Inari Medical, Inc., on behalf of its affiliates and subsidiaries (collectively, “Inari,” “us,” “we,” or “our”) has prepared this Privacy Policy (“Privacy Policy”) to describe to you, or if you represent an entity or other organization, that entity or organization (in either case, “you,” or “your”) our online and offline practices regarding the personal information that Inari collects, uses, and shares on behalf of end users (“Users”) of the website located at https://www.inarimedical.com/, and any other websites operated by Inari (each, a “Site”). If you are an Inari job applicant or employee, please review our Employee Privacy Policy for information about how we use personal information processed in connection with your job application or employment.
Inari reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. We will note the effective date of the latest version of our Privacy Policy at the end of this Privacy Policy. Your continued use of the Site following posting of changes constitutes your acceptance of such changes.
1. COLLECTION OF PERSONAL INFORMATION 1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:Categories | Examples |
A. Individual Identifiers and Demographic Information | A real name, postal address, email address, affiliated institution, or other similar identifiers. |
B. Commercial Information | Records of devices, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
C. Internet or Network Activity | Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement, and other online identifiers and Internet Protocol address. |
In accordance with applicable legal requirements, Personal information may not include:
- Publicly Available Data – Publicly available information from government records.
- Deidentified or Aggregate Information – “Deidentified Information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, and for which Inari has implemented technical safeguards and business processes that prohibit reidentification of the individual. “Aggregate Information” means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any individual or household, including via a device.
- Excluded Information – Certain laws require separate privacy notices or are exempt from general personal information privacy policy disclosure requirements. Such laws include health or medical information, including deidentified patient information, covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Confidentiality of Medical Information Act, or clinical trial data subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule. We may notify you separately according to those laws if any of our collection, use, or sharing of personal information falls under any of those laws.
1.2. Sources of Personal Information. We obtain the categories of personal information listed above on or through our Site from the following categories of sources:
• Personal Information You Provide. Inari collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information from Users when a User creates a user account; edits registration information; signs up to receive promotional communications; uses or accesses a device, product, or service; participates in one of our research or statistical studies; submits a request to our customer service team; interacts with our social media pages; or otherwise interact with us or other Users through the Site.
• Automatically Collected Personal Information. In addition to personal information that we may receive directly from you, Inari indirectly collects other information from you automatically through the Site. For example, we receive personal information from Users when a User visits and navigates our Site on any device. We may also collect personal information about Users over time and across different websites, apps, and devices when a User accesses the Site. Third parties also collect personal information this way on our Site. Inari collects some personal information automatically using cookies or other online tracking technologies as described in our Cookies Policy, available at https://www.inarimedical.com/cookie-policy.
• Personal Information Obtained from Third Parties. In addition to the personal information that we collect from you directly and automatically, Inari may receive personal information about you from other third party sources. For example, we receive personal information from our business partners, sponsors, or companies that provide personal information to supplement what we already know about Users. We may merge or combine such personal information with the personal information we collect from you directly or automatically.
2. USE OF PERSONAL INFORMATION
Inari may use personal information for various purposes, including without limitation to:
- To Provide Our Devices, Products, and Services. This could include fulfilling your requests for devices, products, or services. It could also include processing purchases or other transactions. For example, if you share your personal information to request a price quote or ask a question about our devices, products, or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a device, product, or service, we will use such information to process your payment and facilitate delivery. We may also save your personal information to facilitate new orders or process returns.
- To Improve Our Site. We use personal information to understand and analyze the usage trends and preferences of our Users to make our Site, or content available on the Site, better, diagnose technical issues, prevent fraud, and develop new features and functionality.
- To Understand Your Interests. We use your personal information to personalize your experience on the Site and to deliver information about devices, products, and services relevant to your interests. Our Site may make suggestions for content that may be interesting to you and others. We use the data you provide and the data we have about other users, to make these recommendations.
- To Process Your Payment for Devices, Products, or Services. We use personal information to facilitate payment for devices, products, and services that you select through our Site.
- To Respond to Your Requests or Questions. We use personal information to provide you with support and to respond to your requests for customer support, including to investigate and address your concerns and monitor and improve our responses. This may also include responding to your feedback.
- To Market Devices, Products, or Services. We provide you with information about devices, products, services, or promotions. For example, we may use cookies or other online tracking technologies to provide customized advertisements, content, and information; monitor and analyze the effectiveness of marketing activities; and track your entries, submissions, and status in any promotions.
- To Secure the Site. We use personal information to maintain the safety, security, and integrity of our Site, and devices, products, and services, and other technology assets, business, and other Users.
- To Communicate with You. We may communicate with you about our relationship. We may also contact you about this Privacy Policy.
- To Perform Research and Statistical Studies. We may use your personal information to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest.
- To Comply with Regulatory Requirements. We may use your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.
- As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.
3. SHARING OF PERSONAL INFORMATION
In addition to the specific situations discussed elsewhere in this Privacy Policy, Inari may share your personal information in the following circumstances:
3.1 Related Companies and M&A Transactions. We may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of its business or make a transfer of assets or is otherwise involved in a merger or business transfer, we may transfer your personal information to a third party as part of that transaction, including at the negotiation stage.
3.2 Consent. We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy, and we may do so with your consent
3.3 Legal Compliance. We may disclose personal information in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other Users; or to prevent a violation of our agreements.
3.4 Regulatory Agencies. We may disclose your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary. For example, we may disclose personal information for medical device regulatory reporting requirements.
3.5 Service Providers. We may share your personal information with third parties who perform services on our behalf that are necessary for the orderly operation of the Site. Among other things service providers may help us perform website hosting, maintenance services, database management, web analytics, app analytics, billing, payment processing, fraud protection, marketing, or any other use set out in this Privacy Policy. Access to your personal information by these service providers is limited to the information reasonably necessary for the service provider to perform its limited function.
3.6 Partner or Sponsor Offerings. We may jointly offer events, promotions, or any other device, product, or service offerings with third party partners or sponsors. The personal information that you submit through an event, promotion, or other offering may be combined and transmitted with other information that you have provided Inari. Third party partners or sponsors may collection information directly from you, which may be combined with personal information disclosed by us. If you decide to request, enter into, or participate in an event, promotion, or other offering that is offered by us and identified as a joint effort with a third-party partner or sponsor, the information that you provide may be shared with us and with that identified third party.
3.7 Behavioral-Based Advertising. We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Site so that we can provide advertising about products and services tailored to your interest. That advertising may appear either on our Site, or on other websites.
3.8 Social Networking. The Site may offer you the ability to share your personal information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button). The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site. For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access or acquisition of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
5. YOUR CHOICES
You can make the following choices regarding your personal information:
5.1 Access to Your Personal Information. You may request access to your personal information by contacting us as described below. We will grant you reasonable access to the personal information that we have about you as required by law.
5.2 Changes to Your Personal Information. We rely on you to update and correct the personal information you have provided to Inari. Note that we may keep historical information in our backup files as permitted by law. If our Site does not permit you to update or correct certain personal information, please contact us as described below.
5.3 Deletion of Your Personal Information. You may request that we delete your personal information by contacting us contacting us as described below. We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Also, we may deny your deletion request if retention is necessary for us to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. Except as provided above, we will delete, aggregate, or deidentify all of your personal information as described in this subsection within the timeframes required by law.
6. OPTING OUT
You can make the following choices to opt out of certain activities regarding your personal information:
6.1 Promotional E-mails. You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our Site, and our devices, products, and services. You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below. If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those to fulfill orders for devices, products, and service you have requested or deliver notifications directly to you through the Site. 6.2 Behavioral-Based Advertising. We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Site so that we can provide advertising about products and services tailored to your interest. That advertising may appear either on our Site, or on other websites. If you wish to limit third parties’ collection of information about your use of our Site, you can opt-out of such at the Digital Advertising Alliance or Network Advertising Initiative in the U.S., the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE SITE. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS. 6.3 Do-Not-Track. Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. At this time we do not modify your experience based upon whether such a signal is broadcast.7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Inari is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein. We safeguard and enable the global transfer of personal information in a number of ways. For example, if you or your organization is required to enter into a contract or other binding legal act under EEA, UK, or Swiss law with your processors, and Inari is acting as a processor for you, as the controller, you may request that Inari enter into a Data Processing Addendum with Standard Contractual Clauses by contacting us at the address listed in the section titled “CONTACTING US” below.
8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA
The following applies to individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.
8.1 Lawful basis for processing. Inari is required to inform you of the lawful basis of our processing of your personal information, which are described in the table below. If you have questions about the lawful basis of how we process your personal information, contact us at the address listed in the section titled “CONTACTING US” below.
Processing Purpose | Lawful Basis |
• Collection of Sensitive Personal Information. • To Improve Our Site. • To Market Devices, Products, or Services. • To Perform Research and Statistical Studies, | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Site. |
• To Provide Our Devices, Products, or Services. • To Communicate with You. • To Understand Your Interests. • To Process Your Payment for Devices, Products, or Services. • To Respond to Your Requests or Questions. | Processing is necessary for the performance of a contract. You are subject to a contract with us and we need to use your personal information to provide devices, products, and services. |
• To Secure the Site. • To Comply with Regulatory Requirements. • As Required by Law. | Processing is necessary to comply with our legal obligations. |
• To Improve Our Site. • To Understand Your Interests. • To Market Devices, Products, or Services. • To Secure the Site. • To Perform Research and Statistical Studies, • To Use Personal Information as Otherwise Described in this Privacy Policy. | Processing activities constitute our legitimate interests. We consider and balance the potential impact on your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent, or we are otherwise required to perform a contract or by law). |
We will use your personal information only for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose. For example, we consider deidentification, aggregation, and anonymization of personal information to be compatible with the purposes listed above and in your interest, because the deidentification, aggregation, and anonymization of such information reduces the likelihood of improper disclosure of that information.
PLEASE NOTE WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.
8.2 Retention. Inari retains your personal information:
- For so long as needed to provide you with the Site or to fulfill our contractual obligations;
- As necessary to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements; and
- For so long as is necessary for the purposes for which we collected such personal information.
8.3 Your Rights. European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Correct. Update or correct inaccuracies in your personal information.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our lawful basis as the basis of our processing of your personal information that impacts your rights.
- Delete. Delete your personal information.
When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.
If you are a European resident and would like to exercise any of these rights, please submit your request to the address listed in the section titled “CONTACTING US” below. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection authority in your jurisdiction. You can find your data protection regulator here.
Category | Personal Information is Disclosed for a Business Purpose | Personal Information is Disclosed for Valuable Consideration |
A. Individual Identifiers and Demographic Information | Yes | No |
B. Commercial Information | Yes | No |
C. Internet or Network Activity | Yes | No |