CleveMed Privacy Policy

Effective date of this Privacy Notice: May 1, 2017


Cleveland Medical Devices Inc. (CleveMed) complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. CleveMed has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

Demographic and medical data from a test will be collected for the purpose of generating medical reports. Generating a medical report for the test requires disclosure of information to a web application hosting service (INET) that adheres to the Privacy Shield Principles. Furthermore, data without any of the personally identifiable information may be used for quality measures and research purposes per our procedures and applicable regulations. Inquiries can be directed to Cleveland Medical Devices Inc., Privacy Officer, 1-877-clevemed,


The test will be described to you by the ordering healthcare provider, which includes the transfer of your personal data to our webportal for the purpose of generating a medical diagnostic report for you. Where local law requires it, you will be asked to “opt-in” or affirmatively consent to the processing of your personal data.

Onward Transfer:

Data may sometimes be forwarded to a third party, such as a medical specialist, for the purpose of processing and generating your medical report. CleveMed will enter into agreements with these third parties to provide similar, but in no way less restrictive, privacy protection measures including requirements that your personally identifiable data be processed exclusively for activities relating to the generation of a diagnostic report for you. CleveMed accepts the responsibility for all properly made transfers to third parties.


CleveMed takes personal data security and confidentiality very seriously. CleveMed’s policies are designed to protect your data from loss, misuse, and unauthorized access, disclosure, alteration and destruction. For example, CleveMed implements access controls such as firewalls, secure servers, and data encryption including in rest state.

Data Integrity:

Personally identifiable data will be used for the sole purpose of activities related to the generation of a medical report and no other purpose. To the extent possible, CleveMed will ensure that the data used for the report is reliable, accurate, and updated.


Patients may request access to their data directly from CleveMed with written requests made to our Privacy Officer and per our procedures (as of the effective date of this policy, patients do not have online access to their data on CleveMed’s webportal). During the natural course of patient-healthcare provider interaction, such data is often provided by the healthcare provider who has ready access to their patient data on our webportal.

Recourse, Enforcement, and Liability:

CleveMed will disclose personal information to lawful requests by public authorities, including to meet national security or law enforcement requirements. CleveMed is subject to the investigatory and enforcement powers of the FTC. CleveMed has committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

Changes to this Privacy Policy:

As part of our continuous improvement process and to serve you better, we may from time to time update our Privacy Policy. The updated policy will be posted on our website with the new effective date and any material change highlighted.

How to Contact us:

In compliance with the Privacy Shield Principles, CleveMed commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CleveMed at: Privacy Officer,, 1-877-CleveMed.