Outset Medical Privacy Notice
January 1, 2023
Outset Medical (“Outset,” “We,” “Us,” “Our,” “the Company”) respects the privacy of your personal information.
Introduction and Scope
This notice describes our practices regarding the collection and further processing of personal information that we collect through our websites and applications that link to this notice (“Sites”), as well as from our offline interactions and our other business relationships with you, where we decide the purposes and means of how we collect and further process your personal information (the “Services”).
The term “personal information” generally means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an identified or identifiable individual. The laws of some jurisdictions may define personal information more broadly than described above. Other jurisdictions’ laws may exclude certain information about you, such as your business contact details, from the definition of personal information. In interpreting this notice, we will apply the definition of personal information contained in applicable law.
Contract Data
When we perform work for our customers, we may collect and further process personal information to provide our services to them. The terms of our customer contracts, and not this notice, govern our collection, use and disclosure of that personal information. The customer’s privacy policy, and not this notice, governs how they may use and disclose your personal information.
Information We Collect About You
Outset Medical processes personal information when you visit our Sites or interact with our Services (such as when you create an account, register for events, download content, or answer a survey) or when we interact with you offline, such as when you visit a facility, attend an event or trade show, or talk to us over the phone.
We also may collect information about you from other sources in the ordinary course of business, including, for example, from data aggregators who may not have a direct relationship with you or from other third parties who collect information about you on behalf of Outset Medical.
We also may collect information about you automatically, such as when we log certain information about your interactions with a Site or Service or from other systems, such as when you are in a facility that has installed CCTV security cameras.
Below we describe the categories of personal information we may collect from or about you.
Identifiers |
Name, alias, preferred pronouns, contact details (such as e-mail addresses, phone numbers, physical addresses, and fax numbers), unique personal identifier, customer number, online identifier, account name, IP address, date of birth, social media handles, instant messaging account and similar information |
Customer Information |
Information that identifies, relates to, describes, or is capable of being associated with you, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information (such as COVID-19 status, disability and accommodation information), or health insurance information |
Commercial Information |
History and records of products and services you have obtained from us or considered, or other purchasing or consuming histories or tendencies such as information required to facilitate transactions (including information required to facilitate issuance or receipt of payment), payment history and information such as details about the programs and activities in which you have participated, including conferences, focus groups, speaker programs and other events, and opinion data such as survey responses We may also collect demographic data, such as income and age bracket information, family status, gender, hobbies, current provider information along with information you make available or that references you on the internet, including on social media, blogs, websites, news and educational journal articles. |
Professional or Employment Information |
Professional or employment-related information, such as a description of your current or prospective positions, job title, employer, location, specialty, educational history, such as education level obtained, school attended, and performance at school and professional history, including professional certifications and licenses, and institutional or other affiliations |
Audio, electronic, visual, thermal, olfactory, or similar sensory information |
This category of information includes photographs, CCTV footage; recordings made during audio or video calls, focus groups, user groups, usability testing, conferences or events, testimonials, and otherwise; temperature readings and similar sensory data. |
Protected Classification Characteristics |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information) |
Internet and Other Electronic Activity Information |
Where you access our Sites, we may collect information about your use of systems or devices, including your System or Network ID, IP address, operating system type and version number, manufacturer and model, screen resolution, browser type, browser version, the pages of a Site you visit, the time and date of your access to a Site, unique device identifiers, user name and passwords, and usage activity and diagnostic information, including access logs, activity logs, and electronic content produced using our systems. We may also collect other diagnostic data along with information your browser sends us when you visit our Sites including when you access our Sites through a mobile device. We also use Cookies and other similar technologies on our Sites. Refer to our Cookie Policy for further details. |
Biometric Information |
We may use fingerprint authentication or in certain high-security facilities we use have biometric security systems. |
Inferences, preferences, and other information |
This category of information includes the derivation of information, data, assumptions, or conclusions from any other category of personal information to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. We also may derive inferences about you based on your personal information and learn additional information about you, such as your contact mode preferences, calendar availability, contact time preferences, language preferences, and other similar information. From time to time, we may collect additional personal information including information about your medical conditions, disabilities or health, such as dietary restrictions, allergies, accommodation requirements, COVID-19 symptoms or exposure, kidney disease state, type and mode of dialysis treatment, clinical conditions, healthcare cost and claims data. |
How We May Use Your Personal Information
We may use your personal information for the following purposes:
To prepare to enter or to perform a contract or other agreement with you |
To prepare to enter into or perform, a contract or other relationship with you, including the development, compliance, undertaking and performance the contract, such as when you agree to participate in usability testing, market research, speak at a forum or provide audio-visual testimonial data, or provide other services to us. |
Provide information about our business, the industry, and our solutions |
To provide you with news, special offers, contests, sweepstakes, events, marketing communications, and general information about our products and services and the industry; to advertise online and offline, which may be targeted to you based on your use of the Site(s), Services, or your activity elsewhere online and offline; to communicate with you about products, Sites, and Services, including by sending you announcements, updates, security alerts, and support and administrative messages; to communicate with you about events, surveys, or questionnaires; to assign a unique identifier to the personal information we collect about you, or combine this data or other information that we collect from or about you with other personal information about you, and use that information to supplement our existing databases; to undertake analytics and and insights for purposes consistent with this notice; to understand your needs and interests, and personalize your experience with our Sites, Services advertisements and other communications |
To engage in research and development |
To engage in research and development purposes, including collection of information about your experiences with or opinions about Outset Medical or topics of importance in the industry via surveys, focus groups and other online or offline research activities; to engage in social listening (reviewing information about us, our products and the industry posted to public sources, such as social media), to understand how Outset Medical, its products, and the dialysis market are perceived, and to address market needs including product enhandements; to recruit for, enroll, or conduct clinical studies or gather real-world evidence |
To operate our business, including our Sites, Services and products |
To process transactions associated with our services; to provide, manage, and receive products and services; to provide support and maintenance for our Sites, Services and products; to improve and develop our business processes, Sites and Services; to create and administer your accounts with us; to attend to and manage your requests to us; to answer questions you have asked us and address concerns you have raised; to otherwise communicate with you; to provide recall and safety notices; to report adverse events and complaints; and to complete regulatory filings |
To protect the Company and others and comply with laws |
To protect our, your, or others’ rights, privacy, health, safety, or property, including, as permitted by law, by collecting reasonable information about vaccinations and infectious disease symptoms and exposure; to undertake reasonable efforts to monitor the use and security of our networks, assets, and facilities; to deter, identify, and investigate alleged fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; to pursue and/or defend legal claims and manage disputes; to audit our internal processes for compliance with our legal and contractual requirements and internal policies; to enforce the terms and conditions that govern our Sites, Services and agreements; to create reports and information required to comply with product safety and efficacy, including clinical study reporting, pre-market authorization information, and post market reporting, including adverse event reporting; to respond to lawful requests from governmental authorities, including writs, subpoenas, or legal discovery processes; and to undertake other efforts to protect the Company and others and comply with applicable law |
Additionally, Outset may de-identify your personal information. Once personal information has been de-identified, it is no longer subject to this notice.
Applicants, Employees, Contractors
In addition to the general uses described above, we may engage in additional uses of personal information about our applicants, employees, and contractors, as described in this section.
Recruitment |
To process and manage applications and candidate referrals; To assess your capabilities for the role to which you have applied and other roles within the Company; to communicate with you about other positions that may be of interest to you; to onboard and orient new employees; to offer and provide you with compensation and to provide benefits to you and your dependents, as applicable; to review and address questions, survey feedback, complaints, and claims |
Workforce Management |
To engage with employees, contractors and contingent staff; to manage staffing levels, skills and skills needs, hours worked, project staffing requirements, budgeting, compensation and benefit managing and planning, and strategic planning, training and policy certification, corporate organizational structure, performance feedback and ratings, disciplinary actions, terminations, transfers, and promotions; to manage business travel, business meetings, conferences, and other similar business events; to manage leaves and absences; to process expense reimbursements; to review and address questions, survey feedback, complaints, and claims; to provide branded items, including clothing, awards, and other goods; to offer and manage optional programs, like contests and event; and to engage in communications and other interactions in the ordinary course of business |
Compliance with our legal obligations and our policies |
To comply with relevant laws, such as ensuring you possess the legal right to work in your jurisdiction and hold valid credentials to perform your role; to provide information related to mandatory diversity, safety and other reporting; and to comply with tax and other laws; where required or permitted by law, to perform pre-employment and post-employment background check information, debarment screening, licensure verification, vaccination status; to evaluate ergonomics, accommodation requirements and provide disability accommodations; to investigate allegations of improper conduct and manage compliance with our legal obligations and policies; to pursue or defend legal claims |
To protect the Company and others |
To maintain reasonable processes that are designed to protect the safety, security, health and wellbeing of our workforce, visitors to our facilities, and our property, which may include, as required or permitted by law, monitoring facility access, use of our assets, accidents and injuries, vaccination status and disease symptoms and exposure; to engage in reasonable location monitoring of our field-based employees |
To support our commitment to diversity, equity and inclusion programs |
Where required or permitted by law, to analyze and report on information related to diversity, equity and inclusion
|
To Whom We May Disclose Your Personal Information
We may disclose your personal information with others in the following situations:
- Service Providers and Consultants: We may disclose your personal information to service providers and consultants who need it to perform their services for us. For example, we may host our Sites and Services on a service provider’s computers or process payment.
- Business transfers: We may disclose or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company
- Affiliates: We may disclose your personal information to our Affiliates. The term Affiliates in this provision means our parent company and any other direct and indirect subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- Our Advisors: We may disclose your personal information to our professional advisors, such as our lawyers, tax advisors, technical advisors, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Business Partners:We may disclose your personal Information to our current or potential customers or with our other business partners in the course of pursuing business or to offer you certain products, services or promotions.
- Law Enforcement, Regulators, or Others as Required by Law:In certain circumstances, we may disclose your personal information if we are required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency), or in connection with an investigation of fraud, for the administration of justice, to prevent or address potential intellectual property infringement, or other activity that is unlawful or that could, in our reasonable judgment, expose us or you to legal liability. We may also release personal information if, in our reasonable judgment, it may prevent the death or serious injury of an individual.
Automated Processing
Automated decisions: (a) are made about individuals; (b) are based exclusively on the automated processing of personal information; and (c) produce legal effects that significantly impact the individuals about whom they are made. Although we may use automated tools to help facilitate our decision making, our processing is overseen by a member of our workforce. If we engage in automated decision making, we will inform the individuals whose personal information is subject to the automated processing, and, as required by law, provide them with an opportunity to engage us on, and object to, the outcome of the automated decision-making process.
Our Legal Bases
In some jurisdictions, we must inform you of the legal bases we may rely upon to collect and further process your personal information.
- To prepare to enter into an agreement or relationship with you, or to perform our agreements with you;
- To comply with a legal obligation;
- For our legitimate business interests, which will be assessed in connection with the specific use of your personal information;
- With your consent (or with your explicit consent if required by law), which we will request from you.
Withdrawing your Consent
When we process your personal information with your consent or your explicit consent, you may always withdraw your consent in whole or in part at any time. Once we have received your notice to withdraw your consent, we will no longer process the personal information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds that override your interests, rights and freedoms, for example, to comply with a legal obligation, or for the establishment, exercise, or defense of legal claims. If we process your personal information for direct marketing purposes, you have the right to object at any time, in which case we will stop processing your information for such purposes. Withdrawal of your consent does not affect the lawfulness of any processing that we undertook prior to your action to withdraw consent. If you withdraw consent to future processing of your personal information, we may not be able to contact or interact with you as originally planned when you first provided your consent.
Retention of Your Personal Information
We consider several factors in determining how long we retain personal information. For example, we retain your personal information for as long as your account is active; for as long as is necessary to effect the purposes consistent with those set out in this notice or for which the personal information was collected, or as otherwise required or permitted by law (for example, to resolve disputes, protect our assets, and enforce our legal agreements and policies). We also may retain information to support retention policies and processes designed to accommodate availability of information, or to enable us to pursue or defend our rights or those of others during applicable limitations periods. At the end of the retention period, we will either securely delete or destroy your personal information, or we will de-identify it so that it no longer constitutes personal information.
Transfer of Your Personal Information
Your personal information is processed at our operating offices and in any other places where the parties involved in the processing are located, such as where our service providers are located. As a result, your personal information may be transmitted to, accessed from and/or stored in locations outside of your jurisdiction where the data privacy laws may be different from those in your jurisdiction.
When we transfer your personal information to another jurisdiction, it is our practice to take steps designed to ensure that your personal information is treated in accordance with this notice, and that transfers of your personal information to an organization or a country will be subject to adequate controls designed to protect the confidentiality, integrity and availability of your personal information.
Security of Your Personal Information
The security of your personal information is important to us, and we maintain reasonable administrative, technical and physical safeguards that are designed to protect your personal information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Your Individual Rights
In some jurisdictions, you may be entitled to exercise certain rights relating to your personal information. If you are a California resident, please see the specific information on your rights found below in the California Resident Information and Rights section and disregard this section. Even where applicable law provides for these rights, they may be subject to certain conditions, limits, and exceptions. These rights may include the following:
- Request us to confirm whether we process your personal information, and if we do, to obtain access to and certain information about it;
- Require the correction of your personal information if it is inaccurate or incomplete;
- Direct us to stop processing your personal information under certain circumstances;
- Erase or delete your personal information, for example, where it is no longer needed to achieve the purpose for which it was collected;
- Restrict the further Processing of personal information, including under some laws, to opt out of the processing of the personal information for purposes of (i) targeted advertising, or (ii) the sale of personal data;
- Request not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; or
- Request to receive your personal information for transmission to, or if required by law, to directly transmit it on your behalf to another data controller in a structured, commonly-used and machine-readable format.
You may make seek to exercise your individual rights by clicking here or by contacting us via one of the mechanisms provided in the Contact Us section of this notice. We will process your requests in accordance with applicable law.
If you wish to exercise your rights related to the medical or other personal information that we process as a service provider to your healthcare provider, please contact your healthcare provider directly.
To protect your privacy, we will take reasonable steps to verify your identity before complying with any rights requests. If you fail to verify your identity, we may be unable to fulfill your request.
Your requests will typically be fulfilled at no charge to you. However, in certain cases, applicable law may entitle us to charge a fee. If we are entitled to charge a fee and intend to do so, we will follow procedures required by law.
In certain circumstances, applicable law may permit us to deny your request. If we deny your request, we will inform you of the reasons why we did so. You may appeal a denial by contacting the Outset Medical Data Privacy Office at [email protected]. You may also be entitled to file a complaint with your local regulator.
Your Privacy Choices
Please refer to our Cookie Policy on how to change your cookie settings.
You may have an opportunity to elect to receive recurring marketing or promotional communications from us. Our communications will include instructions on how to update certain information about you, including how to unsubscribe from our e-mails. You may also contact us at [email protected] to unsubscribe or adjust your marketing preferences. If you elect to unsubscribe from some or all communications, we will complete your request within 30 business days, or sooner if required by law.
In addition, some of our business partners that collect information about your activity on or through our Sites may participate in programs that provide you with choices regarding the use of your browsing behavior or mobile application usage for purposes of targeted advertising. You may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here, the Digital Advertising Alliance by clicking here, the European Interactive Digital Advertising Alliance by clicking here, or the Digital Advertising Alliance of Canada, by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms linked above.
Finally, your browsers or mobile device settings may provide functionality to limit our ability to use cookies, to alert you before a cookie is dropped onto your computing device, or to limit our ability to otherwise engage in ad tracking or targeted advertising, including by location, using the advertising ID associated with your mobile device and/or location settings. If you choose to turn on settings blocking cookies or opting-out of targeted advertisements and/or if you turn off location settings, you will still see advertisements online but they may not be relevant to you.
Do Not Track Signals
Global Privacy Control signals are opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. Due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).
While our Sites may respect Global Privacy Control signals where required, our Sites do not respond to or honor other Do Not Track instructions, which are preferences that users can set in certain web browsers. If you do not leverage the Global Privacy Control signal, you can, however, adjust your web browser’s privacy preferences regarding the use of most cookies, through your browser’s privacy settings. Unless you choose to block cookies, some of our Sites may issue cookies when you visit them or click on an e-mail link that we send to you, even if you have previously deleted our cookies. Deleting or blocking cookies may impact your experience while interacting with the Site(s), and some features may not work without cookies.
Children’s Privacy
Our Sites are not designed for, and we do not knowingly collect personally identifiable information from, users under the age of 13 (or in some jurisdictions, under the age of 16). If you are a parent or guardian and you are aware that your child has provided us with personal information via our Site(s), please contact us via email at: [email protected]. If we become aware that we have collected personal information from anyone under the age of 13 (or in some jurisdictions, 16) without verification of parental consent, we will take steps to remove it from our systems.
We may also limit how we collect, use, and store some of the personal information of users between 13 and 18 years of age. In some cases, this means we will be unable to provide certain functionality of the Service to these users.
If we need to rely on consent as a legal basis for processing your personal information and your jurisdiction requires consent from a parent, we will require your parent’s consent before we collect and use that information.
Changes to this Notice
We may update this notice from time to time. When we do so, we will update the “Last updated” date at the top of this notice. In addition, when there are material changes to this notice, we will post a notice on our Site advising you of the update. We encourage you to review this notice periodically for any changes. Changes to this notice are effective when they are posted on this page. Your continued use of the Site after the posting of any amended notice constitutes your agreement to be bound by any changes.
Third Party Websites
Our Sites may contain links to other third-party websites, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policies posted on any website that you may access through our Sites.
Contact Us
We value your input and feedback. If you have any questions, comments or concerns about this notice or our personal information handling practices, you can contact us:
By E-mail at: |
|
By Post at: |
Attn: Privacy Officer |
By Phone at: |
+1-844-MY TABLO (+1-844-698-2254) |
California Resident Information And Rights
If you are a resident of California, the following information and rights may apply to you. In this section of this notice, we may also refer to California Residents as “Consumers.”
Excluded Information
Certain information is not subject to this California Resident Information and Rights section. The excluded information primarily includes:
- Consumer information that is lawfully made available from federal, state, or local government records or information that we have a reasonable basis to believe is lawfully made available to the general public from widely distributed media or by you; or information made available by a person to whom you have disclosed the information if you have not restricted the information to a specific audience;
- Consumer information that is de-identified or aggregated; We do not seek to re-identify information that has previously been de-identified;
- Certain healthcare information, including information covered by the Health Insurance Portability and Accountability Act of 1996 or the California Confidentiality of Medical Information Act;
- Personal information covered by certain privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994;
- Personal information that is processed for scientific research purposes, including clinical trials, provided that the information is processed subject to applicable ethics, confidentiality, privacy and security requirements;
- Any information that we process on behalf of another company, including healthcare information, in which case that company’s privacy statement, policy, and/or notice will control; and
- Any other information that is excluded by applicable California laws.
Categories of Personal Information We Collect and Disclose
We summarize below the categories of personal information that we disclose to others. The categories below are the same as those further described above in the Information We Collect about You section.
Category of Personal Information Collected |
Categories of Third Parties to Whom we have Disclosed Personal Information for a Business Purpose |
Identifiers |
Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice). |
Customer Information |
Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers). |
Commercial Information |
Service Providers such as IT providers, SaaS providers, banking providers who process payments or reimbursements, and other providers who help us operate our business, including our Sites and Services; Consultants such as business process consultants; Business Partners such as travel booking partners and customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice). |
Professional or Employment Information |
Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants
|
Audio, electronic, visual, thermal, olfactory, or similar sensory information |
Service Providers such as IT SaaS providers and Service Providers who help us operate our business such as CCTV providers, photographers and videographers Business Partners such as customers and potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers) |
Protected Classification Characteristics |
Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants Business Partners such travel booking partners |
Internet and Other Electronic Activity Information |
Service Providers such as IT SaaS providers, Service Providers who help us operate our business, and Consultants such as business process consultants or IT consultants Business Partners such as benefits providers and travel booking partners Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice). |
Biometric Information |
Service Providers such as CCTV system providers or IT service providers who manage certain access controls systems located in certain facilities |
Inferences, preferences, and other information |
Service Providers such as IT SaaS providers, Service Providers who help us operate our business such as skills, aptitude or other assessment providers, and Consultants such as business process consultants; Business Partners such as travel booking partners, customers or potential customers (for example, in the case of healthcare practitioners who engage with customers or potential customers); Advertising partners (please see the Personal Information we Sold to or Shared with Third Parties in the Preceding 12 Months section of this notice). |
We may also disclose the above categories of personal information (a) to our affiliates, (b) to comply with federal, state, or local laws; (c) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (d) to cooperate with law enforcement agencies concerning conduct or activity that we believe may violate federal, state, or local law, (e) when we sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction), or (f) to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Personal Information We Sold to or Shared with Third Parties in the Preceding 12 Months
In the 12 months prior to the date of this Policy, we sold personal information to or shared personal information with third party digital advertising networks by allowing such third parties to place cookies or other trackers on our Sites. The data they collected may be used to provide you with personalized content and present you with third party products or services in which you may be interested. For more information about the use of cookies and trackers, see our Cookie Policy.
Individual Rights of California Residents
As a California Resident you have certain rights in relation to your personal information.
Your Right to Request Disclosure of Information We Collect and Share About You. We are committed to ensuring that you know what personal information we collect. To that end, you can ask us for any or all of following types of information regarding the personal information we have collected about you on or after January 1, 2022:
- Specific pieces of personal information we have collected about you;
- Categories of personal information we have collected about you;
- Categories of sources from which such personal information was collected;
- Categories of personal information that the business sold, shared, or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling your personal information.
Your Right to Correct Inaccurate Personal Information. Upon your request, we will correct personal information we have about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
Your Right to Request Deletion of Personal Information We Have Collected About You. Upon your request, we will delete the personal information we have collected about you, subject to certain legal exceptions.
Your Right to Ask Us Not to Sell or Share Personal Information We Have Collected About You.
Our Sale or Sharing of Personal Information
From time to time we may sell personal information by allowing third parties that facilitate digital advertising to place cookies and other trackers that collect information about your browsing and interactions with other websites and to use that information to deliver information to you about products and services in which you may be interested. We may also share personal information in certain instances where we disclose it for purposes of engaging in cross-context advertising.
We do not knowingly sell the personal information of minors under the age of 16.
Opting Out of the Sale of Personal Information
You can direct us not to sell your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Opting Out of the Sharing of Personal Information. You can direct us not to share your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Global Privacy Control
We also recognize opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. Due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).
Exercising Your Rights and How We Will Respond
To exercise any of the rights above, or to ask a question, contact us at 844-MY TABLO (844-698-2256), complete and submit our Data Request Form or use the contact details set out in this Policy.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
For requests to stop the sale or sharing of your personal information, we will comply no later than 15 business days after receipt of your request.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Honoring Your Rights
If you exercise any of the rights explained in this policy, we will continue to treat you fairly. We do not, however, provide products and services directly to consumers. We primarily provide products and services to healthcare entities and providers as a business associate under HIPAA, which is exempt from the coverage of the CCPA.
Identity Verification
We are required to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. Where possible, we will attempt to verify your identity by asking you to confirm information that we have on file about your or your interactions with us. Where we must ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer. You do not need to create an account with us to exercise your rights. If you fail to verify your identity, we cannot fulfill your request.
Authorized Agents
You can designate an “authorized agent” to submit verifiable consumer requests on their behalf. You can also make a Consumer request on behalf of your minor child, if applicable. It is our practice to:
- Verify your identity and your agent’s identity;
- Require your agent to provide a written authorization demonstrating that they have been duly authorized by you;
- Confirm with you that your agent’s authorization is valid.
If we are not able to complete these steps, we cannot fulfill the request.
Requests for Household Information
There may be some types of personal information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household personal information must be made by each member of the household. We will verify the identity of each member of the household using the verification criteria explained above and will also verify that each household member is currently a member of the household.
Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of personal information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. However, we have not disclosed your personal information third parties for direct marketing purposes in the preceding calendar year.
Your Right to Ask Us Not to Sell Personal Information We Have Collected About You.
Our Sale of Personal Information
Under the CCPA’s broad definition of the term, from time to time we may sell personal information by allowing third parties that facilitate digital advertising to place cookies and other trackers that collect information about your browsing and interactions with other websites and to use that information to deliver information to you about products and services in which you may be interested.
We do not knowingly sell the personal information of minors under the age of 16.
Opting Out of the Sale of Personal Information
You can direct us not to sell your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Opting Out of the Sharing of Personal Information. You can direct us not to share your personal information by submitting an opt-out request through our Data Request Form, or by contacting us at 844-MY TABLO (844-698-2256). We will act on your request within the timeframes set forth below.
Global Privacy Control
We also recognize opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. Due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).
Exercising Your Rights and How We Will Respond
To exercise any of the rights above, or to ask a question, contact us at 844-MY TABLO (844-698-2256), complete and submit our Data Request Form or use the contact details set out in this Policy.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
For requests to stop the sale or sharing of your personal information, we will comply no later than 15 business days after receipt of your request.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Honoring Your Rights
If you exercise any of the rights explained in this policy, we will continue to treat you fairly. We do not, however, provide products and services directly to consumers. We primarily provide products and services to healthcare entities and providers as a business associate under HIPAA, which is exempt from the coverage of the CCPA.
Identity Verification
We are required to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. Where possible, we will attempt to verify your identify by asking you to confirm information that we have on file about your or your interactions with us. Where we must ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer. You do not need to create an account with us to exercise your rights. If you fail to verify your identity, we cannot fulfill your request.
Authorized Agents
You can designate an “authorized agent” to submit verifiable consumer requests on their behalf. You can also make a Consumer request on behalf of your minor child, if applicable. It is our practice to:
- Verify your identity and your agent’s identity;
- Require your agent to provide a written authorization demonstrating that they have been duly authorized by you;
- Confirm with you that your agent’s authorization is valid.
If we are not able to complete these steps, we cannot fulfill the request.
Requests for Household Information
There may be some types of personal information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household personal information must be made by each member of the household. We will verify the identity of each member of the household using the verification criteria explained above and will also verify that each household member is currently a member of the household.
Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of personal information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. However, we have not disclosed your personal information third parties for direct marketing purposes in the preceding calendar year.