NeuroPace Privacy Statement
Effective Date: January 1, 2020
This Statement explains how NeuroPace, Inc. (“NeuroPace”, “we” or “us”) collects, uses, and discloses Personal Information on our website, in our products, and through any other channels (“Services”) and what we do to keep it safe.
We may update this Statement from time to time, and by using the website, you are agreeing to the most recent version of it. Additional privacy conditions may apply based on the options you choose on our website, for example, if you use our electronic patient diary or decide to participate in our patient ambassador program.
Some features of the website are only for use by medical professionals who can prescribe or use NeuroPace’s products, and we therefore limit access to those features to individuals who meet certain requirements, for example, those for whom we have approved a registration form. This Statement covers all users of our website.
INFORMATION WE COLLECT
We may collect both non-personal and personal information about you.
Personal Information is any information that identifies you or makes you identifiable. We may collect or process the following types of Personal Information:
- Information you provide to us, for example: name, contact information (such as telephone number, email address, physical address), date of birth, other demographic information such as your age, education, gender, interests, where you are located (or where the device you are using to access the website is located based on its Internet Protocol (IP) address); health information, such as about your health status or medical condition, health care provided to you (including dates of surgery or doctor’s appointments), or payment for health care, and any self-reported information contained in a journal, diary, log, feedback form, or open field. For healthcare providers in the United States, we collect a National Provider Identifier (NPI #) or a state license number and your contact information.
Some features of our website invite you to send us information about yourself (for example, a patient testimonial) or to have us send you particular information (for example, about our educational offerings), or to participate in an activity (such as a survey or a contest). We may offer to send you educational material about our products and therapies after you fill out a form or you enter certain information or answer certain questions. We also may offer you ways to customize your website experience by providing us with Personal Information.
- Information collected through our medical device products, including the medical device serial number, raw data, and reports.
- Usage information automatically collected. When you use visit our website, we automatically collect information about which pages or tools you use and how you use them, including:
- We collect information about your interactions with the website, such as the pages or other content you view, and other actions you perform.
- If you have an account, we automatically collect information when you’re logged in. This might include your IP address, access times, hardware and software information, device information, device event information (e.g. crashes, unsuccessful logins, browser type), the web page you’ve viewed or engaged with before or after using our service, and other relevant information. We collect and monitor this data in order to keep track of the security and privacy of your account.
- We may use various tracking technologies to collect and store information about your use of our website and products. We use these tools to ensure that you receive a personalized experience, to provide you with certain functions, to keep your account safe, and to improve and optimize our offerings. See the section below titled, “Cookies And Similar Technologies” for more information.
- Information from medical professionals or third parties. From time to time, NeuroPace may collect medical information about you from your physician’s medical record or physician’s office. We may also allow you to connect or transfer your information to or from a third-party application or service.
We may collect your Personal Information through various channels, including:
- by virtue of your choice to have and use our products,
- through personal contact with our employees, for example, at an epilepsy event,
- over the telephone,
- via our website,
- through correspondence (email or regular mail),
- through third parties who have your permission to disclose your information to us (such as when you leave a message with our telephone answering service), and
- if you are a medical professional, registering for access to those parts of our website intended exclusively for you.
De-Identified and non-personal information does not identify you, so we use and share that information freely without restriction, for example, to make the website more useful to visitors and for other business purposes, such as to create reports for internal use, provide (including by selling) aggregated information to third parties about how people use our website.
We may combine Personal Information with non-personal information. In such instances, we consider the combined information to be Personal Information.
PERSONAL INFORMATION USE
We may use your Personal Information for any or all of the following reasons:
- to answer your questions,
- to provide you with information about our programs for patients, clinical trials, and research,
- to send you information you ask for about products, programs, resources, events, or services of NeuroPace, or those of others, that we think might be of interest to you,
- to send you product updates,
- to conduct market research or analysis or for our other marketing efforts and campaigns,
- to send you a NeuroPace newsletter,
- to send you marketing communications and for other marketing activities,
- to improve our website or to customize content for you, based on your preferences or apparent interests,
- in responding to subpoenas or other requests by a court or regulatory body for information,
- to safeguard your interests, such as to notify you in the event of a breach of privacy or other security incident, as may be appropriate,
- to protect our interests, such as our rights and property in case of fraud, unauthorized uses of the product, or other legal injury or harm,
- to manage and administer our business, including in providing and supporting our products or services with third party contractors or service providers who are obligated to maintain confidentiality, such as a telephone answering service or a business and travel expense management service,
- in connection with a proposed or actual financing, sale, securitization, assignment, or other disposition of our business or assets (including accounts) for the purposes of evaluating or undertaking the proposed transaction including satisfying any auditing or reporting requirements with respect to the transaction
- other business and legal purposes including complying with statutes, regulations, guidance, and best practices
- If you are a patient with one of our medical device products:
- to provide and support the product,
- for product registration and medical device tracking,
- reporting any adverse events,
- creating, receiving, maintaining and transmitting your data to enable use of the product and to allow your doctors to adjust and manage your therapy,
- to communicate with the epilepsy center, medical practice, hospital, doctors and other medical practitioners involved with your care and insurers who may pay for all or some of it, and
- for any other reason, with your consent.
- If you are a medical professional:
- to provide education and training for our products,
- to provide samples or demo devices and other educational aids,
- to notify you about or to invite you to webinars, symposia, conferences, congresses, and other professional meetings that NeuroPace is involved with or believes may be of interest to you.
- If you are a medical professional with a NeuroPace account, for example, for the Patient Data Management Database (PDMS) or one who provides services to NeuroPace:
- to manage and administer your account,
- to provide you with clinical and technical support for our products,
- to meet our compliance obligations, such as for reporting transfers of value under the Sunshine Act.
HOW WE PROTECT YOUR PERSONAL INFORMATION
NeuroPace takes its responsibility to protect your Personal Information seriously, and we use reasonable safeguards to avoid unauthorized use or disclosure of it, and inadvertent loss or impermissible alteration of it.
If you are a patient with a NeuroPace product, we maintain any Personal Information we have in the product in accordance with the requirements of the HIPAA Security Rule. We also maintain our customer files securely, and limit access to them to only personnel who need to use the information to carry out their job responsibilities, such as for customer service.
We may ask you to answer certain questions to verify your identity if you call us for customer service.
We may require that you establish a user name and password for access to certain areas of our website or to set up an account. It is up to you to keep your user name and password information secure. If you think your logon credentials have been comprised, let us know by contacting our privacy officer at email@example.com.
We cannot ensure or guarantee that information you provide to us via our website or via email will be 100% secure, because it is not possible for us to make the internet 100% secure. So please consider this when sending any information to us via the website or via email.
PERSONAL INFORMATION TRANSFERS
We may share your Personal Information as follows:
- We may use third parties to perform certain services on our behalf in connection with the Services such as:
- to process and store data, including your Personal Information;
- to track, analyze, and modify our Services;
- for marketing, advertising, and distribution;
- to assist us in providing you with customer support; and
- to support our IT and security efforts.
Google Analytics is one of our analytics service providers. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings. To opt out of Google Analytics entirely please use this link.
The third parties we work with do not have permission to use the information we share with them beyond what is necessary to assist us. We execute agreements with third parties to ensure they use adequate safeguards when processing your Personal Information in accordance with this Policy.
However, certain third-party service providers have their own privacy policies in respect to the information we are required to provide to them. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
- We may disclose and transfer your Personal Information to a subsequent owner, co-owner, or operator of NeuroPace or the Services, or in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets (i.e., a bankruptcy proceeding), or other corporate change. We will notify you with any choices you may have regarding your Personal Information when we are engaged in a merger, bankruptcy, or corporate reorganization.
- We may share your Personal Information if it is reasonably necessary to:
- Comply with a valid legal process (e.g., subpoenas, warrants, court orders, etc.);
- Comply with requests or investigations by public authorities;
- Comply with applicable laws or regulations;
- Enforce or apply the NeuroPace policies or policies of our business partners;
- Protect the security or integrity of the Services; or
- Protect the rights, property, or safety of NeuroPace, our employees or users, partners and affiliates, or other natural persons.
- For any other purpose, with your consent. We may share your Personal Information on your behalf or at your request. We will only do so with your specific consent. If you provide your consent to share your information, you may withdraw your consent at any time. Withdrawing your consent will not undo or reverse the lawfulness of any previous transfer, and in some cases Personal Information may not be retrieved once shared. Contact us at firstname.lastname@example.org if you would like to withdraw your consent.
COOKIES AND SIMILAR TECHNOLOGIES
You may find social media buttons on our website you can use to share information or otherwise interact with social media (such as Facebook, Twitter and LinkedIn). These features may involve the use of web beacons or clear GIFs, tiny graphics placed on a website, to track which pages were viewed and what information is collected. They can be used to measure traffic and assess behavior.
LINKS TO THIRD PARTY SITES
NeuroPace may link to a third-party website from its website. If we do this, the links are provided for information only, and NeuroPace is in no way endorsing the website or the website providers to which the links take you. We are not responsible for the content of the website or the privacy practices of those websites.
You have the right not to receive marketing materials from NeuroPace. You can ask us not to use your Personal Information for marketing purposes. You can “unsubscribe” from any email communications we send you. If you are receiving materials from us that you do not want, or you believe we are using your Personal Information without your permission, please contact our privacy officer at email@example.com.
NeuroPace’s website is not intended for use by children under the age of 18. NeuroPace does not intentionally collect Personal Information from minors. If we discover that a child has provided us with Personal Information on line, we will take steps to delete the information. If you believe we have received Personal Information from a minor, please contact our privacy officer at firstname.lastname@example.org.
NOTICE TO CALIFORNIA RESIDENTS
- Marketing. California law permits California residents to ask NeuroPace for a notice that identifies the categories of Personal Information that we share with our affiliates and/or third parties for marketing purposes and that provides contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us at the address provided under the “Concerns” section.
- Do Not Track Signals. Currently we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the website and after you leave our website.
- Privacy. This section only applies to individuals who are residents of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”).
- Personal Information Collected
Under California Laws, NeuroPace must disclose the categories of Personal Information we’ve collected in the preceding 12 months, the reason we collect your Personal Information, where we obtain the Personal Information we collect about you, and the third parties with whom we share your Personal Information. NeuroPace collects Identifiers, Personal Information under California Civil Code section 1798.80, Protected Classifications under California and Federal Law, Commercial Information, Electronic network activity information, Geolocation data, Employment-related information, and Inference data as defined and outlined in California Laws. We collect this information for the purposes outlined in the “Personal Information Use” section above. Information may be shared with third parties, such as our service providers, as described in the section titled “Personal Information Transfers” above.
- California Residents Privacy Rights
Under California Laws, California residents have the following rights (“Rights”) listed below. Your Right to Access and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our systems of networks.
- Disclosure & Access Rights: California residents have the right to request in writing from a business, (i) a list of the categories of Personal Information, such as name, address, email address, and the type of services provided, that a business has disclosed to third parties (including Independent Affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, California residents have the right to request that we disclose to them (i) the categories of Personal Information we have collected about them, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Deletion Rights: California residents have the right to have their Personal Information deleted, unless the Personal Information is necessary for the business or service provider to:
- complete a transaction for which the Personal Information was collected, provide a good or service requested by the residents or otherwise perform a contract between the business and the residents;
- detect security incidents;
- protect against malicious, deceptive, fraudulent or illegal activity (or prosecute those responsible);
- debug to identify and repair functionality errors;
- exercise or ensure the right of another to exercise free speech or another legal right;
- comply with the California Electronic Communications Privacy Act, which compels the production of or access to electronic communication information or electronic device information with a search warrant;
- engage in research in the public interest (if the individual has provided informed consent);
- to enable solely internal uses aligned with the individual’s expectations given their relationship with the business;
- comply with a legal obligation;
- otherwise use the information internally in a lawful manner compatible with the context in which the individual provided it.
- Do Not Sell: Californian residents have the right to opt-out of having their Personal Information sold. We do not sell Personal Information.
California residents can exercise their privacy rights by contacting us at email@example.com or calling us at 1.866.726.3876.
Response Time. We will address any requests to exercise the Rights described above under Applicable Laws in California. When a request is made, we may verify your identity to protect your privacy and security. We will respond to written rights requests within 45 days following receipt at the email or mailing address stated above. Please note that we are only required to respond to an individual twice per 12-month period.
REVISIONS TO THIS PRIVACY STATEMENT
NeuroPace reserves the right to change this Statement at any time. If we make a significant change to it, we will post a notice on our homepage for a reasonable period of time after the change to let you know to review the privacy statement again because the change has been implemented.
Please contact the NeuroPace Privacy Officer if you believe NeuroPace has violated this Statement or any Applicable Law: firstname.lastname@example.org.