Outset Medical Privacy Notice

Updated: September 8, 2023

Outset Medical (“Outset,” “We,” “Us,” “Our,” “the Company”) respects the privacy of your personal information.

Introduction and Scope

This notice describes our practices regarding the collection and further processing of personal information that we collect through our websites and applications that link to this notice (“Sites”), as well as from our offline interactions and our other business relationships with you, where we decide the purposes and means of how we collect and further process your personal information (the “Services”).

By using our Sites and otherwise interacting with us, you agree to the terms of our Terms of Use, including this Policy.

“Personal information” generally means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an identified or identifiable individual. The laws of some jurisdictions may define personal information more broadly than described above. Other jurisdictions’ laws may exclude certain information about you, such as your business contact details, from the definition of personal information. In interpreting this notice, we will apply the definition of personal information contained in applicable law.

This notice does not apply to the personal information we collect about our job applicants, employees or independent contractors.
Contract Data

When we perform work for our customers, we may collect and further process personal information to provide our services to them. The terms of our customer contracts, and not this notice, govern our collection, use and disclosure of that personal information. The customer’s privacy policy, and not this notice, governs how they may use and disclose your personal information.

Below we describe the categories of personal information we may collect from or about you.

Identifiers	Name, alias, personal pronouns, contact details (such as e-mail addresses, phone numbers, physical addresses, and fax numbers), unique personal identifier, customer number, online identifier, account name, IP address, date of birth, social media handles, instant messaging account, signature, social security number, physical characteristics or description, passport number, driver’s license or state identification card number, insurance policy number, and similar information
Commercial and Financial Information	History and records of products and services you have obtained from us or considered, or other purchasing or consuming histories or tendencies such as information required to facilitate transactions (including information required to facilitate issuance or receipt of payment), payment history and information such as details about the programs and activities in which you have participated, including conferences, focus groups, speaker programs and other events, and opinion data such as survey responses We may also collect demographic data, such as income and age bracket information, family status, gender, hobbies, current provider information along with information you make available or that references you on the internet, including on social media, blogs, websites, news and educational journal articles. We may also collect financial information, such as bank account number, credit card number, debit card number, or other financial information.
Professional or Employment Information	Professional or employment-related information, such as a description of your current or prospective positions, job title, employer, location, specialty; and professional history, including professional certifications and licenses, and institutional or other affiliations
Educational Information	Educational history, such as education level obtained, school attended, and performance at school
Audio, electronic, visual, thermal, olfactory, or similar sensory information	This category of information includes photographs, CCTV footage; recordings made during audio or video calls, focus groups, user groups, usability testing, conferences or events, testimonials, and otherwise; temperature readings and similar sensory data.
Protected Classification Characteristics	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition (such as COVID-19 status, disability and accommodation information), physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)
Internet and Other Electronic Activity Information	Where you access our Sites, we may collect information about your use of systems or devices, including your System or Network ID, IP address, operating system type and version number, manufacturer and model, screen resolution, browser type, browser version, the pages of a Site you visit, the time and date of your access to a Site, unique device identifiers, user name and passwords, and usage activity and diagnostic information, including access logs, activity logs, and electronic content produced using our systems. We may also collect other diagnostic data along with information your browser sends us when you visit our Sites including when you access our Sites through a mobile device. We also use cookies and other similar technologies on our Sites. Refer to our Cookie Policy for further details.
Inferences, preferences, and other information	This category of information includes the derivation of information, data, assumptions, or conclusions from any other category of personal information to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We also may derive inferences about you based on your personal information and learn additional information about you, such as your contact mode preferences, calendar availability, contact time preferences, language preferences, and other similar information. From time to time, we may collect additional personal information including information about your medical conditions, disabilities or health, such as dietary restrictions, allergies, accommodation requirements, COVID-19 symptoms or exposure, kidney disease state, type and mode of dialysis treatment, clinical conditions, healthcare cost and claims data.
Sensitive Personal Information	This category of Personal Information is typically specifically defined under applicable privacy law. Sensitive Personal Information may include your government ID numbers, such as your social security, driver’s license, state identification card, or passport number; your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; your precise geolocation (generally, location data within a specified radius of your exact location); your racial or ethnic origin, religious or philosophical beliefs, or union membership affiliation; your biometric information where it is used to uniquely identify you; information about your mental or physical health or diagnoses; genetic data; information regarding your sex life or sexual orientation; and in some cases, the contents of your mail, emails and text messages unless we are the intended recipient of the communication. Please note, we do not collect biometric or genetic information at this time.

We have collected the same categories of personal information in the 12 months prior to the date of this notice.

Categories of Sources From Which We Collect Personal Information

Outset Medical processes personal information when you visit our Sites or interact with our Services (such as when you create an account, register for events, download content, or answer a survey) or when we interact with you offline, such as when you visit a facility, attend an event or trade show, or talk to us over the phone.

We also may collect information about you from other sources in the ordinary course of business, including, for example, from data aggregators who may not have a direct relationship with you or from other third parties who collect information about you on behalf of Outset Medical.

We also may collect information about you automatically, such as when we log certain information about your interactions with a Site or Service or from other systems, such as when you are in a facility that has installed CCTV security cameras.

How We May Use Your Personal Information

We may use your personal information for the following purposes:

Use	Description
To prepare to enter or to perform a contract or other agreement with you	To prepare to enter into or perform, a contract or other relationship with you, including the development, compliance, undertaking and performance the contract, such as when you agree to participate in usability testing, market research, speak at a forum or provide audio-visual testimonial data, or provide other services to us.
Provide information about our business, the industry, and our solutions	To provide you with news, special offers, contests, sweepstakes, events, marketing communications, and general information about our products and services and the industry; to advertise online and offline, which may be targeted to you based on your use of the Site(s), Services, or your activity elsewhere online and offline; to communicate with you about products, Sites, and Services, including by sending you announcements, updates, security alerts, and support and administrative messages; to communicate with you about events, surveys, or questionnaires; to assign a unique identifier to the personal information we collect about you, or combine this data or other information that we collect from or about you with other personal information about you, and use that information to supplement our existing databases; to undertake analytics and insights for purposes consistent with this notice; to understand your needs and interests, and personalize your experience with our Sites, Services advertisements and other communications
To engage in research and development	To engage in research and development purposes, including collection of information about your experiences with or opinions about Outset Medical or topics of importance in the industry via surveys, focus groups and other online or offline research activities; to engage in social listening (reviewing information about us, our products and the industry posted to public sources, such as social media), to understand how Outset Medical, its products, and the dialysis market are perceived, and to address market needs including product enhancements; to recruit for, enroll, or conduct clinical studies or gather real-world evidence
To operate our business, including our Sites, Services and products	To process transactions associated with our services; to provide, manage, and receive products and services; to provide support and maintenance for our Sites, Services and products; to improve and develop our business processes, Sites and Services; to create and administer your accounts with us; to attend to and manage your requests to us; to answer questions you have asked us and address concerns you have raised; to otherwise communicate with you; to provide recall and safety notices; to report adverse events and complaints; and to complete regulatory filings
To protect the Company and others and comply with laws	To protect our, your, or others’ rights, privacy, health, safety, or property, including, as permitted by law, by collecting reasonable information about vaccinations and infectious disease symptoms and exposure; to undertake reasonable efforts to monitor the use and security of our networks, assets, and facilities; to deter, identify, and investigate alleged fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; to pursue and/or defend legal claims and manage disputes; to audit our internal processes for compliance with our legal and contractual requirements and internal policies; to enforce the terms and conditions that govern our Sites, Services and agreements; to create reports and information required to comply with product safety and efficacy, including clinical study reporting, pre-market authorization information, and post market reporting, including adverse event reporting; to respond to lawful requests from governmental authorities, including writs, subpoenas, or legal discovery processes; and to undertake other efforts to protect the Company and others and comply with applicable law
Sensitive Personal Information (as permitted or required by law)	Where permitted or required by law: to perform services for you (including providing you information you request) or to provide goods; to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information; to resist malicious, deceptive, fraudulent, or illegal actions directed at Outset and to prosecute those responsible for those actions; to ensure the physical safety of natural persons; for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us; to perform services on behalf of Outset, such as to maintain or service accounts, provide customer service, or verify information or identity If we engage in other uses we will do so with your consent (or explicit consent as required) or as otherwise required or permitted by law.

Additionally, Outset may de-identify your personal information. Once personal information has been de-identified, it is no longer subject to this notice. We do not seek to re-identify information that has previously been de-identified.

How We May Disclose Your Personal Information
We may disclose your personal information with others in the following situations:
- Service Providers and Consultants: We may disclose your personal information to service providers and consultants who need it to perform their services for us. For example, we may host our Sites and Services on a service provider’s computers or process payment or use analytics companies to help us analyze data we collect from our Sites and Services.
- Business transfers: We may disclose or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- Affiliates: We may disclose your personal information to our Affiliates. The term Affiliates in this provision means our parent company and any other direct and indirect subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- Our Advisors: We may disclose your personal information to our professional advisors, such as our lawyers, tax advisors, technical advisors, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Business Partners: We may disclose your personal Information to our current or potential customers or with our other business partners, such as third-party advertisers, in the course of pursuing business or to offer you certain products, services or promotions.
- Law Enforcement, Regulators, or Others as Required by Law: In certain circumstances, we may disclose your personal information if we are required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency), or in connection with an investigation of fraud, for the administration of justice, to prevent or address potential intellectual property infringement, or other activity that is unlawful or that could, in our reasonable judgment, expose us or you to legal liability. We may also release personal information if, in our reasonable judgment, it may prevent the death or serious injury of an individual.
Personal Information We Sold, Shared or Used for Targeted Advertising and Recipients

Although we do not currently provide personal information to other in exchange for monetary compensation, certain laws broadly define the term “sale” of personal information to include activities where personal information is disclosed as part of the provision of services, such as targeted advertising. Under that broad definition, in the past 12 months, we have sold certain categories of personal information. For example, when we engage in digital advertising, we may sell the following categories of personal information, share them for purposes of cross-context behavioral advertising, or otherwise use them for targeted advertising: identifiers (IP address) and internet or other electronic activity information.

These categories of personal information are sold to or shared for cross-context behavioral advertising or targeted advertising with advertising networks and other companies that facilitate digital advertising. We do so by allowing third parties to place cookies or other trackers on our Sites that may collect information about your online activities over time and across different websites or applications. This allows us to reach people that are most likely to be interested in the products or Services we provide. The data may be used to provide you with personalized content and present you with third party products or services in which you may be interested. For more information about the use of cookies and trackers, see our Cookie Policy.

In certain jurisdictions you have the right to opt out of sales and sharing of personal information. To do so, please click here.
Retention of Your Personal Information

We consider several factors in determining how long we retain personal information. For example, we retain your personal information for as long as your account is active; for as long as is necessary to effect the purposes consistent with those set out in this notice or for which the personal information was collected, or as otherwise required or permitted by law (for example, to resolve disputes, protect our assets, and enforce our legal agreements and policies). We also may retain information to support retention policies and processes designed to accommodate availability of information, or to enable us to pursue or defend our rights or those of others during applicable limitations periods. At the end of the retention period, we will either securely delete or destroy your personal information, or we will de-identify it so that it no longer constitutes personal information.
Use or Disclosure of Sensitive Personal Information
Automated Processing

Automated decisions: (a) are made about individuals; (b) are based exclusively on the automated processing of personal information; and (c) produce legal effects that significantly impact the individuals about whom they are made. Although we may use automated tools to help facilitate our decision making, our processing is overseen by a member of our workforce. If we engage in automated decision making, we will inform the individuals whose personal information is subject to the automated processing, and, as required by law, provide them with an opportunity to engage us on, and object to, the outcome of the automated decision-making process.
Our Legal Bases
In some jurisdictions, we must inform you of the legal bases we may rely upon to collect and further process your personal information.
- To prepare to enter into an agreement or relationship with you, or to perform our agreements with you;
- To comply with a legal obligation;
- For our legitimate business interests, which will be assessed in connection with the specific use of your personal information;
- With your consent (or with your explicit consent if required by law), which we will request from you.
Withdrawing your Consent

When we process your personal information with your consent or your explicit consent, you may always withdraw your consent in whole or in part at any time. Once we have received your notice to withdraw your consent, we will no longer process the personal information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds that override your interests, rights and freedoms, for example, to comply with a legal obligation, or for the establishment, exercise, or defense of legal claims. If we process your personal information for direct marketing purposes, you have the right to object at any time, in which case we will stop processing your information for such purposes. Withdrawal of your consent does not affect the lawfulness of any processing that we undertook prior to your action to withdraw consent. If you withdraw consent to future processing of your personal information, we may not be able to contact or interact with you as originally planned when you first provided your consent.
Transfer of Your Personal Information

Your personal information is processed at our operating offices and in any other places where the parties involved in the processing are located, such as where our service providers are located. As a result, your personal information may be transmitted to, accessed from and/or stored in locations outside of your jurisdiction where the data privacy laws may be different from those in your jurisdiction.

When we transfer your personal information to another jurisdiction, it is our practice to take steps designed to ensure that your personal information is treated in accordance with this notice, and that transfers of your personal information to an organization or a country will be subject to adequate controls designed to protect the confidentiality, integrity and availability of your personal information.
Security of Your Personal Information

The security of your personal information is important to us, and we maintain reasonable administrative, technical and physical safeguards that are designed to protect your personal information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Your Individual Rights
If you are a California resident, please see the specific information on your rights found below in the California Resident Information and Rights section and disregard this section.

In some jurisdictions, you may be entitled to exercise certain rights relating to your personal information. Even where applicable law provides for these rights, they may be subject to certain conditions, limits, and exceptions. These rights may include the following:
- Request us to confirm whether we process your personal information, and if we do, to obtain access to and certain information about it;
- Require the correction of your personal information if it is inaccurate or incomplete;
- Direct us to stop processing your personal information under certain circumstances;
- Erase or delete your personal information, for example, where it is no longer needed to achieve the purpose for which it was collected;
- Restrict the further Processing of personal information, including under some laws, to opt out of the processing of the personal information for purposes of (i) targeted advertising, or (ii) the sale of personal data;
- Request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; or
- Request to receive your personal information for transmission to, or if required by law, to directly transmit it on your behalf to another data controller in a structured, commonly used and machine-readable format.
You may make seek to exercise your individual rights by clicking here or by contacting us via one of the mechanisms provided in the Contact Us section of this notice. We will process your requests in accordance with applicable law.

If you wish to exercise your rights related to the medical or other personal information that we process as a service provider to your healthcare provider, please contact your healthcare provider directly.

To protect your privacy, we will take reasonable steps to verify your identity before complying with any rights requests. If you fail to verify your identity, we may be unable to fulfill your request.

Your requests will typically be fulfilled at no charge to you. However, in certain cases, applicable law may entitle us to charge a fee. If we are entitled to charge a fee and intend to do so, we will follow procedures required by law.

In certain circumstances, applicable law may permit us to deny your request. If we deny your request, we will inform you of the reasons why we did so. You may appeal a denial by contacting the Outset Medical Data Privacy Office at [email protected]. You may also be entitled to file a complaint with your local regulator.
Your Privacy Choices

Please refer to our Cookie Policy on how to change your cookie settings.

You may have an opportunity to elect to receive recurring marketing or promotional communications from us. Our communications will include instructions on how to update certain information about you, including how to unsubscribe from our e-mails. You may also contact us at [email protected] to unsubscribe or adjust your marketing preferences. If you elect to unsubscribe from some or all communications, we will complete your request within 30 business days, or sooner if required by law.

In addition, some of our business partners that collect information about your activity on or through our Sites may participate in programs that provide you with choices regarding the use of your browsing behavior or mobile application usage for purposes of targeted advertising. You may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here, the Digital Advertising Alliance by clicking here, the European Interactive Digital Advertising Alliance by clicking here, or the Digital Advertising Alliance of Canada, by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms linked above.

Finally, your browsers or mobile device settings may provide functionality to limit our ability to use cookies, to alert you before a cookie is dropped onto your computing device, or to limit our ability to otherwise engage in ad tracking or targeted advertising, including by location, using the advertising ID associated with your mobile device and/or location settings. If you choose to turn on settings blocking cookies or opting-out of targeted advertisements and/or if you turn off location settings, you will still see advertisements online, but they may not be relevant to you.
Do Not Track Signals

Global Privacy Control signals are opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. Due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).

While the Site that links to this notice recognizes Global Privacy Control signals, our Sites do not respond to or honor other Do Not Track instructions, which are preferences that users can set in certain web browsers. If you do not leverage the Global Privacy Control signal, you can, however, adjust your web browser’s privacy preferences regarding the use of most cookies, through your browser’s privacy settings. Unless you choose to block cookies, some of our Sites may issue cookies when you visit them or click on an e-mail link that we send to you, even if you have previously deleted our cookies. Deleting or blocking cookies may impact your experience while interacting with the Site(s), and some features may not work without cookies.
Children’s Privacy

Our Sites are not designed for, and we do not knowingly collect personally identifiable information from, users under the age of 13 (or in some jurisdictions, under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal information via our Site(s), please contact us via email at [email protected]. If we become aware that we have collected personal information from anyone under the age of 13 (or in some jurisdictions, 16) without verification of parental consent, we will take steps to remove it from our systems.

We may also limit how we collect, use, and store some of the personal information of users between 13 and 18 years of age. In some cases, this means we will be unable to provide certain functionality of the Service to these users.

If we need to rely on consent as a legal basis for processing your personal information and your jurisdiction requires consent from a parent, we will require your parent’s consent before we collect and use that information.
Changes to this Notice

We may update this notice from time to time. When we do so, we will update the “Last updated” date at the top of this notice. In addition, when there are material changes to this notice, we will post a notice on our Site advising you of the update. We encourage you to review this notice periodically for any changes. Changes to this notice are effective when they are posted on this page. Your continued use of the Site after the posting of any amended notice constitutes your agreement to be bound by any changes.
Third Party Websites
Accessibility

We value your input and feedback. If you have any questions, comments or concerns about this notice or our personal information handling practices, you can contact us:

By E-mail at:	[email protected]
By Post at:	Attn: Privacy Officer c/o Outset Medical Legal Department 3052 Orchard Drive San Jose, CA 95134
By Phone at:	+1-844-MY TABLO (+1-844-698-2254)

California Resident Information And Rights
Excluded Information
Certain information is not subject to this California Resident Information and Rights section. The excluded information primarily includes:
- Consumer information that is lawfully made available from federal, state, or local government records or information that we have a reasonable basis to believe is lawfully made available to the general public from widely distributed media or by you; or information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience;
- Consumer information that is de-identified or aggregated;
- Certain healthcare information, including information covered by the Health Insurance Portability and Accountability Act of 1996 or the California Confidentiality of Medical Information Act;
- Personal information covered by certain privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994;
- Personal information that is processed for scientific research purposes, including clinical trials, provided that the information is processed subject to applicable ethics, confidentiality, privacy and security requirements;
- Any information that we process on behalf of another company, including healthcare information, in which case that company’s privacy statement, policy, and/or notice will control; and
- Any other information that is excluded by applicable California laws.

Categories of Personal Information We Collect and Disclose

We summarize below the categories of personal information that we disclose to others. The categories below are the same as those further described above in the Information We Collect about You section.

Category of Personal Information Collected	Categories of Third Parties to Whom we have Disclosed Personal Information for a Business Purpose
Identifiers	Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice)
Customer Information	Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers)
Commercial Information	Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice)
Professional or Employment Information	Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants
Audio, electronic, visual, thermal, olfactory, or similar sensory information	Service Providers such as IT SaaS providers and Service Providers who help us operate our business such as CCTV providers, photographers and videographers; Business Partners such as customers and potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers)
Protected Classification Characteristics	Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants; Business Partners such travel booking partners
Internet and Other Electronic Activity Information	Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants or IT consultants; Business Partners such as benefits providers and travel booking partners; Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice).
Inferences, preferences, and other information	Service Providers such as IT SaaS providers, Service Providers who help us operate our business such as skills, aptitude or other assessment providers, and Consultants such as business process consultants; Business Partners such as travel booking partners, customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice).

We may also disclose the above categories of personal information (a) to our affiliates, (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Individual Rights of California Residents
As a California Resident you have certain rights in relation to your personal information.

Your Right to Request Disclosure of Information We Collect and Share About You. We are committed to ensuring that you know what personal information we collect. To that end, you can ask us for any or all of following types of information regarding the personal information we have collected about you on or after January 1, 2022:
- Specific pieces of personal information we have collected about you;
- Categories of personal information we have collected about you;
- Categories of sources from which such personal information was collected;
- Categories of personal information that the business sold, shared, or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling your personal information.
Your Right to Correct Inaccurate Personal Information. Upon your request, we will correct personal information we have about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will take steps to determine the accuracy of the personal information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the personal information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct in order to assist us in evaluating the request.

Your Right to Request Deletion of Personal Information We Have Collected About You. Upon your request, we will delete the personal information we have collected about you, subject to certain legal exceptions.

Your Right to Ask Us Not to Sell or Share Personal Information We Have Collected About You.

Our Sale or Sharing of Personal Information

From time to time we may sell personal information by allowing third parties that facilitate digital advertising to place cookies and other trackers that collect information about your browsing and interactions with other websites and to use that information to deliver information to you about products and services in which you may be interested. We may also share personal information in certain instances where we disclose it for purposes of engaging in cross-context advertising.

We do not knowingly sell the personal information of minors under the age of 16.

Opting Out of the Sale of Personal Information

You can direct us not to sell your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.

Your right to Ask us Not to Share your Personal Information We Have Collected About You. You can direct us not to share your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.

Global Privacy Control. Please refer to the Do Not Track Signals section of this notice.

Exercising Your Rights and How We Will Respond

To exercise any of the rights above, or to ask a question, contact us at 844-MY TABLO (844-698-2256), complete and submit our Data Request Form or use the contact details set out in this Policy.

For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.

For requests to stop the sale or sharing of your personal information, we will comply no later than 15 business days after receipt of your request.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

Our Commitment to Honoring Your Rights

If you exercise any of the rights explained in this policy, we will continue to treat you fairly. We do not, however, provide products and services directly to consumers. We primarily provide products and services to healthcare entities and providers as a business associate under HIPAA, which is exempt from the coverage of the CCPA.

Identity Verification

We are required to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. Where possible, we will attempt to verify your identity by asking you to confirm information that we have on file about you or your interactions with us. Where we must ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer. You do not need to create an account with us to exercise your rights. If you fail to verify your identity, we cannot fulfill your request. We will notify you to explain the basis of the denial.

Authorized Agents

You can designate an “authorized agent” to submit verifiable consumer requests on their behalf. The agent can be a natural person or a business entity.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process:
- Requests to Know, Delete or Correct Personal Information: If the agent submits a request, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
- Requests to Opt-Out of Sale or Sharing: If the agent submits a request to opt out of the sale of your personal information or the sharing of your personal information for purposes of cross-context behavioral marketing, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Shine the Light

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of personal information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. However, we have not disclosed your personal information third parties for direct marketing purposes in the preceding calendar year.

Outset Medical Privacy Notice

Tablo Coordinators Program

EMR Connect

Discover Dialysis

Vascular Access Program

Destination Home

Bridge Program

Tablo E-Learning

Service & Support