Outset Medical Privacy Notice
Updated: June 30, 2024
Outset Medical (“Outset,” “We,” “Us,” “Our,” “the Company”) respects the privacy of your personal information.
-
This notice describes our practices regarding the collection and further processing of personal information that we collect through our websites and applications that link to this notice (“Sites”), as well as from our offline interactions and our other business relationships with you, where we decide the purposes and means of how we collect and further process your personal information (the “Services”). If you are a patient or caregiver of a patient who uses an Outset Medical Tablo product, please refer to additional information in the Tablo Hub User Agreement, and any information provided to by your health care provider regarding the use of your personal health information collected by Outset Medical via the Tablo Portal.
By using our Sites and otherwise interacting with us, you agree to the terms of our Terms of Use, including this Policy.
“Personal information” generally means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an identified or identifiable individual. The laws of some jurisdictions may define personal information more broadly than described above. Other jurisdictions’ laws may exclude certain information about you, such as your business contact details, from the definition of personal information. In interpreting this notice, we will apply the definition of personal information contained in applicable law.
This notice does not apply to the personal information we collect about our job applicants, employees or independent contractors. If you are an applicant for a job at Outset Medical, please refer to the Outset Medical Applicant Privacy Notice.
-
When we perform work for our customers, we may collect and further process personal information to provide our services to them. The terms of our customer contracts, and not this notice, may govern our collection, use and disclosure of that personal information.
-
Below we describe the categories of personal information we may collect from or about you.
Identifiers Name, alias, personal pronouns, contact details (such as e-mail addresses, phone numbers, physical addresses, and fax numbers), unique personal identifier, customer number, online identifier, account name, IP address, date of birth, social media handles, instant messaging account, signature, physical characteristics or description, passport number, driver’s license or state identification card number, insurance policy number, and similar information. Commercial Information History and records of products and services you have obtained from us or considered, or other purchasing or consuming histories or tendencies such as information required to facilitate transactions (including information required to facilitate issuance or receipt of payment), payment history and information such as details about the programs and activities in which you have participated, including conferences, focus groups, speaker programs and other events, and opinion data such as survey responses
We may also collect demographic data, such as income and age bracket information, family status, gender, hobbies, current provider information along with information you make available or that references you on the internet, including on social media, blogs, websites, news and educational journal articles.
Professional or Employment Information Professional or employment-related information, such as a description of your current or prospective positions, job title, employer, location, specialty; and professional history, including professional certifications and licenses, and institutional or other affiliations. Educational Information Educational history, such as education level obtained, school attended, and performance at school. Audio, electronic, visual, thermal or similar sensory information This category of information includes photographs, CCTV footage; recordings made during audio or video calls, focus groups, user groups, usability testing, conferences or events, testimonials, and otherwise; temperature readings and similar sensory data. Protected Classification Characteristics Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition (such as COVID-19 status, disability and accommodation information), physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status. Internet and Other Electronic Activity Information When you access our Sites, we may collect information about your use of systems or devices, including your system or network ID, IP address, operating system type and version number, manufacturer and model, screen resolution, browser type, browser version, the pages of a Site you visit, the time and date of your access to a Site, unique device identifiers, user name and passwords, and usage activity and diagnostic information, including access logs, activity logs, and electronic content produced using our systems. We may also collect other diagnostic data along with information your browser sends us when you visit our Sites including when you access our Sites through a mobile device.
We also use cookies and other similar technologies on our Sites. Refer to our Cookie Policy for further details.
Inferences, preferences, and other information This category of information includes the derivation of information, data, assumptions, or conclusions from any other category of personal information to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We also may derive inferences about you based on your personal information and learn additional information about you, such as your contact mode preferences, calendar availability, contact time preferences, language preferences, and other similar information.
From time to time, we may collect additional personal information including information about your medical conditions, disabilities or health, such as dietary restrictions, allergies, accommodation requirements, COVID-19 symptoms or exposure, kidney disease state, type and mode of dialysis treatment, clinical conditions, healthcare expenditures, mode of receiving healthcare treatment and claims data.
Consumer Health Data Consumer health data is personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This includes (but is not limited to) the following examples: information about your health conditions, treatment, diseases, or diagnosis; social, psychological, behavioral, and medical interventions; health-related surgeries or procedures; use or purchase of prescribed medication; bodily functions, vital signs, symptoms, or measurements of your body; diagnoses or diagnostic testing, treatment, or medication; gender-affirming care information; reproductive or sexual health information including reproductive health care; biometric data; genetic data; precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies; and data that identifies you when seeking health care services. Click here for more information about how we process Consumer Health Data. Sensitive Personal Information
This category of Personal Information may be specifically defined under applicable privacy laws. Sensitive Personal Information may include your government ID numbers, such as your social security, driver’s license, state identification card, or passport number; your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; your precise geolocation (generally, location data within a specified radius of your exact location); your racial or ethnic origin, religious or philosophical beliefs, or union membership affiliation; your biometric information where it is used to uniquely identify you; information about your mental or physical health or diagnoses, including information that may indicate access to reproductive healthcare, including pregnancy, fertility, termination, or contraception; genetic data; information regarding your sex life or sexual orientation; and in some cases, the contents of your mail, emails and text messages unless we are the intended recipient of the communication.
Please note, we do not collect genetic information at this time.
We have collected the same categories of personal information in the 12 months prior to the date of this notice.
-
Outset Medical processes personal information when you visit our Sites or interact with our Services (such as when you create an account, register for events, download content, or answer a survey) or when we interact with you offline, such as when you visit a facility, attend an event or trade show, or talk to us over the phone.
We also may collect information about you from other sources in the ordinary course of business, including, for example, from data aggregators who may not have a direct relationship with you or from other third parties who collect information about you on behalf of Outset Medical.
We also may collect information about you automatically, such as when we log certain information about your interactions with a Site or Service or from other systems, such as when you are in a facility that has installed CCTV security cameras.
-
We may use your personal information for the following purposes:
Use
Description
Pursuant to a contract or other agreement with you
To prepare to enter into, or to perform, a contract or other relationship with you, including the development, compliance, undertaking and performance the contract, such as when you agree to participate in usability testing, market research, speak at a forum or provide audio-visual testimonial data, or provide other services to us.
To provide information about our business, the industry, and our solutions
With your consent, to provide you with news, special offers, contests, sweepstakes, events, marketing communications, and general information about our products and services and the industry; to advertise online and offline, which may be targeted to you based on your use of the Site(s), Services, or your activity elsewhere online and offline; to communicate with you about products, Sites, and Services, including by sending you announcements, updates, security alerts, and support and administrative messages; to communicate with you about events, surveys, or questionnaires; to assign a unique identifier to the personal information we collect about you, or combine this data or other information that we collect from or about you with other personal information about you, and use that information to supplement our existing databases; to undertake analytics and insights for purposes consistent with this notice; to understand your needs and interests, and personalize your experience with our Sites, Services, advertisements and other communications.
To engage in research and development
To engage in research and development purposes, including collection of information about your experiences with or opinions about Outset Medical or topics of importance in the industry via surveys, focus groups and other online or offline research activities; to engage in social listening (reviewing information about us, our products and the industry posted to public sources, such as social media), to understand how Outset Medical, its products, and the dialysis market are perceived, and to address market needs including product enhancements; to recruit for, enroll, or conduct clinical studies or to gather real-world evidence.
To operate our business, including our Sites, Services and products
To process transactions associated with our Services; to provide, manage, and receive products and services; to provide support and maintenance for our Sites, Services and products; to improve and develop our business processes, Sites and Services; to create and administer your accounts with us; to attend to and manage your requests to us; to answer questions you have asked us and address concerns you have raised; to otherwise communicate with you; to provide recall and safety notices; to report adverse events and complaints; and to complete regulatory filings.
To protect ourselves and others and comply with laws
To protect our, your, or others’ rights, privacy, health, safety, or property, including, as permitted by law, by collecting reasonable information about vaccinations and infectious disease symptoms and exposure; to undertake reasonable efforts to monitor the use and security of our Sites, networks, assets, and facilities; to deter, identify, and investigate alleged fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; to pursue and/or defend legal claims and manage disputes; to audit our internal processes for compliance with our legal and contractual requirements and internal policies; to enforce the terms and conditions that govern our Sites, Services and agreements; to create reports and information required to comply with product safety and efficacy, including clinical study reporting, pre-market authorization information, and post market reporting, including adverse event reporting; to respond to lawful requests from governmental authorities, including writs, subpoenas, or legal discovery processes; and to undertake other efforts to protect ourselves and others and to comply with applicable law.
Sensitive Personal Information
We may collect and process Sensitive Personal Information only where permitted or required by law. Examples of these reasons include to perform services for you (including providing you with information you request) or to provide goods or Services to you or with your consent; to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information; to resist malicious, deceptive, fraudulent, or illegal actions directed at Outset and to prosecute those responsible for those actions; to ensure the physical safety of natural persons; for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us; to perform services on behalf of Outset, such as to maintain or service accounts, provide customer service, or verify information or identity.
If we engage in other uses we will do so with your consent (or explicit consent as required) or as otherwise required or permitted by law.
We may deidentify or collect deidentified data for these purposes described in this Notice. When collecting deidentified data, we will only process such data in a deidentified fashion and will not make any attempts to reidentify such data.
We do not knowingly collect, process, share, or sell the personal information of minors under the age of 16.
-
We may disclose your personal information with others in the following situations:
- Service Providers and Consultants: We may disclose your personal information to service providers and consultants who need it to perform their services for us. For example, we may host our Sites and Services on a service provider’s computers or process payment or use analytics companies to help us analyze data we collect from our Sites and Services.
- Business transfers: We may disclose or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- Affiliates: We may disclose your personal information to our Affiliates. The term Affiliates in this provision means our parent company and any other direct and indirect subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- Our Advisors: We may disclose your personal information to our professional advisors, such as our lawyers, tax advisors, technical advisors, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Business Partners: We may disclose your personal Information to our current or potential customers or with our other business partners, such as third-party advertisers, in the course of pursuing business or to offer you certain products, services or promotions.
- Law Enforcement, Regulators, or Others as Required by Law: In certain circumstances, we may disclose your personal information if we are required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency), or in connection with an investigation of fraud, for the administration of justice, to prevent or address potential intellectual property infringement, or other activity that is unlawful or that could, in our reasonable judgment, expose us or you to legal liability. We may also release personal information if, in our reasonable judgment, it may prevent the death or serious injury of an individual.
-
We do not Sell or Share consumer health data or personal health information.
If you are a user of certain portions of our Sites, from time to time we may sell personal information by allowing third parties that facilitate digital advertising to place cookies and other trackers that collect information about your browsing and interactions with other websites and to use that information to deliver information to you about products and services in which you may be interested. This allows us to reach people that are most likely to be interested in the products or Services we provide. The data may be used to provide you with personalized content and present you with third party products or services in which you may be interested. For more information about the use of cookies and trackers, see our Cookie Policy.
To exercise your right to opt out of sales and sharing of personal information, please click here.
-
We consider several factors in determining how long we retain personal information. For example, we retain your personal information for as long as your account is active; for as long as is necessary to fulfill the purpose described in this notice or for which it was collected, or as otherwise required or permitted by law (for example, to resolve disputes, protect our assets, and enforce our legal agreements and policies). We also may retain information to support retention policies and processes designed to accommodate availability of information, or to enable us to pursue or defend our rights or those of others during applicable limitations periods. At the end of the retention period, we will either securely delete or destroy your personal information, or we will deidentify it so that it no longer constitutes personal information.
-
We do not use or disclose sensitive personal information to create inferences or profiles about individuals or for any purposes other than providing our Services or with your consent.
-
Automated decisions: (a) are made about individuals; (b) are based exclusively on the automated processing of personal information; and (c) produce legal effects that significantly impact the individuals about whom they are made. Although we may use automated tools to help facilitate our decision making, our processing is overseen by a member of our workforce. If we engage in automated decision making, we will inform the individuals whose personal information is subject to the automated processing, and, as required by law, provide them with an opportunity to engage with us, and object to, the outcome of the automated decision-making process.
-
In some jurisdictions, we must inform you of the legal bases we may rely upon to collect and further process your personal information. Accordingly, the following legal bases apply to the personal information that we may collect from you:
- To prepare to enter into an agreement or relationship with you, or to perform our agreements with you;
- To comply with a legal obligation;
- For our legitimate business interests, which will be assessed in connection with the specific use of your personal information; or
- With your consent (or with your explicit consent if required by law), which we will request from you.
-
When we process your personal information based on your consent or your explicit consent, you may always withdraw your consent in whole or in part at any time. Once we have received your notice to withdraw your consent, we will no longer process the personal information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds that override your interests, rights and freedoms.For example, we may continue to process your personal information to comply with a legal obligation, or for the establishment, exercise, or defense of legal claims. If we process your personal information for direct marketing purposes, you have the right to object at any time, in which case we will stop processing your information for such purposes. Withdrawal of your consent does not affect the lawfulness of any processing that we undertook prior to your action to withdraw consent. If you withdraw consent to future processing of your personal information, we may not be able to contact or interact with you as originally planned when you first provided your consent. You may use the form here to withdraw your consent, or contact us directly at the addresses provided in the Contact Us section of this notice.
-
Your personal information is processed at our operating offices and in any other places where the parties involved in the processing are located, such as where our service providers are located. As a result, your personal information may be transmitted to, accessed from and/or stored in locations outside of your jurisdiction where the data privacy laws may be different from those in your jurisdiction.
When we transfer your personal information to another jurisdiction, it is our practice to take steps designed to ensure that your personal information is treated in accordance with this notice, and that transfers of your personal information to an organization or a country will be subject to adequate controls designed to protect the confidentiality, integrity, and availability of your personal information.
-
The security of your personal information is important to us, and we maintain reasonable administrative, technical and physical safeguards that are designed to protect your personal information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
-
In some jurisdictions, you may be entitled to exercise certain rights relating to your personal information. Even where applicable law provides for these rights, they may be subject to certain conditions, limits, and exceptions. These rights may include the following:
- Request that we confirm whether we process your personal information, and if we do, to obtain access to and certain information about it;
- Require us to correct your personal information if it is inaccurate or incomplete;
- Direct us to stop processing your personal information under certain circumstances;
- Request that we erase or delete your personal information, for example, where it is no longer needed to achieve the purpose for which it was collected;
- Request that we restrict the further processing of personal information, including under some laws, to opt out of the processing of the personal information for purposes of (i) targeted advertising, or (ii) the sale of personal data;
- Request that you not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; or
- Request to receive your personal information for transmission to, or if required by law, to directly transmit it on your behalf to another data controller in a structured, commonly used and machine-readable format.
You may make seek to exercise your individual rights by clicking here or by contacting us via one of the mechanisms provided in the Contact Us section of this notice. We will process your requests in accordance with applicable law.
If you wish to exercise your rights related to the medical or other personal health information that we process as a service provider to your healthcare provider, please contact your healthcare provider directly.
To protect your privacy, we will take reasonable steps to verify your identity before complying with any rights requests. If you fail to verify your identity, we may be unable to fulfill your request.
Your requests will typically be fulfilled at no charge to you. However, in certain cases, applicable law may entitle us to charge a fee. If we are entitled to charge a fee and intend to do so, we will follow procedures required by law.
In certain circumstances, applicable law may permit us to deny your request. If we deny your request, we will inform you of the reasons why we did so. You may appeal a denial by contacting the Outset Medical Data Privacy Office at [email protected]. You may also be entitled to file a complaint with your local regulator.
You may have additional rights based on the state or country of your residence, which are described in separate sections of this notice.
-
You may elect to receive recurring marketing or promotional communications from us. Our communications will include instructions on how to update information about yourself, and how to unsubscribe from our e-mails. You may also contact us at [email protected] to unsubscribe or to adjust your marketing preferences. If you elect to unsubscribe from some or all communications, we will complete your request within 30 business days, or sooner if required by law.
In addition, some of our business partners that collect information about your activity on or through our Sites may participate in programs that provide you with choices regarding the use of your browsing behavior or mobile application usage for purposes of targeted advertising. You may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here, the Digital Advertising Alliance by clicking here, the European Interactive Digital Advertising Alliance by clicking here, or the Digital Advertising Alliance of Canada, by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms who therefore may not participate in the opt-out mechanisms linked above.
Finally, your browser or mobile device settings may provide functionality to limit our ability to use cookies, to alert you before a cookie is dropped onto your computing device, or to limit our ability to otherwise engage in ad tracking or targeted advertising, including by location, using the advertising ID associated with your mobile device and/or location settings. If you choose to turn on settings blocking cookies or opting-out of targeted advertisements and/or if you turn off location settings, you may still see advertisements online, but they may not be relevant to you.
Please refer to our Cookie Policy for more information about our cookies practices, and more information regarding how to change your cookie settings.
-
Global Privacy Control signals are opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. Due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).
While the Site that links to this notice recognizes Global Privacy Control signals, our Sites do not respond to or honor other Do Not Track instructions, which are preferences that users can set in certain web browsers. If you do not leverage the Global Privacy Control signal, you can, however, adjust your web browser’s privacy preferences regarding the use of most cookies, through your browser’s privacy settings.
Please refer to our Cookie Policy for more information about our cookies practices, and more information regarding how to change your cookie settings.
-
Our Sites are not designed for, and we do not knowingly collect personally identifiable information from, users under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal information via our Site(s), please contact us via email at [email protected]. If we become aware that we have collected personal information from anyone under the age of 16 without verification of parental consent, we will take steps to remove it from our systems.
-
We may update this notice from time to time. When we do so, we will update the Effective Date at the top of this notice. In addition, when there are material changes to this notice, we will post a notice on our Site advising you of the update. We encourage you to review this notice periodically for any changes. Changes to this notice are effective when they are posted on this page. Your continued use of the Site after the posting of any amended notice constitutes your agreement to be bound by any changes.
-
Our Sites may contain links to other third-party websites, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policies posted on any website that you may access through our Sites.
-
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us at [email protected].
-
We value your input and feedback. If you have any questions, comments or concerns about this notice or our personal information handling practices, you can contact us:
By E-mail at:
By Post at:
Attn: Privacy Officer
c/o Outset Medical Legal Department
3052 Orchard Drive
San Jose, CA 95134By Phone at:
+1-844-MY TABLO (+1-844-698-2254)
-
If you are a resident of California, the following information and rights may apply to you. In this section of this notice, we may also refer to California Residents as “Consumers.”
Excluded Information
Certain information is not subject to this section. The excluded information includes:
- Consumer information that is lawfully made available from federal, state, or local government records or information that we have a reasonable basis to believe is lawfully made available to the general public from widely distributed media or by you; or information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience;
- Consumer information that is de-identified or aggregated;
- Certain healthcare information, including information covered by the Health Insurance Portability and Accountability Act of 1996 or the California Confidentiality of Medical Information Act;
- Personal information covered by certain privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994;
- Personal information that is processed for scientific research purposes, including clinical trials, provided that the information is processed subject to applicable ethics, confidentiality, privacy and security requirements;
- Any information that we process on behalf of another company, including healthcare information, in which case that company’s privacy statement, policy, and/or notice will control; and
- Any other information that is excluded by applicable California laws.
Categories of Personal Information We Collect and Disclose
We summarize below the categories of personal information that we collect from you and may and the third parties who may receive personal information about you when disclosed by us. For more information about the categories of personal information, see the Information We Collect About You section in this notice. .
Click here for information related to the selling or sharing of personal information.
Category of Personal Information Collected
Categories of Third Parties to Whom we have Disclosed Personal Information for a Business Purpose
Identifiers Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services;
Consultants such as business process consultants;
Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers);
Advertising partners, only as described in this notice.
Customer Information Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services;
Consultants such as business process consultants;
Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers)
Commercial Information Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services;
Consultants such as business process consultants;
Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers);
Advertising partners, only as described in this notice.
Professional or Employment Information Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants Audio, electronic, visual, thermal, or similar sensory information Service Providers such as IT SaaS providers and Service Providers who help us operate our business such as CCTV providers, photographers and videographers;
Business Partners such as customers and potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers)
Protected Classification Characteristics Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants;
Business Partners such travel booking partners
Internet and Other Electronic Activity Information Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants;
Business Partners such travel booking partners
Internet and Other Electronic Activity Information Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants or IT consultants;
Business Partners such as benefits providers and travel booking partners;
Advertising partners, only as described in this notice.
Inferences, preferences, and other information Service Providers such as IT SaaS providers, Service Providers who help us operate our business such as skills, aptitude or other assessment providers, and Consultants such as business process consultants;
Business Partners such as travel booking partners, customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers);
Advertising partners, only as described in this notice.
We may also disclose the above categories of personal information (a) to our Affiliates; (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law; (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction); or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Individual Rights of California Residents
As a California Resident you have certain rights in relation to your personal information.
Your Right to Request Disclosure of Information We Collect and Share About You. We are committed to ensuring that you know what personal information we collect. To that end, you can ask us for any or all of following types of information regarding the personal information we have collected about you in the previous 12 months:
- Specific pieces of personal information we have collected about you;
- Categories of personal information we have collected about you;
- Categories of sources from which such personal information was collected;
- Categories of personal information that the business sold, shared, or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling your personal information.
Your Right to Correct Inaccurate Personal Information. Upon your request, we will correct personal information we have about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will take steps to determine the accuracy of the personal information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the personal information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct in order to assist us in evaluating the request.
Your Right to Request Deletion of Personal Information We Have Collected About You. Upon your request, we will delete the personal information we have collected about you, subject to certain legal exceptions.
Your Right to Ask Us Not to Sell or Share Personal Information We Have Collected About You.
Our Sale or Sharing of Personal Information
From time to time we may sell personal information by allowing third parties that facilitate digital advertising to place cookies and other trackers that collect information about your browsing and interactions with other websites and to use that information to deliver information to you about products and services in which you may be interested. We may also share personal information in certain instances where we disclose it for purposes of engaging in cross-context advertising.
We do not knowingly sell the personal information of minors under the age of 16.
We do not knowingly sell consumer health data or personal health information.
Opting Out of the Sale of Personal Information
You can direct us not to sell your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at [email protected] or 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Your Right to Ask us Not to Share Personal Information We Have Collected About You. You can direct us not to share your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at [email protected] or 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Global Privacy Control. Please refer to the Do Not Track Signals section of this notice.
Exercising Your Rights and How We Will Respond
To exercise any of the rights above, or to ask a question, contact us at [email protected] or 844-MY TABLO (844-698-2256), complete and submit our Data Request Form, or use the contact details set out in this Policy.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
For requests to stop the sale or sharing of your personal information, we will comply no later than 15 business days after receipt of your request.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Honoring Your Rights
If you exercise any of the rights explained in this policy, we will continue to treat you fairly. We do not, however, provide products and services directly to consumers. We primarily provide products and services to healthcare entities and providers as a business associate under HIPAA, which is exempt from the coverage of the CCPA.
Identity Verification
We are required to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. Where possible, we will attempt to verify your identity by asking you to confirm information that we have on file about you or your interactions with us. Where we must ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer. You do not need to create an account with us to exercise your rights. If you fail to verify your identity, we cannot fulfill your request. We will notify you to explain the basis of the denial.
Authorized Agents
You can designate an “authorized agent” to submit verifiable consumer requests on your behalf. The agent can be a natural person or a business entity.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process:
- Requests to Know, Delete or Correct Personal Information: If the agent submits a request, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
- Requests to Opt-Out of Sale or Sharing: If the agent submits a request to opt out of the sale of your personal information or the sharing of your personal information for purposes of cross-context behavioral marketing, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of personal information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year.
-
Residents of the state of Washington have additional rights related to the collection and use of Consumer Health Data. Click here for more information about how we process Consumer Health Data.
-
Outset Medical does not process neural information. If at any time in the future we do begin to collect this information, we will obtain your consent prior to collection and processing.
