Business Contact Privacy Policy

Recor Medical Business Contact Privacy Policy

Effective: April 2024

INTRODUCTION

This Business Contact Website Privacy Policy (the “Policy”) provides such notice to the business contacts of Recor Medical Inc. (“Recor,” “we,” “us,” “our”), including members of our boards, our vendors, third parties with whom we interact, healthcare professionals (“HCPs”), and all other contacts with whom we interact in a business-related capacity (individually, “Business Contact” and collectively, “Business Contacts”). Business Contact(s) are also referred to in this Policy as “you” or “your”.

 

Please note that this Policy only addresses Recor’s Collection, use, and disclosure of Business Contact Personal Information and does not apply to individuals who do not interact with Recor in a Business Contact capacity. For details about our privacy practices pertaining to non-Business Contact Personal Information, please visit www.recormedical.com.

 

For our privacy policy concerning information we collect from job applicants (whether they apply through this Site or otherwise), contract workers, and former employees, see our Applicant, Contract Worker, and Former Employee Privacy Policy.

 

If you are from outside the United States, please note that the United States has data protection laws that may not be consistent with those of your country and other countries and that information collected about you will be processed in accordance with United States law.

 

As used in this Policy, initial capped terms have the meaning given to them in this Policy, including those found in the Definitions section at the end of this Policy.

 

CHANGES TO THIS POLICY

This Policy can be found on www.recormedical.com (the “Site”), and the date of last revision of this Policy, will appear there.  When we make material changes to this Policy, we will notify you by posting an updated Policy on www.recormedical.com and listing the effective date of such updates. This Policy creates no additional privacy rights or expectation of privacy except for those provided by law.  Data privacy, monitoring, and processing requirements may vary from jurisdiction to jurisdiction in the United States and our practices may vary in accordance therewith.

 

COLLECTION AND PROCESSING OF PERSONAL INFORMATION

We, and our Service Providers, may have Collected and Processed the following categories of Business Contact Personal Information in the past 12 months.  Additionally, we may have disclosed to our Service Providers and Third Parties the following categories of Business Contact Personal Information in the past 12 months.

 

CATEGORIES OF PERSONAL INFORMATIONEXAMPLES
IdentifiersName, alias, postal address, online identifiers, unique personal identifier, email address, account name, or other similar identifiers
Contact and Financial InformationPhone and fax number, address, email address, or financial information
Characteristics of Protected Classifications under State or Federal lawAge, race, gender, color, national origin, ancestry, physical or mental condition, marital status, religion, and sexual orientation
Commercial InformationTransaction information and purchase history
Internet or Other Electronic Network Activity InformationBrowsing history and interactions with websites or advertisements (if for any reason you are provided a Company computer or access to the Company’s system)
Geolocation DataDevice location (if for any reason you are provided a Company computer or access to the Company’s system)
Audio, electronic, visual and similar informationCall and video recordings
Professional or employment-related informationTitle and employer, work history, prior employer
Education Information or Other Academic InformationDegrees obtained, schools attended
HandwritingWritten, including electronic signatures
Sensitive Personal InformationSocial security number, account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account; and racial or ethnic origin, religious or philosophical beliefs, or union membership

We retain each of the categories of Business Contact Personal Information set forth in this Policy for the duration of the longer of (i) your or your company’s relationship with us, as applicable, and (ii) the period in which we expect we may continue to have a business relationship with you in another capacity and/or with another business vendor, or (iii) as may be required by applicable laws or necessary for our legitimate business purposes, including without limitation for purposes of the notice provisions in our contracts.

 

SALE OR SHARING OF PERSONAL INFORMATION

We do not Sell or Share your Personal Information and have not done so in the past 12 months.  We do not Sell or Share Personal Information of California individuals under 16 years of age and have not done so in the past 12 months.

 

PURPOSES FOR COLLECTING, PROCESSING AND DISCLOSING PERSONAL INFORMATION

We, and our Service Providers, Collect, Process and disclose Business Contact Personal Information described in this Policy to:

  • To communicate with you, including to communicate information about our products and services; to respond to your requests for information about our products and services, to communicate with you as appropriate given the nature of our business relationship.
  • For marketing and advertising, including to communicate other information that we think may be of interest to you through our websites and via e-mail, call centers, postal mail, and other channels, including promotional communications about our products and services.
  • To provide you products or services, including to provide you with a service or take an action that you request.
  • To obtain from you a service or product, including to conduct business and marketing research and purchasing finished goods, bulk products, raw materials, packaging and other product components.
  • For analytics and research, including to better understand the market for our existing products and services, and potential new products and services, and adjust our research, development, and marketing strategies accordingly.
  • To personalize your experiences with us, including to tailor our messaging and communications to you, including messaging and communications for promotional purposes.
  • For business purposes, including to identify, engage, and communicate with service providers, scientific experts, and third parties to provide various products and services to us; to identify and engage speakers and invitees to conferences and other scientific and educational programs we host or sponsor; to determine your potential involvement in future activities with Recor and contact you in relation to these activities; to manage our relationships with you and our Service Providers and with Third Parties with whom we interact, including ensuring compliance with contractual obligations, performing auditing activities, and managing billing and invoicing; to meet our contractual obligations to you, if applicable, including payment obligations; to process contracts and other written agreements into which we may enter with you; to detect, prevent and respond to fraud, misuse of our services, intellectual property infringement; to detect security incidents and other fraudulent activity;
  • For legal and safety purposes, including to comply with laws and regulation; to monitor, investigate, and enforce compliance with and potential breaches of Recor policies and procedures and legal and regulatory requirements; to comply with and respond to civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons; to exercise or defend the legal rights of Recor and its employees, affiliates, customers, contractors, and agents; to protect our rights and property, or the rights, property, and safety of others; to comply with legal obligations; to maintain the security of our customers, employees, and property; to pursue remedies available to us and limit our damages; to process and report adverse event information and product complaints; and to notify you of product recalls or safety issues.

Note that Recor may combine Business Contact Personal Information with any other data we collect to accomplish this or any of the other purposes indicated in this Policy, where permitted by law.

 

SOURCES FROM WHICH WE COLLECT PERSONAL INFORMATION

We Collect Business Contact Personal Information from the following categories of sources as further explained below:

  • Directly from you. For example, directly from your business cards, from your emails to us, from the contracts you or your employer propose to or do enter with us, and from scans of your badge at conferences.
  • Indirectly from you. For example, from your LinkedIn page.
  • Service Providers and other third parties. For example, from your employer; public databases; providers of demographic data; publications; professional organizations; educational institutions; government entities; social media platforms; and Service Providers, such as PR agencies, accounts payable software (which you provide your information to, or for compliance purposes, and Service Providers or Third Parties when they disclose information to us.

CATEGORIES OF ENTITIES TO WHOM WE DISCLOSE BUSINESS CONTACT PERSONAL INFORMATION

  • Affiliates & Service Providers. We may disclose Business Contact Personal Information to our affiliates and Service Providers for the purposes described in this Policy. Our Service Providers provide us with website services, web hosting, data analysis, customer service, infrastructure services, technology services, communication services, including email and postal mail delivery services, payment and fulfillment services, compliance services, legal services, advertising and marketing services, research and analytic services, fraud and security services, and other business support services. We grant our Service Providers access to Business Contact Personal Information only to the extent needed for them to perform their functions and require them to protect the confidentiality and security of such information.
  • Third Parties. For each category of Personal Information identified in this Policy, we disclose such Personal Information to the following categories of Third Parties:
    • At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction.
    • Other Businesses. We may disclose your Personal Information to other business to the extent such businesses may be interested in using your or your employer’s services or acquiring you or your employer’s products. This would include our subsidiaries and affiliates and other Third Parties.
    • Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
    • Legal and Regulatory. We may disclose your Personal Information to law enforcement, government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.

COLLECTION AND PROCESSING OF SENSITIVE PERSONAL INFORMATION

We, and our Service Providers, Collect and Process the Sensitive Personal Information described in this Policy only for the below purposes that are authorized by the CCPA and its implementing regulations:

  • Performing the services or providing the goods reasonably expected by an average individual who requests those goods or services;
  • Ensuring security and integrity to the extent the use of the Business Contact’s Personal Information is reasonably necessary and proportionate for these purposes;
  • Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
  • Resisting malicious, deceptive, fraudulent, or illegal actions directed at the Company and prosecuting those responsible for those actions;
  • Ensuring the physical safety of natural persons;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of an individual’s current interaction with us; provided that we will not disclose a Business Contact’s Sensitive Personal Information to a Third Party and/or build a profile about the Business Contact or otherwise alter the Business Contact’s experience outside the current interaction with the business;
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying Business Contact information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured by, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us; and
  • Collecting or processing Sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about a Business Contact.

YOUR RIGHTS

Depending on where you live, you may have certain rights regarding your Personal Information, subject to certain exceptions.  These may include (and if you are a California resident include), again subject to certain exceptions:

  • Right to Know: You may request that we provide you with the following information:
    • The categories of Personal Information we Collected about you;
    • The categories of sources from which we Collected such Personal Information;
    • The business or commercial purpose for Collecting, Selling, or Sharing Personal Information about you;
    • The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared;
    • The categories of Third Parties with whom we disclosed such Personal Information; and
    • The specific pieces of Personal Information we have Collected about you, in a format that is easily understandable and commonly used.
  • Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you.
  • Right to Restriction: You may have the right to restrict the use of your Personal Information in certain circumstances, subject to applicable law.
  • Right to Objection: You may have the right to object to certain collection, use, and disclosure of your Personal Information.
  • Right to Deletion: You may request that we delete any Personal Information about you that we Collected from you.

EXERCISING YOUR RIGHTS

If you would like to exercise your right, please contact us by completing this webform, by email at DPO@RecorMedical.com, or by calling (844)-441-9869. You may also designate an agent to submit a request on your behalf, and the authorized agent may do so via the above-listed submission methods.

 

To submit a request, we require that you explain your relationship with us, specify your request type, and provide your name, email address, country, home address, the details of your request, and your date of birth. We use this information to identify responsive records and in certain cases to verify your identity. To the extent we verify your identity, we may use a Service Provider who may ask additional questions to verify your identity, including the last four digits of your social security number, and questions about physical addresses or locations that you have been associated with.  Your request should include sufficient detail that allows us to properly understand, evaluate, and respond to it. Please note that we may require additional information from you to verify your identity and process your request.

 

If you authorize an agent to make a request on your behalf, you must provide the agent written permission to do so and the agent must verify their own identity directly with us, in addition to the steps we would take if we processed your request directly. If the agent does not submit proof that they have been authorized by you to act on your behalf, we may deny the request.

 

In some instances, we may decline to honor your request if an exception applies under the CCPA, including if deleting the information may impact our ability to provide you employment, infringe on someone else’s privacy rights, or impede our legal obligations. We will respond to your request consistent with applicable law.

 

We will not discriminate against you by taking adverse action against you if you choose to exercise your privacy rights. 

 

CONTACT US

If you have any questions or concerns regarding this Policy, please contact us by email at DPO@RecorMedical.com or by phone at (844)-441-9869.

 

DEFINITIONS

  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal Information includes Sensitive Personal Information but does not include protected health information covered by the Health Insurance Portability and Accountability Act (“HIPAA”), nonpublic personal information under the Gramm-Leach-Bliley Act (“GLBA”), Publicly Available Information, or any other information which is exempt from the California Consumer Privacy Act (“CCPA”).
  • Publicly Available Information: Information that is lawfully made available from federal, state, or local government records, or information that the Company has a reasonable basis to believe is lawfully made available to the general public by the individual or from widely distributed media, or information made available by a person to whom the individual has disclosed the information if the individual has not restricted the information to a specific audience. “Publicly Available Information” does not mean biometric information collected by a business about an individual without the individual’s knowledge.
  • Sensitive Personal Information: Includes Personal Information that reveals, among other things, social security number, driver’s license number, state identification card number, passport number, racial or ethnic origin, union membership, or the contents of an individual’s mail, email, and text messages, unless the Company is the intended recipient of the communication. Sensitive Personal Information also includes information concerning the individual’s health or sexual orientation.
  • Sale and Share: a “Sale” (and its conjugates, such as “Sell”) is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “Share” (and its conjugates, such as “Shared”) is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
  • Collect: “Collects” (and its conjugates, such as “Collected”) means buying, renting, gathering, obtaining, receiving, or accessing any Personal Information pertaining to a Business Contact by any means.
  • Process: “Process” (and its conjugates such as “Processing”) means any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means.
  • Service Provider: a person that processes Personal Information on behalf of the Company and that receives from or on behalf of the Company an individual’s Personal Information for a business purpose pursuant to a written contract, provided that the contract contains the provisions required by California law.
  • Third Party: A person who is not any of the following: (i) the business with whom the individual intentionally interacts and that collects Personal Information from the individual as part of the individual’s current interaction with the business; (ii) a Service Provider to the Company; or (iii) a contractor as such term is defined under California law.