EU-US Privacy Shield Notice and Swiss-US Safe Harbor
Invuity in the United States may receive Personal Data from individuals in the European Economic Area and/or Switzerland. Invuity, and its affiliates adhere to the United States-European Union Privacy Shield Principles, with respect to the collection, use, and retention of Personal Data from the European Economic Area. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, with respect to the processing of Personal Data from the European Economic Area, the Privacy Shield Principles shall govern. For more information about the Privacy Shield Framework, and to view Invuity’s certification, go to https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, Invuity is committed to resolving complaints about our collection or use of your Personal Data. European Union individuals with inquiries or complaints regarding our compliance with the Privacy Shield Principles should first contact Invuity as discussed below in the “How to Contact Us” section. Additionally, the International Centre for Dispute Resolution (“ICDR”) acts as Invuity’s third-party dispute resolution provider, as required by the Privacy Shield Framework. If you have a complaint concerning Invuity’s Privacy Shield compliance, you may either contact Invuity directly as set forth below, or contact ICDR at https://www.adr.org. In certain circumstances, it may be possible for you to invoke binding arbitration. Invuity is subject to the investigatory and enforcement powers of the United Stated Federal Trade Commission, with respect to its adherence to the Privacy Shield Principles.
Invuity has further committed to cooperate with European Union data protection authorities (DPAs) with respect to any unresolved Privacy Shield complaints concerning your Personal Data, in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the European Union DPAs for more information or to file a complaint. The services of the European Union DPAs are provided at no cost to you.
In addition, Invuity in the United States may receive Personal Data from Switzerland. Invuity adheres to the Swiss-United States Safe Harbor, with respect to the collection, use, and retention of Personal Data from Switzerland. For more information about the Swiss-United States Safe Harbor and Invuity’s certification, please visit http://2016.export.gov/safeharbor/swiss. The International Centre for Dispute Resolution (“ICDR”) also acts as Invuity’s third-party dispute resolution provider for the Swiss Safe Harbor. If you have a complaint concerning Invuity’s Swiss Safe Harbor compliance, you may either contact Invuity directly as set forth below, or contact ICDR at https://www.adr.org.
As discussed below in the “When and Why Personal Data is Disclosed by Invuity” section, we may share your Personal Data with our service providers who are bound by law and/or contract to protect your Personal Data and may only use your Personal Data in accordance with our instructions. Under certain circumstances, Invuity may remain liable for the acts of these third parties, if they subsequently process the data in a manner that is inconsistent with the Privacy Shield Principles.
Also as discussed below in the “When and Why Personal Data is Disclosed by Invuity” section, we may disclose your Personal Data when requested under legal process or as otherwise required by law, such as in response to a subpoena, including to meet national security and/or law enforcement requirements in the United States and other countries where we operate.
Invuity provides you with the opportunity to contact us about questions you may have about our products and/or procedures. As part of that process, Invuity collects personally identifying information, such as customer names, street or e-mail addresses, phone numbers, or any other information which, when used by itself or with other data, might identify a customer or visitor to our web site individually. To protect your safety, you should not provide Invuity with any personal information that is not specifically requested, such as your personal medical history. We will use the information you provide to respond to any direct question you ask, and we may also use this information to offer you the opportunity to receive notices regarding Invuity products or services and to further personalize your experience on our site. Personal identifying information is used only for our legitimate business interests, including complying with applicable laws and regulations. We may share your personal information with our affiliates, business partners, and other limited and carefully screened third parties. We may also provide aggregate statistics about our customers, sales, online traffic patterns and related information to reputable third parties, but these statistics will not include any personally identifying or medical information.
The following is personally identifiable information that you may voluntarily provide to us and how we use it:
- Surveys. Information obtained from you on web surveys, such as contact information (name and shipping address), demographic information (zip code, age level) and medical condition. We may use this personally identifiable information to provide you with information and services for which you have expressed an interest or that you may find useful based on your answers in a survey. Additionally, we may refer to your personally identifiable information to better understand your needs and how we can improve our website.
- Newsletters. Information obtained from you from your request to subscribe to a newsletter, such as contact information (name and e-mail address). We may use this personally identifiable information to deliver the newsletters that you have elected to receive.
- Registration. Information obtained from you on registration forms used to process your requests for services and information, such as contact information (name, address, e-mail address), password, username or code, age, date of birth, gender, ethnicity and medical condition. This registration information may also be gathered if you register for certain services via fax or mail. We may use this information to send you a welcoming e-mail to verify your username and password, website updates, special offers, newsletters, notices regarding relevant medical conditions and treatment, or other information responsive to the data that you provide to us. Additionally, we may refer to your personally identifiable information to better understand your needs and how we can improve our website.
- E-mail Content to a Friend. Information obtained from you regarding friend or family name and e-mail address, if you elect to use our referral service for sending some of our website content to friends and family. We may use this personally identifiable information to automatically send the friend or family member an e-mail inviting them to visit the website. We will store this information to send you a welcoming e-mail to verify your username and password, website updates, special offers, newsletters, notices regarding relevant medical conditions and treatment, or other information responsive to the data that you provide to us. An opt-out will be made available to them.
Social Media Plugins
This website uses social medial plugins (e.g., the Facebook “Like” button, “Share to Twitter” button) to enable you to easily share information with others. When you visit our website, the operator of the social plugin can place a cookie on your computer, enabling that operator to recognize individuals who have previously visited our site. If you are logged into the social media website (e.g., Facebook, Twitter) while browsing on our website, the social plugins allow that social media websites to share data about your activities on our website with other users of their social media website. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allows you to see your friends’ Facebook activity on our website. Invuity does not control any of the content from the social media plugins. For more information about social plugins from other social media websites you should refer to those sites’ privacy and data sharing statements.
Third-Party Web Beacons
This website and emails we send to you may contain transparent GIF files (also known as “web beacons,” “action tags,” or “pixel tags”) to help manage online advertising. These GIF files are used by us and our ad management partners to recognize when a visitor views a web page or opens an email. This information enables us to learn which emails and advertisements bring users to our website.
If you have provided us with personally identifiable information, e.g., through a registration or a request for certain materials, we may associate this personally identifiable information with information gathered through these tracking technologies. This allows us to offer increased personalization and functionality.
By giving Invuity your personal identifying information, you grant Invuity, and its affiliates and subsidiaries the right to use this information for reasonable business purposes and in manner consistent with the policies of Invuity and applicable state and federal laws. Information provided to Invuity by you is not subject to the privacy rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) but may be subject to the requirements of privacy laws or regulations adopted by your state of residence. We do not sell, rent or disclose your personal identifying information or medical information to any third party, except as described in this Privacy and Security Policy. We may contract with reputable vendors to assist us in processing information or delivering the items that our customers order. These vendors are restricted from using or selling the information for any purpose, other than helping us to provide the products and services. Finally, if disclosure of any information is required by law or by an appropriate government authority, we will comply accordingly.
We understand the need to protect children’s privacy online (we define “children” as minors younger than 13). We do not knowingly collect or use any personal information from children. We do not knowingly allow children to register with us, order our products, communicate with us, or to use any of our online services.
Links to Third Party Sites
Invuity and its third party providers may employ procedural and technological security measures, consistent with industry practice. Such measures are reasonably designed to protect your personally identifiable information from loss, unauthorized access, disclosure, alteration or destruction. Invuity may use encryption, password protection, secure socket layers, internal restrictions and other security measures to help prevent unauthorized access to your personally identifiable information. However, you provide your information to us at your own risk. We cannot guarantee that your data will not be lost, accessed without authorization, disclosed, altered, or destroyed.
If you have applied for employment with Invuity, the Personal Data submitted with your job application will be used to process and consider your job application. Invuity will not sell the data on your application to unaffiliated third-parties for their marketing purposes. We may share the data on your applications with recruiters, consultants, attorneys, background services and our affiliates. The data on your application may also be used for certain regulatory, compliance and legal purposes, consistent with this Privacy Statement.
To the extent the Personal Data you provide contains details of your: racial or ethnic origin; political opinions or beliefs; religious beliefs; membership in a trade union or political party; physical or mental health condition; sexual life; commission (or alleged commission) of an offence or related proceedings; job evaluations or educational records, you expressly authorize Invuity to handle such details for the purposes of your job application and for the other purposes described herein.
By submitting data to us online, you are sending it to the United States, where it will be subject to the protections afforded under US laws that may be different from the laws in your country and which your country may consider not to provide adequate privacy protections. If you do not agree that your submission of your application data will be governed solely by United States law, Invuity will not accept your application.
California Privacy Rights
California Civil Code Section 1798.83 permits California residents who are individual customers of Invuity products to request certain information regarding its disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request please contact us using our contact information listed below in the “How to Contact Us” section.
Be sure to include your name and address. You can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.
Social Security Number Protection Policy
Invuity collects Social Security numbers in the ordinary course of its business. Invuity has implemented reasonable technical, physical and administrative safeguards to help protect the Social Security numbers from unlawful use and unauthorized disclosure. All Invuity workers are required to follow these established procedures, both online and offline. In particular:
Access to Social Security numbers is limited to those workers and service providers who have a need to access the data to perform tasks for Invuity. Social Security numbers are only disclosed to third parties in accordance with Invuity’s established Privacy Statement.
We will only disclose Social Security numbers: (i) with those service providers, auditors, advisors, and/or successors in interest who are legally or contractually obligated to protect them, or (ii) as required or permitted by law.
You may, at any time, remove your personal identifying information from our current customer database. If you have submitted personal identifying information to Invuity, and you wish to have it removed from our records, please e-mail us at firstname.lastname@example.org
By using this web site, you agree not to disrupt or intercept our electronic information posted on this web site or on any of our servers. You also agree not to attempt to circumvent any security features of our web site, and to abide by all applicable, local, state, federal and international laws.
IMPORTANT SAFETY INFORMATION
©2017 Invuity, Inc. All rights reserved. Product names are trademarks or registered trademarks of their respective holders.