Privacy Policy

Concha Labs™ Privacy Policy

Last Updated: May 1, 2024

Introduction

This Privacy Policy is effective between Concha Labs™, Inc., a Delaware Corporation that owns and operates Concha Labs™ (collectively referred to herein as “Concha Labs™,” “us,” “we,” or “our”) and any user of our website (the “Site”) located at www.conchalabs.com (such users referred to herein as “you,” or “your”).

Your privacy is important to us, and we are committed to protecting your privacy online. This Privacy Policy describes the practices used by us in the collection, use, and sharing of your information gathered by your use of the Site. By accessing and using the Site, you acknowledge that you understand and agree to be bound by the terms of this Privacy Policy and our Terms of Use.

If you do not agree to any aspect of these terms, please exit this page and do not access or use the Site.

NOTE ON NON-U.S. USERS: Concha Labs™ is a company based in the United States of America (“US”). Our services are offered from the US and are not intended for use elsewhere, including in the European Union. If you are located outside of the US and use our services, all information, including personal information, will be transferred to the US, and you expressly consent to the transfer, processing, and storage of such information outside your country of residence as described in this Privacy Policy pursuant to US law.

The Types of Information that We Collect

So that we can provide you with our products and services, we may need to collect information about you or others. If you do not provide us with the information we request, we may not be able to supply you with our products and services. Three types of information are collected from visitors to our Site: voluntarily submitted information, automatically collected information, and payment information via e-commerce platforms (e.g., Shopify).

Information provided through optional, voluntary submission.

During the course of using our services, you may be asked to provide information through voluntary submission. This information may include personally identifiable information, such as your name, email address, telephone number, activity details and data usage relating to our products and services, information you submit to us in forms, by telephone, or in connection with the use of our products and services, and inquiry/complaint details. If you register your product with us, this information will be associated with the serial number of the product which you have registered. We will never sell this information to third parties or marketing companies.

Voluntarily submitted information may also include health information such as medical treatment, diagnoses, healthcare provider and/or location information, prescriptions, medical documentation, and health insurance information. To the extent applicable, we will comply with all state and federal regulations pertaining to the collection and storage of any information so submitted.

Automatically Collected Information.

Our Site may incorporate “pixel tags”, “cookies” or similar tracking technologies that allow us to track the actions of visitors of our Site. Pixel tags and cookies are used to collect non- personally identifiable information, such as the name of your internet service provider, the IP address of the computer you are using, the type of browser software and operating system that you use, the date and time you access our Site, the website address, if any, from which you linked directly to our Site, the website address, if any, to which you travel from our Site, your home page customization preferences and other similar traffic-related information. We may aggregate this tracking information (“Aggregated Information”) with similar data collected from other visitors to help us improve our Site and the products, services, applications, content and features that we provide through our Site.

When you visit our Site, the server housing the pages also automatically generates a “session log.” We use session logs to help us determine how people travel through our Site. This allows us to structure our pages so that the information most frequently visited is easier to find. By tracking page visits, we can also determine if the information we are providing is being used. The only data gathered is the IP address from which you came, the website that referred you, the pages you visited and the data and time of those visits.

We do not use automatically collected information to create or maintain a profile of you or collect personally identifiable information.

Payment Information.

Our online store is currently hosted by Shopify Inc. (“Shopify”), which is an online e-commerce platform that allows us to sell you products and services. We do not collect, use, or store your payment information. Rather, your payment data (such as credit or debit card information) is stored through Shopify’s data storage, databases, and application. For information on how Shopify treats your payment data, please review Shopify’s Terms of Service (located at https://www.shopify.com/legal/terms) and Privacy Statement (located at https://www.shopify.com/legal/privacy). To the extent that we use other e-commerce platforms, please refer to the terms of service and privacy policies of such platforms, as well. We are not responsible for the accuracy, completeness, or legality of third party policies or procedures.

What we do with the information we collect about you

We may use your information, including personally identifiable information, to provide certain services to you including: provide you with the products, services and information you request or have expressed interest in; determine your eligibility to use our products and whether such use is covered by health insurance; contact you with information, offers and promotions about our products and services; send you our newsletter; provide, maintain, administer or expand our service or for other internal purposes to support, improve or enhance our business, the products and services we offer; customize and tailor your experience of the service; obtain your feedback regarding the service; use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; conduct surveys or polls; engage in commercial activities with respect only to information that has been de-identified (“De-Identified Information”); and prevent, detect and investigate security breaches and potentially illegal or prohibited activities.

We do not sell your personal information to third parties or mass marketers for their independent use. We may, however, use your personal information to match it with other public and private data sources in order to enhance our records, such as appending additional information to your profile, or the records of our business partners. We also may work with other providers who also possess your information in connection with their services, such as sharing your personal information with a third party who also has your personal information in order to enhance one or both of our services provided to you.

Unless you consent to the disclosure of your personally identifiable information, only we and our affiliates, our technical consultants, third party auditors and other third parties who make our service available, enhance its functionality, or provide associated services (such as coordinating orders and delivery of our products and services) have access to this information. We have no control over, and are not responsible for, the collection, use, and disclosure of your personal information by these third-party providers.

Please note that we reserve the right to and may disclose personally identifiable information about you in connection with (a) requests from local, state or federal law enforcement officials; (b) any judicial, administrative or similar proceeding or order, such as subpoena; (c) a petition in bankruptcy or proceedings in bankruptcy, or if any court assumes jurisdiction of it and its assets pursuant to proceedings under any bankruptcy or reorganization act, or a receiver is appointed of our assets or we make an assignment for the benefit of its creditors; (d) if required by law; or (e) to investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the rules or policies pertaining to our products and services (including but not limited to this Privacy Policy or our Terms of Use), or the rights of third parties or to investigate any suspected conduct which we deem improper. Please also note that we do reserve the right to transfer your personal information and other information to our successors in business and purchasers of site assets.

We may use Aggregated Information or Deidentified Information for all purposes as we deem fit, including to improve your experience on the Site or with our products and services and for our research activities. For example, we may share Aggregated or Deidentified Information with unaffiliated third parties, such as business partners, in order to improve our products or services, or for any other legal purpose.

Protection of Information

We take all commercially reasonable steps to keep the personal information we hold about you secure and free from loss, misuse, or interference. Personal information we collect is stored on secure servers and is only accessible by those persons who need access to the information in order to carry out their business functions. We also maintain physical security measures to protect the use and storage of physical records containing personal information. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow generally accepted industry security standards.

Opt Out and Changes to Personally Identifiable Information

If you would like to view, edit, or delete your personally identifiable information from our database, you may contact us at hello@conchalabs.com, and we will take commercially reasonable efforts to accommodate your request. In addition, if you receive materials from us via email, you may use the “Unsubscribe” provision to opt out of future communications from us.

Changes to this Privacy Statement

From time to time, we review this Privacy Policy to ensure that it complies with applicable law. Consequently, we reserve the right to update and revise this Privacy Policy at any time. You will know if this Privacy Policy has been revised since your last visit to the Site by referring to the “Last Updated” date at the top of this page. Your use of our Site constitutes your acceptance of the terms of the Privacy Policy as amended or revised by us from time to time, and you should therefore review this Privacy Policy regularly to ensure that you are aware of its terms.

Privacy Policies of Third Party Websites

This Privacy Policy only addresses the use and disclosure of information we collect from you on www.conchalabs.com. Other websites that may be accessible through this Site have their own privacy policies and data collection, use and disclosure practices. If you link to any such website, we urge you to review the website’s privacy policy. We are not responsible for the policies or practices of third parties.

Notice for California Residents

The California “Shine the Light” Law under California Civil Code § 1798.83 allows visitors who are California residents to request certain information regarding our disclosure of personal information to third-parties for direct marketing. For such requests, please contact us at hello@conchalab.com and indicate whether you are a California resident. Please note that we do not currently sell or provide personal information to others for direct marketing purposes.

California law requires us to disclose how we respond to “Do Not Track” signals. Our Site does not currently support “Do Not Track” codes, and thus, we do not take any action in response to “Do Not Track” requests.

Notice for Washington Residents

The Washington My Health, My Data Act (“MHMDA”) provides consumers residing in Washington and consumers whose consumer health data is collected in Washington with specific rights regarding their consumer health data. Please find our Consumer Health Data Privacy Policy for Washington Residents here.

Children

Our Site and products are not intended for use by anyone under the age of 18. Pursuant to the Federal Children’s Online Privacy Protection Act of 1998, will not knowingly request or collect personally identifiable information from minors under the age of 13 without first obtaining parental consent.

TrueDepth API

The TrueDepth API is only used for measuring the distance between the user’s phone and face so that Concha Labs’ Soundscope® technology can be employed to fit the Concha Sol™ Hearing Aids. No image or face data is collected during this TrueDepth API measurement process and the distances captured (in millimeters or inches) are only used for calculation purposes. None of the information collected by the TrueDepth API is stored on the device or externally, or shared with third parties.

Comments and Questions

If you have any questions about this Privacy Policy please contact Concha Labs™ at:

Address:

2261 Market Street #4250

San Francisco, CA 94114

Email: hello@conchalabs.com

--------------------------------------------------

Consumer Health Data Privacy Policy for Washington Residents

Modified: June 27, 2024

This Washington Consumer Health Data Privacy Policy (“Policy”) describes the practices of Concha™, Inc. dba Concha Labs™ (“Company” or “We”) for collecting and using Washington residents’ consumer health data. Consumer health data is any data that is linked or reasonably linkable to a specific individual and that identifies that individual’s past, present, or future physical or mental health status that Company collects or controls the collection of (“consumer health data”).

This Policy applies to the Concha Sol™ Hearing Aids, the Concha Labs™ Mobile Application, the Concha Labs™ website, Concha Labs™ customer service widget (live chat and chat bot), as well as interactions with Concha Labs™ customer service.This Policy does not apply to any sites, products, applications, platforms, or other services not directly linking to this Policy.

Please read this Policy carefully to understand our policies and practices regarding your consumer health data and how we will treat it. If you do not agree with our policies and practices, you should not use the sites, products, applications, platforms, or other services linking to this Policy.

Other privacy policies may apply for your personal information that is not consumer health data and if you are not a Washington resident. To view our privacy notices describing how we treat other personal information, visit our Privacy Policy.

Consumer Health Data We May Collect About You

We collect and use different types of consumer health data from and about you, including:

Information about the user selections through the self-fitting process in the app, as well as associated amplification profile parameters are saved
Details about how often and for how long the hearing aid and/or the app is being used, including specific times of day
Data on the performance of the hearing aid, such as battery life, connectivity status, and any errors.
Data identifying a consumer seeking health care services. Health care services means any service provided to a person to assess, measure, improve, or learn about a person’s mental or physical health, including but not limited to:

individual health conditions, status, diseases, or diagnoses;
social, psychological, behavioral, and medical interventions;
health-related surgeries or procedures;
use or purchase of medication or medical devices;
bodily functions, vital signs, symptoms, or measurements of the information described in this subsection;
diagnoses or diagnostic testing, treatment, or medication;
reproductive health care services; or
gender-affirming care services.

Precise location information that reasonably indicates a consumer’s attempt to receive or acquire health services or supplies.
Any inferences of the above categories derived, extrapolated, or inferred from non-health information.

We use these categories of consumer health data for the following purposes:

Fulfilling the purposes for which you provided the data or that were described when it was collected.
Performing the services or providing the goods that you request from us and responding to your questions or requests for information.
Notifying you about changes to our sites, applications, products, or services that may affect you including FDA recalls that may affect you.
Facilitating services and operations performance, security, and integrity, including:

undertaking activities to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted consumer health data or that otherwise threaten to compromise the performance, security, or integrity of our business; and
performance analytics, identity verification and authorization, site and application optimization, and quality control.

Recordkeeping and auditing.
Complying with our legal obligations and risk management, audit, investigations and reporting, and other legal and compliance reasons.
Administering customer accounts and preferences.
Measuring or understanding the effectiveness of non-personalized advertising and delivering non-personalized advertising served as part of your current interaction with you.
Our internal research and product or service design and development.

Consumer Health Data Sources

We collect consumer health data from the following sources:

You, including when you interact with our mobile application, website, or customer service and sign up for email lists or programs.
Your device when you visit or interact with our sites, applications, or services, including through cookies, web beacons, and similar technologies that automatically send us information when you browse, use, visit, or otherwise interact with our sites, applications, or services.
Authorized/legal representatives, family members, and caregivers.
Payment processors and other financial institutions.

Consumer Health Data Disclosures

We do not sell your consumer health data.We may disclose any of the consumer health data categories listed above to processors, service providers, and contractors that help us provide products and services to you. We instruct these processors, service providers, and contractors, and third parties to only use consumer health data as permitted by our contracts with them and consistent with applicable law.

We may also disclose consumer health data as permitted by applicable law, including:

With your consent.
To prevent, detect, protect from, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities.
To a third party acquiring our assets if Company sells its business or otherwise is part of a merger, acquisition, bankruptcy, or other transaction involving a third-party taking control of our assets or business.
To investigate, report, or take legal action to protect our rights, property, and safety and the rights, property, and safety of others.
To protect your or others’ vital interests, including health and safety.

Your Privacy Rights

You have specific rights with respect to your consumer health data. You have the right to:

Request confirmation that we collect, share, or sell your consumer health data.
Request access to your consumer health data that we have collected or control, including:

a list of all third parties and affiliates that we have shared or sold your consumer health data to; and
the email addresses or other online method to contact those third parties and affiliates.

Withdraw your consent for our collection and sharing of your consumer health data.
Request that we delete your consumer health data.

To exercise any of your rights set forth above under Washington consumer health privacy law, please contact us at care@conchalabs.com.

Contact Information

To make an inquiry or comment about this Policy or our privacy practices, contact us at:

2261 Market St. #4250 San Francisco, CA 94114

care@conchalabs.com

or via our telephone number:

(510) 544 6778