US FallCall® Detect GDPR and HIPAA Complaint Privacy Policy for Apple® Products

FallCall Solutions, LLC
Privacy Policy
HIPAA and GDPR Compliant Policy
United States of America Version
Valid as of: 04/07/2024

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This is our Privacy Policy, which is HIPAA Compliant, for FallCall Detect user-to-user communication application (“FallCall Detect”). We have updated our Privacy Policy to provide you with more transparency on what, how, and why we use your data and to comply with the European and British General Data Protection Regulation (“GDPR”). By using our services, you agree to our Privacy Policy. If you do not agree to our Privacy Policy, you may not use our services.

1. Definitions

1.1 The following definitions apply:

  1. "we", "our" and "us" means FallCall Solutions, LLC, a limited liability company formed in the State of Connecticut, U.S.A. Our mailing address is 16 Surrey Lane, Trumbull, CT 06611.
  2. "you" and "your" means a user of FallCall Detect, which includes both one (1) or multiple Caregivers for one (1) Elder, or one(1) or multiple Elders for one (1) Caregiver, as used with iPhone®, Apple Watch® and supported by the website at https://www.fallcall.com, and its subdomains and online interfaces (the "Website").
  3. “Caregiver” means an adult, including a family member, friend or neighbor, who is monitoring and communicating with an Elder through FallCall Detect.
  4. “Elder” means an adult, typically a parent, older relative or friend of a Caregiver, who is being monitored and can communicate with a Caregiver through FallCall Detect.
  5. “Care Group” means a group of caregivers who have been designated by the elder as their contacts to receive notifications in the event that a manual call for help has been activated by the Elder on their Apple Watch and/or iPhone.
  6. “Central Monitor” means the subscription service that receives the signal following a manual call for help from an Elder’s device and will respond to the call for help by means of a phone call to the Elder’s Apple Watch and/or iPhone. This service is provided by Mytrex, Inc., DBA Rescue Alert, located at 10321 Beckstead Lane, South Jordan, Utah 84095, Fax: 1-877-571-4606. Email: info@rescuealert.com.
  7. FallCall Detect is an application that allows Elders to send a help request to their Care Group OR their Care Group and an optional Central Monitor by means of a manual “+Help” icon tap, Siri voice activation, automated fall detection and approved Third-Party Accessories. Caregivers are able to store the last 50 of these responses for later reference.
  8. “User Content” means any content, including messages and responses, submitted by you to FallCall Detect or generated through your use of FallCall Detect.
  9. “PHI” means Protected Health Information of the Elder(s) that consists of individually identifiable health information, as may be covered under the HIPAA Privacy Rule and the HIPAA Security Rule. PHI may include demographic information we collect from you as an Elder, create, or receive from a Caregiver, health care provider, a health plan, or your employer.
  10. “HIPAA” stands for The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) and for purposes of this Privacy Policy consists of the HIPAA Privacy Rule, located at 45 CFR Part 160 and Subparts A and E of Part 164, that covers PHI in any medium, and the HIPAA Security Rule that covers electronic PHI, located at 45 CFR Part 160 and Subparts A and C of Part 164. Detailed information regarding HIPAA can be found at www.hhs.gov.
  11. "GDPR” stands for the General Data Protection Regulation and is a European Union (EU)-wide law made effective on May 25, 2018, that replaces the Data Protection Directive 95/46/ec. It also has been adopted by the United Kingdom under the Data Protection Act of 2018.
  12. “Personal Information” is any other information about you that is not considered PHI and may include health information about you that is not individually identifiable if it does not identify you and if we have no reasonable basis to believe that it can be used to identify you.
  13. “De-identification” is a process by which identifiers are removed from your PHI to mitigate privacy risks to you and enables us to use the data for a secondary purpose, such as comparative effectiveness studies, marketing and use analytics, policy assessment, life sciences research, and other endeavors. Though properly applied, there is a small risk that de-identified data could be manipulated to link back to your identity.
  14. “Contact Us” means our email address, telephone number, and mailing address to reach us and that is set forth at the end of this Privacy Policy.
  15. “Third-Party Accessories” means any accessory that is compatible with FallCall Detect and utilizes or activates any of its functions.
  16. “FallCall-Branded Accessories” means any accessory that is branded by FallCall Solutions, LLC, is compatible with FallCall Detect and utilizes or activates any of its functions.

2. Our duties and privacy practices with respect to PHI

2.1 We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI.

2.2 We are required to abide by the terms of this Privacy Policy currently in effect.

2.3 For us to apply a change in a privacy practice that is described in this Privacy Policy to PHI that we created or received prior to issuing a revision, we reserve the right to change the terms of this Privacy Policy and to make the new provisions of this Privacy Policy effective for all PHI that we maintain.

2.4 Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

3. Your rights with respect to PHI

3.1 You have a right to request restrictions on certain uses and disclosures of PHI but we are not required to agree to a requested restriction,

3.2 You have a right to receive confidential communications of PHI.

3.3 You have a right to inspect and copy PHI.

3.4 You have a right to amend PHI to correct any information you believe is inaccurate.

3.5 You have the right to request that we erase your PHI, under certain conditions.

3.6 You have a right to receive an accounting of disclosures of PHI.

3.7 You have a right to obtain a paper copy of this Privacy Policy from us even if you have received this Privacy Policy electronically. We may charge you a small fee for this service.

3.8 You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

4. Description of Permitted or Required Uses or Disclosures of your PHI

4.1 We are required by Federal law to maintain the privacy of your PHI, which could relate to your past, present or future physical or mental health or condition, or the provision of health care to you.

4.2 We collect, use, store, and transmit Personal Information through the use of FallCall Detect. This includes an Elder’s heart rate and/or location as determined via GPS. Personal Information that we collect or use is apparent from FallCall Detect interface.

4.3 This Privacy Policy applies only to information we collect at and through FallCall Detect. Please be aware that we are not responsible for the privacy practices of any third party sites.

5. Examples of Uses and Disclosures of your PHI

5.1 When you use FallCall Detect, the application collects Personal Information from you, including:

  1. Name
  2. Elder’s relationship status with Caregivers
  3. Caregiver’s email address
  4. Elder’s photo (with permission)
  5. Caregiver’s photo (with permission)
  6. Elder’s email address
  7. Caregiver’s telephone number
  8. Elder’s telephone number
  9. Elder’s home address
  10. Elder’s Apple Watch battery charge level
  11. The pairing status of each Care Group member with the Elder
  12. The Central Monitoring subscription status
  13. The heart rate per minute of the Elder(s).
  14. The location(s) of the Elder’s Apple Watch(es) and/or iPhone(s) ONLY at the time of Elder manual call for help.
  15. Manual help calls of the Elder including historical help calls
  16. Account passwords and passcodes
  17. Central Monitoring “Call for Help” situational updates and help request summary reports
  18. Mobile device unique identifier codes
  19. Number of triggered falls (high-impact and low-impact)
  20. Fall impact data as measured by inputs to our fall detection system (i.e.accelerometer data, timers, etc.)
  21. Fall detection system uptime/activity logs

5.2 On the Caregiver’s FallCall Detect, the application uses a passcode to unlock the encryption of FallCall Detect and/or biometrics, such as a fingerprint recognition system or facial identification system, to unlock the encryption of FallCall Detect. Such individual information when using these features might constitute PHI. FallCall Detect does not transmit this information to another device. Passcode lock is a mandatory feature for security purposes, however, the use of biometric unlock may be turned “on” or “off.” FallCall Detect does not collect biometric information.

5.3 The FallCall Detect application stores all information on a secure, HIPAA and GDPR compliant, third party server for the purposes of application function. We maintain access to the server for the purposes of maintenance, analytics, support and updates, however, the Personal identifying information on the server will not be provided to third parties for advertising. The application encrypts Personal Information and the account is password protected. Elder transmitted PHI on the Caregiver’s device is encrypted when passcode lock is engaged on the caregiver device.

5.4 FallCall Detect will collect information about the Elder’s heart rate, GPS location, number of high-impact and low-impact falls, watch battery charge status, manual call for help history, and account information or other identifying information, which in the aggregate could constitute PHI when accessed by a Caregiver using a passcode or biometric to unlock the encryption protection on the Caregiver’s local device. Therefore, it is the responsibility of the Caregiver to use safeguards provided by the application (i.e., the auto-lock function) to ensure that this PHI is encrypted. During transmission through the application’s server, the Elder’s manual “Calls for Help”, which include PHI as above, is controlled via a HIPAA and GDPR compliant server, encrypted through the latest protocols, and transmitted through a unique identifier assigned to their paired Caregiver. The unique identifier will be assigned during the Caregiver’s setup process, which is during the Elder pairing process. On the Elder’s device, their completed Call for Help will be shown on a dismissible, “Help Requested“ screen, however, a record of an Elder’s heart rate or location data will not be stored on their personal device.

5.5 FallCall Detect will transmit Call for Help data and house the data on a HIPAA and GDPR compliant server for the purposes of developing a database of events that will be used for purposes such as (but not limited to) subscription central monitoring, call analytics, and internal quality monitoring practices. This data will include Call for Help activation data, whether or not the call was cancelled, the location of the call, and the time of the call.

5.6 You must be at least 17 years old to purchase and use this application. Use of FallCall Detect by minors age 13-16 is by agreement of the minor's parent. Any user age 13-16 must have his or her parent agree to the terms of this privacy policy. By accessing FallCall Detect, you acknowledge that you are 17 years or older or, if not, that you are at least 13 years old and your parents have read and agreed to the terms of this privacy policy. If you believe we have collected personal information from a child under the age of 13, please contact us.

5.7 In some circumstances, we may use information about you and your Apple Watch(es) and/or iPhone(s) collected through FallCall Detect to design or implement updates or provide you with information or requested support. As described above, we also collect information from you so that we can provide the information in the following manner:

  1. We will not share any PHI without De-identification.
  2. We may provide Personal Information from you to third parties who provide hosting services and URL shortening services to support FallCall Detect. They gather information through FallCall Detect for storage on servers that are hosted and controlled by a third party. However, we do not expect these third parties to access your User Content other than for system maintenance purposes.
  3. We may provide Personal Information from you to Third-Party Accessory providers for the purposes of billing, use information, customer service, quality assurance and application updates.
  4. Upon completion of the subscription agreement with the Central Monitor, FallCall Detect servers will transmit the necessary information from our HIPAA and GDPR compliant server to the Central Monitor provider following a manual Call for Help. Some of this information will include the Elder’s name, phone number, location of the triggered device, home address, and Care Group contact information. Heart rate and financial information will not be transmitted following a Call for Help.
  5. We may disclose any information, including Personal Information, that we deem necessary to comply with any applicable law, regulation, legal process, subpoena or enforceable governmental request, to enforce our rights, to protect the safety and security of FallCall Detect or other users of FallCall Detect, or to otherwise share information with others when we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to do.
  6. We might share Personal Information with any parent or subsidiaries, or other entities which have a controlling interest in us or are controlled by, or are under common control with, us. In this case, we will request that these parties honor this Privacy Policy with respect to any shared information. Also, should we undergo a merger, change of control or sale of all or substantially all of our assets, we may transfer Personal Information to the actual or intended successor organization in such transaction or permit its examination (under confidentiality restrictions) by our counterparty, the new owner, or its representatives.
  7. For purposes of this Section 5.7, the words “share” and “shared” includes selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, Personal Information by us to another business or third party for monetary or valuable consideration.

6. Access to your information and choices

6.1 You can delete or change the information you entered through FallCall Detect within FallCall Detect itself. If you have additional questions or concerns, or would like more specific information about our practices with respect to Personal Information, you can Contact Us. You may close your Central Monitoring subscription account with us by canceling the Elder(s)’s subscription within the settings of FallCall Detect (See Terms and Conditions for more details). If you wish to completely cancel your FallCall Detect account, please contact us via the information below.

6.2 When setting up your FallCall Detect account, you will be asked for permission to allow FallCall Detect to use Apple Watch and/or iPhone location services, motion services, notification services, Siri functionality, and Apple Health heart rate access. Although we encourage that you provide permission for each of these services, you have the right to not allow access to any or all of these capabilities. By not allowing permission to use these capabilities, FallCall Detect will remain functional, however, the following will be omitted:

  1. Disabled location services: The Elder will not transmit their location to their Care Group members or the subscription Central Monitor service during a Call for Help.
  2. Disable motion services: Fall detection will not function
  3. Disabled notification services: Users will not receive updated notifications during Calls for Help or System Tests.
  4. Disabled Siri functionality: The Elder will not be able to Call for Help using Siri voice activation.
  5. Disabled Apple Health access: The Elder will not send heart rate data to their Care Group during Calls for Help and will not record activity, heart rate or number of falls to Apple Health app.

7. Security of your information

7.1 The security of your information and data while using FallCall Detect is very important to us. The FallCall Detect employs a variety of technical safeguards on a HIPAA and GDPR compliant server to protect the confidentiality, integrity, and availability of Personal Information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption to prevent unauthorized parties from reading data entered through FallCall Detect. We also use a cloud services instance to store a unique random alphanumeric identifier that is generated when the Caregiver is entering information during the onboarding process and a cloud server with Apple Notification or Google Cloud Platform Service/Firebase Platform instances to route Push Notifications to and from the Caregiver’s and Elder’s iPhones. All may be encrypted at our option.

7.2 Transmissions to and from the iPhone(s), Apple Watch(es) or Android device(s) are encrypted. This includes transmissions from third-party accessories and FallCall-Branded accessories. While we take reasonable logistical and technical steps to keep Personal Information secure, no transmission over the Internet or a mobile network can be totally secure, and we cannot guarantee that a breach will never occur. We do use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of Personal Information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any Personal Information you transmit to us. There is no guarantee that Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information.

7.3 Please note that emails and other communications you send to us through our Website are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

8. Records retention

8.1 We will maintain complete and accurate records pertaining to our activities under this Privacy Policy, including records pertaining to your PHI and Personal Information, in accordance with HIPAA and applicable law. We will retain such records for a duration prescribed by HIPAA and applicable law but no longer than is necessary to achieve the purposes of processing such records as disclosed in this Privacy Policy, or longer if we are notified, ordered or otherwise required to maintain such records for a longer period in connection with a legal proceeding or government investigation.

9. Consent to data processing

9.1 You have the right to withdraw your consent to our use of your PHI or Personal Information, or raise an objection to the processing of your PHI or Personal Information at any time by contacting us in the manner set forth in the “Contact us” provision below. However, you will be required to cease using our services.

9.2 To the extent that our Site is operated and managed on servers located within the United States, you who are residents and citizens of countries and jurisdictions outside of the United States who use and access our Site agree and consent to the transfer to and processing of Personal Information on these servers. To the extent that our Site is operated and managed on servers located outside of the United States, the protection of such Personal Information may be different than required under the laws of your residence or location.

10. Your right to revoke your authorization

10.1 To the extent that we desire to use or disclose your PHI for purposes other than set forth above, it will only be done with your written authorization and you may revoke your authorization at any time provided that your revocation is in writing and sent to Contact Us. Upon receipt, your revocation will be honored by us, except to the extent that we have taken action in reliance of your authorization to use your Personal Information (and not PHI).

11. Complaints

11.1 You may complain to us and to the Secretary of Human Health and Services (www.hhs.gov) if you believe your privacy rights have been violated. If you have any questions, concerns, complaints or suggestions regarding this Privacy Policy or otherwise need to contact us, go to Contact Us below to communicate with us. We will not retaliate against you for filing a complaint.

12. Contact us

12.1 Contact us as follows:

Email: dpo@fallcall.com
Telephone: (203) 736-7647
US Mail: FallCall Solutions, LLC
16 Surrey Lane
Trumbull, CT 06611

12.2 You may contact Carlton Chen, our data protection officer (“DPO”), by using the above email, telephone number, or mail address to reach our DPO for submitting your questions or concerns about our processing of your personal data.

Apple, the Apple logo, iPhone, Siri and Apple Watch, are trademarks of Apple Inc., registered in the U.S. and other countries and regions.

©2024 FallCall Solutions, LLC. All rights reserved.

Independent Living Support Program Participants Click here

Terms Of Use  |  Privacy Statement
©2024 by FallCall Solutions, LLC.
Apple, the Apple logo, and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Watch is a trademark of Apple, Inc. App Store is a service mark of Apple Inc.

Android, Google Play and the Google Play logo are trademarks of Google LLC.