Skip to content

Privacy Policy

Last updated: 04/23/2021

Thank you for visiting the Outset Medical (“Outset,” “We,” “Us,” “Our,” “The Company”) Privacy Policy.  This Privacy Policy describes our policies and procedures regarding the collection, use and disclosure of personal information collected through our Website (https://www.outsetmedical.com), as well as from our offline interactions with you and our other business relationships. This policy also discusses your privacy rights and how the law protects you.

By using our Site or our services (the “Service”), You agree to the collection and use of information in accordance with this Privacy Policy.

If you require a copy of this Privacy Policy in an alternative accessible format, please contact us at [email protected]

The Information We May Collect

We may collect different types of Personal Information from a variety of sources, including during your interaction with us or our Services. Below we describe the different types of information we may collect:

  • Personal Information Received from You. Personal information is any information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked with an identified or identifiable individual. We may collect Personal Information directly from you. For example, when you use our Website, We may ask you to provide us with certain information that can be used to contact or identify you. We may also collect this information from you in other contexts (e.g., trade shows). The Personal Information we collect directly from you will include:
  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Personal Information Received from You Related to Treatment. We also collect certain information from you, your healthcare providers, or third parties when you use Outset products such as Tablo, or when you provide us with feedback about your use of Tablo. This Personal Information collected will include:
    • Name
    • Home Address
    • Location where treatment is performed (e.g., hospital, clinic, or even your home for Tablo users)
    • Phone number
    • Email address
    • Age
    • Sex
    • Ethnicity/Race
    • Modality of Treatment (In-center Dialysis, In-Center self-care, etc.)
    • Patient Training Data (e.g., number of training sessions used, type of training completed, time spent on training modules, etc.)
    • Responses to Patient Surveys, Care Partner Surveys, and Health Care Provider Surveys
    • Facility-Level Data (e.g., nursing hours per week, patient ratio, hospitalizations, etc.)
    • Device log time for treatments (e.g., actual time on the machine, treatment adherence, alarms, etc.)
    • Medical Record Number
    • Tablo Device Serial Number
  • Usage Data. We automatically collect certain usage data when you use our Website. This may include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
  • Mobile Device Data. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our Website or when you access our Website by or through a mobile device.
  • Tracking Technologies and Cookies. We use Cookies and similar tracking technologies, such as beacons, tags, and scripts, to track the activity on our Website and store certain information. These help us to collect and track information and to improve and analyze our Website, as well as to deliver and improve our advertisements. For more information about our use of Cookies, please see the section of this Privacy Policy titled Cookies and Other Tracking Technologies.
  • Information Received from Our Business Partners. We may receive Personal Information that has been collected or aggregated by one of our business partners.
  • Applicant Data. If you are applying for a job with Outset Medical, we may collect certain Personal Information from your job application or your references, such as your name, postal address, email address, phone number, education information, professional information including job history and background check information, and any other Personal Information you choose to submit along with your application.
  • Employee Data. If you are an employee of Outset Medical, we may collect certain Personal Information about you in the context of your role as an Outset employee and from your colleagues and business contacts in the course of your employment. This information includes personal identifiers and other contact information, financial information, Internet or other network activity information about your use of IT resources, audio/visual information as may be collected on CCTVs for locations with AV security monitoring, education information, professional or other employment-related information, and information for background check purposes.

How We May Use Your Personal Information

We may use your Personal Information for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account, including to manage your registration as a user of the Service. The Personal Information you provide can give you access to different functionalities of the Service that are available to you as a registered user.
  • For the performance of a contract, including the development, compliance, undertaking and performance of a purchase contract for the products, items or services you have purchased or of any other contract with Us through the Service.
  • To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
  • To attend to and manage your requests to us, answer questions you have asked us, and to otherwise communicate with you.

Additionally, Outset may de-identify your Personal Information and use it for internal purposes such as providing feedback on current processes and identifying areas for improvement, among other purposes.  Outset may also disclose that de-identified Personal Information for purposes such as reporting on patient satisfaction, patient treatment time, recovery time, and other purposes. Any Personal Information considered Protected Health Information used for these internal administration purposes is de-identified pursuant to the HIPAA safe harbor, which requires removal of 18 types of identifiers.

How We May Share Your Personal Information

We may share your Personal Information in the following situations:

  • With Service Providers: We may share your Personal Information with Service Providers to monitor and analyze the use of our Service, to show advertisements to you, to help support and maintain our Service, to contact you, to advertise on third party websites to you after you visited our Service, for payment processing, or otherwise to help support our business functions.
  • For Business transfers: We may share or transfer Your Personal Information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Affiliates: We may share your Personal Information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
  • With Business partners: We may share your Personal Information with our business partners to offer you certain products, services or promotions.
  • With other users: When you share Personal Information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you and view your profile.
  • With law enforcement, regulators, or other third parties as may be required by law: Under certain circumstances, we may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

We may also disclose your Personal Information to comply with a legal obligation, protect and defend the rights or property of Outset Medical, prevent or investigate possible wrongdoing in connection with the Services, protect the rights and personal safety of our employees, customers and others, or otherwise protect against or defend our rights, property and interests.

Retention of Your Personal Information

The Company will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or in the event that we are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Information

Your information, including Personal Information, is processed at Outset Medical’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Security of Your Personal Information

The security of your Personal Information is important to us, and we maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Processing Your Personal Information

Service Providers have access to your Personal Information only to perform certain tasks on our behalf. These entities are obligated not to disclose or use it for any other purpose.

Cookies and Other Tracking Technologies

We use Cookies and similar tracking technologies to track the activity on our Website and store certain information about you. Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.  We use cookies to support the functionality of our website, help us monitor activity on our site, and to support our marketing activities. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent; however, if you turn cookies off, you won’t have access to many features that make your website more efficient and some of our services will not function properly.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser. We use both session and persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies
    • Type: Session Cookies
    • Administered by: Us
    • Purpose: These Cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to support core site functionality, improve site security, authenticate users and prevent fraudulent use of user accounts. While you could disable cookies by changing browser settings, without these Cookies, the services that you have asked for cannot be provided or the site will not function as designed. We only use these Cookies to provide you with those services.
  • Cookies Policy / Notice Acceptance Cookies
    • Type: Persistent Cookies
    • Administered by: Us
    • Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality Cookies
    • Type: Persistent Cookies
    • Administered by: Us
    • Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our Website.
  • Analytics Tracking and Performance Cookies
    • Type: Persistent Cookies
    • Administered by: Third-Parties and by Us
    • Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. This includes Google Analytics services as described below. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website to see how our users react to them.
  • Advertising Cookies
    • Type: Persistent Cookies
    • Administered by: Third-Parties
    • Purpose: Cookies that are used to collect information about your visit to our site, including the content you have viewed, the links you have followed and information about your browser, device and your IP address.

Analytics

As discussed in our Cookies disclosure above, we may use third-party Service Providers, including those discussed below, to monitor and analyze the use of our Website.

  • Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Email Marketing

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us via email at: [email protected]

Behavioral Remarketing

We may use remarketing services, including those discussed below, to advertise on third party websites to you after you visit our Website. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Website.

Usage, Performance and Miscellaneous

We may use third-party Service Providers, including those discussed below, to help improve the performance of our Website.

  • Invisible reCAPTCHA. We use an invisible captcha service named reCAPTCHA. reCAPTCHA is operated by Google. The reCAPTCHA service may collect information from you and from your device for security purposes. The information gathered by reCAPTCHA is held in accordance with the Privacy Policy of Google: https://www.google.com/intl/en/policies/privacy/

CCPA Privacy Rights and Disclosures

Your Rights under the California Consumer Privacy Act (“CCPA”) and other California Privacy Laws

Under this Privacy Policy, and by law if You are a resident of California, You have the following rights:

  • The right to notice. You must be properly notified which categories of Personal Information are being collected and the purposes for which the Personal Information is being used.
  • The right to learn who we share personal information with for third parties’ direct marketing purposes: You may request and obtain from the Company information regarding the disclosure of Your Personal Information that has been disclosed in the past 12 months by the Company or its subsidiaries to a third-party for the third party’s direct marketing purposes.
  • The right to say no to the sale of Personal Information.We do not sell your Personal Information.
  • The right to know about and request access to Your Personal Information. You have the right to request and obtain from the Company information regarding the disclosure of the following:
    • The categories of Personal Information collected;
    • The sources from which the Personal Information was collected;
    • The business or commercial purpose for collecting or selling the Personal Information;
    • Categories of third parties with whom We share Personal Information; and
    • The specific pieces of Personal Information we collected about You.
  • The right to delete Personal Information. You also have the right to request the deletion of Your Personal Information that have been collected in the past 12 months.
  • The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your CCPA rights, including by:
    • Denying goods or services;
    • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties;
    • Providing a different level or quality of goods or services; or
    • Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

Requests for Medical Information and Protected Health Information

We are a business associate that may process information governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”).  The CCPA does not apply to medical information governed or protected health information collected by a business associate that is governed by HIPAA or HITECH. Accordingly, we will not approve requests that relate to this information.

Further, we act as a Service Provider to the healthcare providers that we work with. In this context, we process Personal Information that has been collected from you by your healthcare provider. If you would like to exercise your CCPA rights with regards to this information, please contact your healthcare provider directly.

Exercising Your CCPA Rights to Know and to Access Your Personal Information

If you are a California resident, you have the right to request that we disclose certain information related to our collection, use, and disclosure of your Personal Information. 

You may exercise these CCPA rights by emailing us at [email protected] or calling us at 844-MY-TABLO.  We will ask you for certain limited verifying information that matches the information we have on your account.  This may include your name, email address, zip code, and phone number associated with your account or relationship with us, which we will use to verify your request.

We will disclose and deliver the required information free of charge within 45 calendar days of receiving your verifiable CCPA request. The time period to provide the required information may be extended once by an additional 45 calendar days when reasonably necessary and with prior notice.

Exercising Your CCPA Right to Delete Your Personal Information

If you are a California resident, you have the right to request that we delete any personal information about you which we have collected from you. 

As above, You may exercise this CCPA right by emailing us at [email protected] or calling us at 844-MY-TABLO. We will ask you for certain limited verifying information that matches the information we have on your account.  This may include your name, email address, zip code, and phone number associated with your account or relationship with us, which we will use to verify your request.

We will delete the requested information within 45 calendar days of receiving your verifiable CCPA request. The time period to provide the required information may be extended once by an additional 45 calendar days when reasonably necessary and with prior notice.

Exercising Your CCPA Right to Opt Out (“Do Not Sell My Personal Information”)

We do not sell your Personal Information. However, our advertising partners use technology on the Service for purposes of retargeting you for marketing, including for third party products and services. If you wish to opt out of the use of your Personal Information for interest-based advertising purposes, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that you use.

  • Website. You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
    • “Cookie Consent” notice banner
    • “Your Advertising Choices” link
  • Mobile Devices. Your mobile device may give you the ability to opt out of the use of targeted advertising based on information about the mobile applications you use. You can opt out of these advertisements using “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices and “Limit Ad Tracking” on iOS devices. You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.

Do Not Track Signals

Our Service does not respond to Do Not Track signals.

Children’s Privacy

Our Website is not designed for users under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us via email at: [email protected] If we become aware that we have collected Personal Information from anyone under the age of 13 without verification of parental consent, we will take steps to remove that Personal Information from our systems.

We may also limit how we collect, use, and store some of the Personal Information of users between 13 and 18 years of age. In some cases, this means we will be unable to provide certain functionality of the Service to these users.

If we need to rely on consent as a legal basis for processing your Personal Information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.

Links to Other Websites

Our Website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us by email at [email protected]

Or write to us at: Outset Medical, 3052 Orchard Drive, San Jose, CA 95134.