Last updated: 04/23/2021
The Information We May Collect
We may collect different types of Personal Information from a variety of sources, including during your interaction with us or our Services. Below we describe the different types of information we may collect:
- Personal Information Received from You. Personal information is any information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked with an identified or identifiable individual. We may collect Personal Information directly from you. For example, when you use our Website, We may ask you to provide us with certain information that can be used to contact or identify you. We may also collect this information from you in other contexts (e.g., trade shows). The Personal Information we collect directly from you will include:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Personal Information Received from You Related to Treatment. We also collect certain information from you, your healthcare providers, or third parties when you use Outset products such as Tablo, or when you provide us with feedback about your use of Tablo. This Personal Information collected will include:
- Home Address
- Location where treatment is performed (e.g., hospital, clinic, or even your home for Tablo users)
- Phone number
- Email address
- Modality of Treatment (In-center Dialysis, In-Center self-care, etc.)
- Patient Training Data (e.g., number of training sessions used, type of training completed, time spent on training modules, etc.)
- Responses to Patient Surveys, Care Partner Surveys, and Health Care Provider Surveys
- Facility-Level Data (e.g., nursing hours per week, patient ratio, hospitalizations, etc.)
- Device log time for treatments (e.g., actual time on the machine, treatment adherence, alarms, etc.)
- Medical Record Number
- Tablo Device Serial Number
- Usage Data. We automatically collect certain usage data when you use our Website. This may include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
- Mobile Device Data. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our Website or when you access our Website by or through a mobile device.
- Information Received from Our Business Partners. We may receive Personal Information that has been collected or aggregated by one of our business partners.
- Applicant Data. If you are applying for a job with Outset Medical, we may collect certain Personal Information from your job application or your references, such as your name, postal address, email address, phone number, education information, professional information including job history and background check information, and any other Personal Information you choose to submit along with your application.
- Employee Data. If you are an employee of Outset Medical, we may collect certain Personal Information about you in the context of your role as an Outset employee and from your colleagues and business contacts in the course of your employment. This information includes personal identifiers and other contact information, financial information, Internet or other network activity information about your use of IT resources, audio/visual information as may be collected on CCTVs for locations with AV security monitoring, education information, professional or other employment-related information, and information for background check purposes.
How We May Use Your Personal Information
We may use your Personal Information for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage Your Account, including to manage your registration as a user of the Service. The Personal Information you provide can give you access to different functionalities of the Service that are available to you as a registered user.
- For the performance of a contract, including the development, compliance, undertaking and performance of a purchase contract for the products, items or services you have purchased or of any other contract with Us through the Service.
- To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
- To attend to and manage your requests to us, answer questions you have asked us, and to otherwise communicate with you.
Additionally, Outset may de-identify your Personal Information and use it for internal purposes such as providing feedback on current processes and identifying areas for improvement, among other purposes. Outset may also disclose that de-identified Personal Information for purposes such as reporting on patient satisfaction, patient treatment time, recovery time, and other purposes. Any Personal Information considered Protected Health Information used for these internal administration purposes is de-identified pursuant to the HIPAA safe harbor, which requires removal of 18 types of identifiers.
How We May Share Your Personal Information
We may share your Personal Information in the following situations:
- With Service Providers: We may share your Personal Information with Service Providers to monitor and analyze the use of our Service, to show advertisements to you, to help support and maintain our Service, to contact you, to advertise on third party websites to you after you visited our Service, for payment processing, or otherwise to help support our business functions.
- For Business transfers: We may share or transfer Your Personal Information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- With Business partners: We may share your Personal Information with our business partners to offer you certain products, services or promotions.
- With other users: When you share Personal Information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you and view your profile.
- With law enforcement, regulators, or other third parties as may be required by law: Under certain circumstances, we may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may also disclose your Personal Information to comply with a legal obligation, protect and defend the rights or property of Outset Medical, prevent or investigate possible wrongdoing in connection with the Services, protect the rights and personal safety of our employees, customers and others, or otherwise protect against or defend our rights, property and interests.
Retention of Your Personal Information
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or in the event that we are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Information
Your information, including Personal Information, is processed at Outset Medical’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Security of Your Personal Information
The security of your Personal Information is important to us, and we maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Processing Your Personal Information
Service Providers have access to your Personal Information only to perform certain tasks on our behalf. These entities are obligated not to disclose or use it for any other purpose.
Cookies and Other Tracking Technologies
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser. We use both session and persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies
- Type: Session Cookies
- Administered by: Us
- Purpose: These Cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to support core site functionality, improve site security, authenticate users and prevent fraudulent use of user accounts. While you could disable cookies by changing browser settings, without these Cookies, the services that you have asked for cannot be provided or the site will not function as designed. We only use these Cookies to provide you with those services.
- Cookies Policy / Notice Acceptance Cookies
- Type: Persistent Cookies
- Administered by: Us
- Functionality Cookies
- Type: Persistent Cookies
- Administered by: Us
- Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our Website.
- Analytics Tracking and Performance Cookies
- Type: Persistent Cookies
- Administered by: Third-Parties and by Us
- Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. This includes Google Analytics services as described below. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website to see how our users react to them.
- Advertising Cookies
- Type: Persistent Cookies
- Administered by: Third-Parties
- Purpose: Cookies that are used to collect information about your visit to our site, including the content you have viewed, the links you have followed and information about your browser, device and your IP address.
As discussed in our Cookies disclosure above, we may use third-party Service Providers, including those discussed below, to monitor and analyze the use of our Website.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us via email at: [email protected]
- Facebook remarketing service is provided by Facebook, Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the United States, by visiting https://www.aboutads.info/choices/, the Digital Advertising Alliance in Canada by visiting https://youradchoices.ca/, or the European Interactive Digital Advertising Alliance in Europe by visiting, https://www.youronlinechoices.eu/. You may also opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy, which is available at: https://www.facebook.com/privacy/explanation.
Usage, Performance and Miscellaneous
We may use third-party Service Providers, including those discussed below, to help improve the performance of our Website.
CCPA Privacy Rights and Disclosures
Your Rights under the California Consumer Privacy Act (“CCPA”) and other California Privacy Laws
- The right to notice. You must be properly notified which categories of Personal Information are being collected and the purposes for which the Personal Information is being used.
- The right to learn who we share personal information with for third parties’ direct marketing purposes: You may request and obtain from the Company information regarding the disclosure of Your Personal Information that has been disclosed in the past 12 months by the Company or its subsidiaries to a third-party for the third party’s direct marketing purposes.
- The right to say no to the sale of Personal Information.We do not sell your Personal Information.
- The right to know about and request access to Your Personal Information. You have the right to request and obtain from the Company information regarding the disclosure of the following:
- The categories of Personal Information collected;
- The sources from which the Personal Information was collected;
- The business or commercial purpose for collecting or selling the Personal Information;
- Categories of third parties with whom We share Personal Information; and
- The specific pieces of Personal Information we collected about You.
- The right to delete Personal Information. You also have the right to request the deletion of Your Personal Information that have been collected in the past 12 months.
- The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your CCPA rights, including by:
- Denying goods or services;
- Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of goods or services; or
- Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
Requests for Medical Information and Protected Health Information
We are a business associate that may process information governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”). The CCPA does not apply to medical information governed or protected health information collected by a business associate that is governed by HIPAA or HITECH. Accordingly, we will not approve requests that relate to this information.
Further, we act as a Service Provider to the healthcare providers that we work with. In this context, we process Personal Information that has been collected from you by your healthcare provider. If you would like to exercise your CCPA rights with regards to this information, please contact your healthcare provider directly.
Exercising Your CCPA Rights to Know and to Access Your Personal Information
If you are a California resident, you have the right to request that we disclose certain information related to our collection, use, and disclosure of your Personal Information.
You may exercise these CCPA rights by emailing us at [email protected] or calling us at 844-MY-TABLO. We will ask you for certain limited verifying information that matches the information we have on your account. This may include your name, email address, zip code, and phone number associated with your account or relationship with us, which we will use to verify your request.
We will disclose and deliver the required information free of charge within 45 calendar days of receiving your verifiable CCPA request. The time period to provide the required information may be extended once by an additional 45 calendar days when reasonably necessary and with prior notice.
Exercising Your CCPA Right to Delete Your Personal Information
If you are a California resident, you have the right to request that we delete any personal information about you which we have collected from you.
As above, You may exercise this CCPA right by emailing us at [email protected] or calling us at 844-MY-TABLO. We will ask you for certain limited verifying information that matches the information we have on your account. This may include your name, email address, zip code, and phone number associated with your account or relationship with us, which we will use to verify your request.
We will delete the requested information within 45 calendar days of receiving your verifiable CCPA request. The time period to provide the required information may be extended once by an additional 45 calendar days when reasonably necessary and with prior notice.
Exercising Your CCPA Right to Opt Out (“Do Not Sell My Personal Information”)
We do not sell your Personal Information. However, our advertising partners use technology on the Service for purposes of retargeting you for marketing, including for third party products and services. If you wish to opt out of the use of your Personal Information for interest-based advertising purposes, you may do so by following the instructions below.
Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that you use.
- Website. You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:
- “Cookie Consent” notice banner
- “Your Advertising Choices” link
- Mobile Devices. Your mobile device may give you the ability to opt out of the use of targeted advertising based on information about the mobile applications you use. You can opt out of these advertisements using “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices and “Limit Ad Tracking” on iOS devices. You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.
Do Not Track Signals
Our Service does not respond to Do Not Track signals.
Our Website is not designed for users under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us via email at: [email protected] If we become aware that we have collected Personal Information from anyone under the age of 13 without verification of parental consent, we will take steps to remove that Personal Information from our systems.
We may also limit how we collect, use, and store some of the Personal Information of users between 13 and 18 years of age. In some cases, this means we will be unable to provide certain functionality of the Service to these users.
If we need to rely on consent as a legal basis for processing your Personal Information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.
Links to Other Websites
Or write to us at: Outset Medical, 3052 Orchard Drive, San Jose, CA 95134.