Privacy and Cookie Policy

Effective Date: 08/06/2020

Last Reviewed: 08/06/2020

Orpheus Medical™ (herein “Orpheus Medical”, “we”, “us” or “our”) is committed to protecting and respecting your privacy and personal information. We believe in providing transparency around our privacy practices, including how we collect, use, and share personal information, and your related privacy rights. As a result, we have laid out the personal information we collect from you when you purchase our products, use our services (including interacting with our website www.orpheus-medical.com, herein “Website”), and make contact or interact with us in any other way.

This Privacy Notice describes what we do with your personal information, your choices, and rights, and how to contact us with any questions. Please read it carefully so you can make an informed decision about your use of our services and Website.

 

Scope of This Privacy Notice

This Privacy Notice applies to anyone who interacts with us in any way in relation to our products and services (for example, providing us personal information through requesting product demos, or when sending us information by email). This Privacy Notice provides details about the personal information we collect about you, how we use it as a personal information “controller” (i.e., a company that determines the purposes of and means for data collection, use, and sharing), and how we protect and safeguard your personal information. This Privacy Notice also provides information about your rights as an individual, in relation to this personal information that we collect from you. These rights may commonly be referred to as your “Consumer Rights” under the California Consumer Privacy Act (“CCPA”) or your “Data Subject Rights” under the European Union General Data Protection Regulation (“GDPR”).

We may also provide you with further legal information and/or privacy notices as necessary, depending on the way we interact with you and the services we provide to you. These may also apply to you, for example, when you consent to them or where they apply to the performance of a contractual arrangement with us.

How We Collect Personal Information

We may collect personal information about you from various sources and channels, including when you use or interact with our services. This typically includes through your contact with us by phone, physical mail, email, and through interactions with our website, including any comments form you complete and submit to us. Other interactions may include signing up at tradeshows or other marketing materials, and through your contact and interaction with us on social media, surveys, and/or product feedback communications.

In connection with our Website, we may also set cookies on your web browser or use other tracking technologies when you interact with websites, applications, or advertisements in our network. This allows us to collect certain website usage data and online identifiers. However, such data may be aggregated or anonymized, and while it is not used to identify you as an individual, it may be used for analytics, marketing, and improvement of our products and services. For more information refer to our “Cookies Notice” in section 12 below.

Categories of Personal Information We Collect

We may collect various categories of personal information from you, detailed below. We may collect, and may have collected during the previous 12 months:

    • Contact information, such as your name, address, email address, and phone numbers;

    • Marketing and contact consents and preferences, such as consent to receive marketing and/or product updates and promotions by email;

    • Comments on our Website including profile pictures with your approval;

    • Internet activity information, such as IP address and browser user agent while visiting our Website;

    • Media uploaded to our Website, such as images.

    • Financial details, such as details about your credit or payment card or payment account including details of account numbers, payment details, billing addresses, or contact information associated with an account (e.g., email address associated with a payment account);

    • Government Identifiers, such as driver’s license or tax ID number;

    • Information about how you use our products and services, such as ;

    • Professional or employment-related information, which may include, for example, employment and educational history, current employment information, qualifications and skills, reference information, compensation or compensation expectations, languages spoken, and other information contained in your resume.

Some of these personal information categories we collect may be defined as “sensitive” under differing laws and regulations and require special protections. Such sensitive personal information you provide us with will only be collected where we have a legal basis to do so, such as with your consent or to fulfil a legal obligation, and will be protected appropriately as described in the below section 9 “Protection of Personal Information”.

Data and online identifiers we collect through our Website (e.g., through cookies and other tracking technologies) may include name, email address, IP address, and information about how you interact with our Websites (such as pages visited, clicks). For more information refer to our “Cookies Notice” in section 12 below.

What We Use Personal Information for

    • Communicate with you, including by sending you updates related to transaction or shipping status, responses to questions or communications you send to us (e.g., via our Website’s online comment functionality, or as a response to communications you have with our Product Services team), and other relevant service or product-related announcements;

    • Perform our services, including order fulfillment, maintaining accounts and contracts, providing customer service, fulfilling transactions, or verifying information;

    • Manage our affiliate, distributor, and customer relationships;

    • Evaluate job applications and business proposals (e.g., agreements or requests proposed by affiliates and distributors, or prospective affiliates and distributors);

    • Audit our transactions and interactions, for purposes where we have legal grounds to do so, such as security or for regulatory compliance;

    • Detect, remediate, and, if applicable, prosecute any physical security or information security-related or criminal incidents, including protecting against any illegal activity such as fraud to ensure the security and integrity of our services;

    • Enforce our legal rights and obligations (including performance of identity verification to respond to certain requests for information), company policies, and establish, make, or defend legal claims; and

    • Act in the public interest, in line with any laws that apply.

Legal Basis for Collecting and Using Your Personal Information

We process your personal information when we have a legal basis to do so. This could include:

    • You have consented to the use of your personal information in a particular way. When you consent, you can have the right to revoke your consent, however this does not necessarily mean it is possible or that we are obligated to cancel or reverse any previous actions taken based on any consent previously provided. Details of how to exercise your legal rights are set out in section 14 below “Your Privacy Rights”;

    • We need your personal information to provide you with services and products, or to respond to your inquiries. In other words, so we can perform our contract or fulfil our obligations as part of any transaction with you or take steps at your request before entering into a contract or transaction; and/or

    • We have a legal obligation to collect and/or use your personal information, such as to comply with regulatory requirements or to comply with a court order or law enforcement request.

Taking into account applicable laws as well as your individual interests, rights, and freedoms, we may also collect or use personal information for a number of legitimate business interests. These legitimate interests may include:

    • To manage our relationship with you and any service providers who provide products or services for us. This may include to check that you have received a service, to validate payment for invoices, and to provide marketing to you;

    • For research and analysis so that we can monitor and improve our products, services and Websites based on sales trends, Website usage data, and similar;

    • To enforce or apply our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property, or safety; and

    • To exercise our rights, to defend ourselves from legal or other claims and to keep to laws and regulations that apply to us and the third parties we work with.

Sometimes we may also request that you provide us with relevant personal information for contractual or legal reasons related to our services, or to enable us to provide our products and services. If you do not provide personal information when requested, this may impact your ability to purchase our products or use our services if that information is necessary to provide you with that product or service.

Collection of Personal Information from Minors

Our Websites and our services are not designed or intended to attract children under 13 years of age, and we are committed to complying with the Children’s Online Privacy Protection Act (“COPPA”). Should we ever need to collect information about children under the age of 13, this will be done only with legal basis such as consent from the child’s parent or legal guardian. We do not collect any personal information directly from any person if we know that such a person is a child under the age of 13. By accessing our Websites, you represent that you are 13 years of age or older. If you believe we have collected Personal Information from a child under the age of 13 without consent, please contact us at info@orpheus-medical.com.

Marketing and Preferences

We or our service providers on our behalf may use your personal information to send you marketing through various channels (such as by mail, phone, social media, or email), however, we only use or share your personal information to send you marketing material if we have your permission (“consent”) or a legitimate interest as described above in the “Legal Basis for Collection and Using Your Personal Information”, section 5. If you do not want to receive direct marketing from us, depending on your jurisdiction you may have the right to opt out, withdraw your consent, or object. For example, you may opt out by contacting us at privacy@orpheus-medical.com to update your contact and marketing preferences and consents. Please also see further details on choices you have relating to cookies in the “Cookies Notice”, section 12, and details of other privacy rights you have in section 14 below, “Privacy Rights”. 

Sharing Your Information

We may disclose personal information to service providers and other third parties. Over the last twelve months we may have disclosed to such third parties any of the categories of personal information outlined in the above section 3, “Categories of Personal Information We Collect”, wherever we have legal basis for such sharing. However, we endeavor to share only the minimum relevant personal information that is required to fulfil the business purpose for sharing such personal information.

We may disclose, and over the previous twelve months may have disclosed, personal information to the following categories of third parties:

    • Service providers who perform business functions and services on our behalf. This includes service providers who support in the provision, auditing, analytics, management, security of our information technology systems and Website, our marketing and payment processing service providers and partners, and customer service-related service providers (such as those supporting with the hosting of the “Comment” feature of our Website). Specifically, for comments submitted, we provide an anonymized string created from your email address to Orpheus Medical service. For more information about how Orpheus Medical collects and processes data can be found . We also share personal information with service providers for the purposes of fraud detection and prevention.

    • To distributors or affiliates of our products and services, for example to address inquiries from an affiliate or distributor.

    • Regulatory authorities, government authorities, courts, or other third parties wherever legally required of us or if we reasonably believe that such action is necessary and can be taken legally to protect the safety, rights or property of Orpheus Medical, our employees, our customers, our service providers, any other third parties including distributors or affiliates, or the general public.

Protection of Personal Information

We use reasonable administrative, technical, and physical safeguards to protect your personal information, taking care of its integrity and availability and avoiding its damage, loss, alteration, destruction, or unauthorized use. Personal information collected about you will be handled only by authorized personnel and in compliance with applicable laws and regulations to ensure it is appropriately safeguarded and not inappropriately disclosed.

However, no safeguards can be guaranteed 100% effective in securing all personal information all the time, and across all the environments in which personal information is collected and stored. This includes both internally at Orpheus Medical, and at our service providers and other third parties. If you have reason to believe that your or others’ personal information is no longer secured appropriately, please immediately notify us at privacy@orpheus-medical.com.

How long We keep Your Personal Information for

Whenever we collect, use, or store your personal data, we’ll keep it for as long as is necessary for the purpose for which it was collected, unless there are or are anticipated to be legal, regulatory compliance, or legitimate business interests for retaining the personal information for a longer period of time (e.g., to continue to provide relevant product marketing to you, or to maintain records of sales).

For comments submitted on our Website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For created profiles, all users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Once we determine that personal information is no longer needed to be retained, it will either be deleted completely or anonymized. For example, your data can be aggregated with other data so that it can be used in a non-identifiable way for statistical and trend analysis or business planning.

Consent to Processing in the European Union, United States and Internationally

To provide our services, we deal with a range of third parties including service providers who may be physically located or have technology infrastructure located in Israel, the European Union, the United States of America or other countries around the world. We and these third parties may also rely on global information systems and technologies that transfer data and personal information to other countries. In order to provide you with our products and services (including the functionality available through our Website), and to allow us to process your personal information in line with the purposes set out in this Privacy and Cookies Notice, there may be times where the personal information you provide us with is sent to countries outside those from which you reside or from which you are providing your personal information. This includes information being sent to or from the European Union, the United States of America, and other countries.

By using and accessing our Websites and services, individuals residing or located in or outside of the European, and the United States of America agree and consent to the transfer and processing of personal information in the European Union, the United States of America and other countries. We are committed to protecting the privacy and security of your personal information whenever it is subject to such transfers. We take appropriate steps to make sure that, if we transfer your personal information to another country, appropriate legal basis and security is in place, in line with data protection laws where required. This protection may be set out under a contract with the organization who receives that personal information, or another legal mechanism may be in place that allows us to transfer the personal information.

Cookies Notice

This Cookies Notice applies when using our Website.

What is a cookie and how are they used on our Website?

A cookie is a small piece of data that a website – when visited by a user – asks your browser to store on your device to remember preferences and other information. We use industry standard cookies and other tracking technologies (such as Google Analytics) to assist you in navigation and using intended website functionality. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will be stored for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

What choices do you have regarding cookies?

Cookies set by us on our Website are called “third-party” cookies, which are cookies from a website domain other than our Websites. These are used for our website analytics and site functionality by sharing usage and device-related data with relevant third parties. Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

The first time you visit our Website and depending on your jurisdiction, you may be displayed a banner providing you with information about the use of cookies on our Website, and options for how to opt in or opt out of certain cookies when you visit. This opting in or opting out can be done using our cookie consent center, which is accessed through the cookie banner you are presented. For example, you can exercise an opting in or out of certain categories of non-essential cookies (e.g., “Marketing Cookies” as described below), by turning the toggle on or off for these in the cookie consent center. You may also opt out of third-party use of cookies and device identifiers in some instances with the relevant third-party directly (see links to our third-party marketing service provider websites below). Alternatively, you may be able to opt out of a third-party service provider’s use of cookies by visiting the Network Advertising Initiative opt-out-page or control the use of device identifiers by using your specific device and/or web browser’s settings to block or clear certain cookies, however note that if you block certain cookies some parts of our Website may not work correctly.

Google Analytics

In addition to the cookies detailed below, we use Google Analytics to better understand your use of our Website and Services. Google Analytics collects information such as how often users visit our Website, what pages are visited, and what other sites may have been used prior to visiting. Google uses the data collected to track and examine websites usage, to prepare reports on its activities and share them with other Google services, and to contextualize and personalize the ads of its own advertising network. More information about how Google Analytics collects and processes data can be found here

Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can also opt out of and manage your preferences for Google’s use of personalized advertising and related cookies by visiting Google’s Ad Settings, and Google Analytics also offers an opt-out mechanism for the web available here.

What types of cookies are on our Website and why?

We use the following types of cookies for the following purposes:

Strictly Necessary Cookies: These cookies are essential for you to browse our Website and use its intended functionality, including accessing secure areas of the Website. These cookies cannot be opted in or out of.

Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us to know which pages are the most and least popular and see how visitors move around the Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site. 

Functional Cookies: These cookies enable the website to provide enhanced functionality. They may be set by us or by third-party service providers whose services we have added to our pages (for example, allowing you to provide feedback on products).

Marketing Cookies: These cookies may be set on our Website by our advertising and marketing service providers. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. This recognition is used to serve relevant adverts, links, or other information about our products and services to users visiting other websites after having previously visited our Website or interacted with our products and services. If you consent to these cookies, you may experience targeted advertising.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Your Privacy Rights

Depending on the jurisdiction you reside in, you may have certain rights in relation to the personal information we have collected about you. These are detailed below. These rights are not absolute and do not always apply in all cases, for example residents of non-EU countries may not be entitled to certain rights which may only apply to EU residents. We will let you know in our correspondence with you whether and how we will be able to meet your request relating to your rights, and will never discriminate against or provide discriminatory treatment to any individuals exercising their privacy rights under applicable regulations. If we are not able to meet your privacy rights request, we will explain why, and provide details of any further action you may take. For example, we may explain how to appeal against a decision or contact a relevant data protection supervisory authority.

Please note in relation to your rights under the CCPA that we do not engage in Sale (as defined by the California Civil Code, section 1798.140(t)(1)) of personal information to third parties and have not sold any personal information in the previous twelve months.

    • Right of Access/Right to Know: You may have the right to make a request for details of your personal information and a copy of that personal information. Depending on your residency, this may also include rights to know:

      • The categories and specific pieces of Personal Information that we have collected about you;

      • The categories of sources from which the Personal Information is collected;

      • The business or commercial purpose for collecting or sharing your Personal Information; and

      • The categories of third parties with whom we share your Personal Information.

    • Right to Rectification: You may have the right to have inaccurate information about you corrected or removed.

    • Right to Deletion: You may have the right to have certain personal information about you deleted from our records.

    • Right to Restriction of Processing: You may have the right to ask us to use your personal information for certain restricted or specified purposes only.

    • Right to Object to Processing: You may have the right to object to us collecting, using, sharing, or storing (collectively “processing”) your personal information in certain cases.

    • Right to Portability: You may have the right to ask us to transfer your personal information to another company or individual in a computer-readable format.

    • Right to Withdraw Consent: You may have the right to withdraw any permission (or “consent”) you have given us to handle your personal information.

    • Right in relation to Automated Decision Making: You may have the right to not be subject to automated decision making, or the right to have a manual review of the decision, as well as be informed of information regarding the logic used to make any automated decisions.

To make a request related to the above privacy rights, please contact our Privacy Office by email at privacy@orpheus-medical.com

Alternatively, the Privacy Office can be contacted by toll free phone number for California-based individuals exercising their rights under the CCPA – please call us on 855-467-7477 – or by mail at the following postal address:

Questions and Contacts

We hope this Privacy Notice has been helpful in explaining the way we handle your personal information and your rights to control it. For any questions or comments in relation to this privacy notice and our privacy practices generally, please contact our Privacy Office who will be pleased to help you by email at privacy@orpheus-medical.com.

If you feel that your personal information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, depending on your jurisdiction, you have the right to lodge a complaint with the relevant supervisory authority for data protection and privacy.

If you live in the UK or EU, the relevant supervisory authority is the Information Commissioner’s Office:

Wycliffe House

Water Lane

Wilmslow

Cheshire, United Kingdom

SK9 5AF

You can contact them by calling (+44) 0303 123 1113, or go online to www.ico.org.uk/concerns (this opens in a new window in your internet browser; please note we cannot be responsible for the content of external websites).

If you are based outside the UK or EU, you may have the right to lodge your complaint with the relevant data protection regulator in your country of residence, where you live, or where the incident took place. Please contact info@orpheus-medical.com should you need to support in obtaining information regarding and contact details of the relevant authority.

Changes to Our Privacy Notice

We will review and may make updates to our privacy practices from time to time. If we review and/or make any material changes to our privacy practices, we will update this privacy notice and change the effective date at the top of this page.