taylor Vinters LLP
Address: Merlin Place, Milton Road, Cambridge, CB4 0DP
For residents of California, please view your California Privacy Rights here.
Information for Site users from outside the United States
The personal and other information that we collect through or in connection with the Services is transferred to and processed in the United States for the purposes described above. We also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence. The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. By using the Services or by providing any personal or other information to us, you expressly consent to such transfer and processing. Our contracts with our service providers ensure that they use appropriate safeguards to transfer your Personal Information to the United States.
The Services are not directed to children under the age of 16, and the Company does not knowingly collect personal information from anyone who is under the age of 16 or sell or share such information. We recommend that persons over 16 but under 18 years of age ask their parents for permission before using the Services or sending any information about themselves to anyone over the Internet.
Links to Other Websites or Services
Changes to this Policy
For Additional Information
If you have any questions about this Policy you can contact us in the following ways:
- Use the contact form at embrlabs.com/contact (select Data Privacy in the What Can We Help With? section)
- Write to us at Embr Labs, 24 Roland St Ste 102, Boston, MA 02129 USA.
Copyright © 2023, Embr Labs, Inc., All Rights Reserved.
v2.4.2, Updated: June 15, 2023