Privacy Policy

Inari Medical, Inc., on behalf of its affiliates and subsidiaries (collectively, “Inari,” “us,” “we,” or “our”) has prepared this Privacy Policy (“Privacy Policy”) to describe to you, or if you represent an entity or other organization, that entity or organization (in either case, “you,” or “your”) our practices regarding the personal information that Inari collects, uses, and shares on behalf of end users (“Users”) of the websites located at www.inarimedical.com and ir.inarimedical.com, and any other websites and platforms operated by Inari that link to this Privacy Policy (each, a “Site”), and our related online and offline services, events, social media pages, and email and other electronic communications (collectively, and together with the Site, the “Services”). 

This Privacy Policy does not apply to personal information processed in connection with our clinical trials or other research studies. Individuals involved in clinical trials or research studies should refer to the informed consent form or other policies presented as part of the clinical trial or study. Similarly, if you are an Inari job applicant or employee, we may notify you separately concerning how we use personal information processed in connection with your job application or employment. Please contact Inari human resources or your Inari recruiting contact for more information.

Inari reserves the right, at any time, to modify this Privacy Policy.  If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy.  You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices.  We will note the effective date of the latest version of our Privacy Policy at the end of this Privacy Policy.  Your continued use of the Site following posting of changes constitutes your acceptance of such changes.  

This Privacy Policy covers the following topics:

1.     COLLECTION OF PERSONAL INFORMATION

1.1 Personal Information Collected. The following table describes the categories (with non-exhaustive examples) of personal information we may collect about you. We may also collect other personal information that is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Certain laws require separate privacy notices or are exempt from general personal information privacy policy disclosure requirements.  Such laws include health or medical information, including deidentified patient information, covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Confidentiality of Medical Information Act, or clinical trial data subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule.  As mentioned at the beginning of this Privacy Policy, we may notify you separately according to those laws if any of our collection, use, or sharing of personal information falls under any of those laws.

We may also collect or create de-identified information from personal information in a manner that it cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. To the extent that we classify such information as “de-identified,” we commit to maintaining and using such information in a de-identified form and to not attempting to re-identify such information (except for purposes permitted by law).

1.2 Sources of Personal Information. We obtain the categories of personal information listed above from a variety of sources, including the following sources:

• Personal Information You Provide. Inari collects personal information when you voluntarily submit it to us.  For example, we may collect or receive personal information from Users when a User signs up to receive promotional communications; uses or accesses a device, product, or service; submits a request to our customer service team; interacts with our social media pages; or otherwise interacts with us. 
• Automatically Collected Personal Information. In addition to personal information that we may receive directly from you, Inari, our service providers, and our advertising partners may automatically collect information about you, your computer, or mobile device, and your activity over time on our Site and other sites and online services, such as the Internet or Network Activity described above. Inari collects some personal information automatically using cookies or other online tracking technologies, such as:
  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
  • Flash cookies, or locally-stored objects, which are used on websites for purposes similar to cookies but allow storage of a larger amount of data.
  • Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
  • Local storage, which is used to save data on a visitor’s device. We use data from local storage to turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our services, remember your preferences, and measure ad effectiveness.

For more information, please visit our Cookie Policy linked at the bottom of the Site.

• Personal Information Obtained from Third Parties. In addition to the personal information that we collect from you directly and automatically, Inari may receive personal information about you from other third party sources.  For example, we receive personal information from our service providers, advertising partners, data analytics partners, operating systems and platforms, social media platforms, event sponsors, publicly available sources, or data licensors/providers.  We may merge or combine such personal information with the personal information we collect from you directly or automatically.

• Referrals. Users of the Services may have the opportunity to refer colleagues or other contacts to us and share their contact information. Please do not provide us with someone’s contact information unless you have their permission to do so.

2. USE OF PERSONAL INFORMATION

Inari may use personal information for the purposes set forth below and as otherwise described in this Privacy Policy or at the time of collection.

2.1 To Provide the Services. Our primary purpose for collecting personal information is to provide the Services that your request and to operate our business. This could include fulfilling your requests for devices, products, or services, personalizing your experience on or with the Services, verifying your identity, communicating with you (providing notices and responding to any requests or inquiries), providing maintenance and support, or to fulfill any other purpose for which you provide personal information.  It could also include processing purchases or other transactions.  For example, if you share your personal information to request a price quote or ask a question about our devices, products, or services, we will use that personal information to respond to your inquiry.  If you provide your personal information to purchase a device, product, or service, we will use such information to process your payment and facilitate delivery.  We may also save your personal information to facilitate new orders or process returns.

2.2 Research and Development of our Services. We use personal information for research and development purposes, including to understand and analyze the usage trends and preferences of our Users to make our Site, or content available on the Site, better, and develop new devices, products, features and functionality.  As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.

2.3 Direct Marketing. We use personal information to deliver Inari-related or other direct marketing communications as permitted by law, including materials or information about devices, products, and services from us and our business partners that are relevant to your interests. 

2.4 Behavioral-Based Advertising. We work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our devices, products, and services. These companies may use cookies and similar technologies to collect information about you (including the Internet and Network Activity described above) over time across our Site and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting behavioral-based advertising in the “YOUR CHOICES” section below.

2.5 To Secure the Site. We use personal information to maintain the safety, security, and integrity of our Services, devices, and products, and other technology assets, business, and other Users; to audit our internal processes for compliance with legal and contractual requirements and internal policies; enforce any terms and conditions that govern the Services; and prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

2.6 To Comply with Regulatory Requirements. We may use your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.

2.7 As Required by Law. We use personal information as we believe necessary or appropriate to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.

2.8 With Your Consent. We will use or disclose your personal information in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

3. SHARING OF PERSONAL INFORMATION

In addition to the specific situations discussed elsewhere in this Privacy Policy or at the time of collection, Inari may share your personal information in the following circumstances:

3.1 Related Companies and M&A Transactions. We may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of the business or make a transfer of assets or are otherwise involved in a merger or business transfer, or consolidation, reorganization, divestiture, or dissolution of all or a part of our business, we may transfer your personal information to a third party as part of that transaction, including at the negotiation stage.

3.2 Consent. We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy, and we may do so with your consent.

3.3 Legal Compliance. We may disclose personal information in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws.  We may also share your personal information in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other Users; or to prevent a violation of our agreements.

3.4 Regulatory Agencies. We may disclose your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.  For example, we may disclose personal information for medical device regulatory reporting requirements.

3.5 Service Providers. We may share your personal information with third parties who perform services on our behalf that are necessary for the orderly operation of the Services.  Among other things service providers may help us perform website hosting, maintenance services, database management, web analytics, app analytics, billing, payment processing, fraud protection, marketing, or any other use set out in this Privacy Policy.  

3.6 Partner or Sponsor Offerings. We may jointly offer events, promotions, or any other device, product, or service offerings with third party partners or sponsors.  The personal information that you submit through an event, promotion, or other offering may be combined and transmitted with other information that you have provided Inari.  Third party partners or sponsors may collection information directly from you, which may be combined with personal information disclosed by us.  If you decide to request, enter into, or participate in an event, promotion, or other offering that is offered by us and identified as a joint effort with a third-party partner or sponsor, the information that you provide may be shared with us and with that identified third party.

3.7 Behavioral-Based Advertising. We may share personal information with third parties who we partner with for advertising campaigns or that collect information about your activity on the Site for the purposes described in the “Behavioral-Based Advertising” section above.

3.8 Social Networking. The Site may offer you the ability to share your personal information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button).  The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site.  For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.

3.9 Professional Advisors. Professional Advisors. We may share personal information with persons, companies, or professional firms providing Inari with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.

4. SECURITY OF PERSONAL INFORMATION

No method of transmission over the Internet, or method of electronic storage, is fully secure.  While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.  In the event that we are required by law to inform you of any unauthorized access or acquisition of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

5. YOUR CHOICES

You can make the following choices regarding your personal information:

5.1 Access to Your Personal Information. You may request access to your personal information by contacting us as described below.  We will grant you reasonable access to the personal information that we have about you as required by law.  

5.2 Changes to Your Personal Information. We rely on you to update and correct the personal information you have provided to Inari.  Note that we may keep historical information in our backup files as permitted by law.  If our Site does not permit you to update or correct certain personal information, please contact us as described below.

5.3 Deletion of Your Personal Information. You may request that we delete your personal information by contacting us as described below.  We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.  To comply with a deletion request, we may delete, aggregate, or deidentify your personal information within the timeframes required by law.

5.4 Promotional E-mails. You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our Site, and our devices, products, and services.  You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below.  If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those to fulfill orders for devices, products, and service you have requested or deliver notifications directly to you through the Site.

5.5 Behavioral-Based Advertising. If you wish to limit third parties’ collection of information for behavioral-based advertising, you can block third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of behavioral-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Digital Advertising Alliance or Network Advertising Initiative in the U.S., the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe.  Some of the companies we work with may offer their own opt-out mechanisms. For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE SITE.  IT WILL, HOWEVER, EXCLUDE YOU FROM BEHAVIORAL-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.

5.6 Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Services and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit allaboutcookies.org.

5.7 Analytics. The Site uses Google Analytics to help us analyze how the Site is being accessed and used. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here.

5.8 Do-Not-Track. Some web browsers and devices permit you to broadcast a “Do Not Track” signal to the online services that your visit. At this time we do not modify your experience based upon whether such a signal is broadcast. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Inari is based in the United States of America.  If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America.  By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.  We safeguard and enable the global transfer of personal information in a number of ways.  For example, if you or your organization is required to enter into a contract or other binding legal act under, for example, EEA, UK, or Swiss law with your processors, and Inari is acting as a processor for you, as the controller, you may request that Inari enter into a Data Processing Addendum with Standard Contractual Clauses by contacting us at the address listed in the section titled “CONTACTING US” below.

7. OTHER SITES AND SERVICES

The Services may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.

8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA

The following applies to individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.

8.1 Controller. The controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is Inari Medical, 6001 Oak Canyon, Suite 100, Irvine, California 92618, USA. Individuals involved in clinical trials can contact privacy-eu@inarimedical.com.

8.2 Lawful basis for processing. Inari is required to inform you of the lawful basis of our processing of your personal information. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are described in the table below.  If you have questions about the lawful basis of how we process your personal information, contact us at the address listed in the section titled “CONTACTING US” below.

We will use your personal information only for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose.  For example, we consider deidentification, aggregation, and anonymization of personal information to be compatible with the purposes listed above and in your interest, because the deidentification, aggregation, and anonymization of such information reduces the likelihood of improper disclosure of that information. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

PLEASE NOTE WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.

8.3 Retention. Inari retains your personal information:

• For so long as needed to provide you with the Services or to fulfill our contractual, legal, accounting, or reporting obligations;
• As necessary to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements; and
• For so long as is necessary for the purposes for which we collected such personal information.

8.4 Your Rights. European data protection laws give you certain rights regarding your personal information.  You may ask us to take the following actions in relation to your personal information that we hold:

• Access. Provide you with information about our processing of your personal information and give you access to your personal information.
• Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
• Correct. Update or correct inaccuracies in your personal information.
• Restrict. Restrict the processing of your personal information.
• Object. Object to our reliance on our lawful basis as the basis of our processing of your personal information that impacts your rights.
• Delete. Delete your personal information.

When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.

If you are a European resident and would like to exercise any of these rights, please submit your request to privacy-eu@inarimedical.com.  If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection authority in your jurisdiction.  In the European Economic Area, you can find your data protection regulator here. In the United Kingdom, you can find your data protection regulator here.

8.5 Cross-Border Data Transfer. If we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, we will do so. Please contact us at privacy-eu@inarimedical.com for further information about any such transfers or the specific safeguards applied.

9. RESIDENTS OF CALIFORNIA

The following applies to residents of California and supplements the information elsewhere in this Privacy Policy. It describes how we collect, use, sell, share, and retain personal information of California residents, and their rights with respect to that personal information. For purposes of this section, “personal information” has the meaning given in the California Consumer Privacy Act (CCPA) but does not include information exempted from the scope of the CCPA.

9.1 Personal Information Collected and Purposes of Collection and Use. We collect, or have collected in the preceding 12 months, the categories of personal information described in the section titled, “Collection of Personal Information.”  Within that same section, we describe the sources from which we may collect those categories of personal information.  We collect and use the personal information for the business and commercial purposes described in the “Use of Personal Information” section above.  

To the extent we collect sensitive personal information (as defined under the CCPA), we only use or disclose it for purposes permitted under the CCPA (e.g., to perform the Services, detect security incidences and prevent fraud, and to verify and maintain the quality of the Services). We do not collect or use sensitive personal information for the purpose of inferring characteristics about California residents.

9.2 Personal Information Disclosed for a Business Purpose, “Sold,” or “Shared.” Each of the categories of personal information listed in this Privacy Policy may have been disclosed for business purposes in the preceding 12 months to any of the third parties set forth in the section titled, “Sharing of Personal Information.” 

The CCPA defines a “sale” as disclosing a California resident’s personal information to a third party for monetary or other valuable consideration. Where such disclosure is for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, it qualifies as “sharing” under California privacy laws.

In the preceding 12 months, we have “sold” or “shared” Internet or Network Activity with Advertising Partners for purposes of advertising our Services (including tracking the success of our advertising campaigns), identifying new business customers, and measuring activity on our Site, as further described in this Privacy Policy under the section titled, “Sharing of Personal Information.”  We do not knowingly “sell” or “share” the personal information of California residents under 16 years of age.

9.3 Retention of Personal Information. We will retain each of the categories of personal information for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

9.4 Your California Privacy Rights. As a California resident, in addition to the rights described elsewhere in this Privacy Policy, you have the rights listed below. However, these rights are not absolute, and in certain cases we may not be able to respond to your request, such as when a legal exemption applies or if we are not able to verify your identity.

• Know/Access. You can request the following information about how we have collected and used your personal information:

• The categories of personal information that we have collected.
• The categories of sources from which we collected personal information.
• The business or commercial purpose for collecting, selling, or sharing personal information.
• The categories of third parties with whom we disclose personal information.
• A copy of the personal information that we have collected about you.

• Delete. You can ask us to delete the personal information that we have collected from you.
• Correct. You can ask us to correct inaccurate personal information that we maintain about you.
• Opt-out of sales/sharing. If we “sell” or “share” your personal information, you can opt-out.
• Nondiscrimination. You are entitled to exercise the rights described above without receiving discriminatory treatment.

9.5 How to Exercise Your California Privacy Rights.

• Right to know/access, delete, or correct your Personal Information. You can request to exercise your access, deletion, or correction rights by:

• Emailing privacy@inarimedical.com – Please put the statement “CCPA Consumer Request” in the subject line; or
• Calling us toll-free at 833-217-5088.

• Right to opt-out of the “sale” or “sharing” of your Personal Information. You can request to opt-out out of the “sale” or “sharing” of your personal information by clicking the link at the bottom of the Site that states, “Do Not Sell or Share My Personal Information,” or broadcasting the Global Privacy Control (GPC) signal. Note that due to technological limitations, if you visit our Site from a different computer or device, or clear cookies on your browser that store your preferences, you will need to return to this screen to select your preferences and/or rebroadcast the GPC signal.

If you direct us not to sell/share your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.

We reserve the right to confirm your California residence to process your requests and will need to confirm your identity to process your requests to exercise your right to know/access, delete, and correct. This is a security measure to, for example, help ensure we do not disclose information to a person who is not entitled to receive it. The identity verification process may vary depending on how you submit your request.

Consistent with California law, you may designate an authorized agent to make a request on your behalf. If you do so, we may require proof of your identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify the request, including evidence of valid permission for the authorized agent to act on your behalf. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).  However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.

10. RESIDENTS OF NEVADA

Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us using the contact information listed at the end of this Privacy Policy.

11. CONTACTING US

If you have any questions or concerns about our Privacy Policy or any other privacy or security issue, please contact us at:

Inari

Attn: Inari Privacy Agent

9 Parker, Suite 100, Irvine, CA 92618

privacy@inarimedical.com 

Last Updated: July 14, 2023