1. COLLECTION OF PERSONAL INFORMATION
1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:
|A. Individual Identifiers and Demographic Information||A real name, postal address, email address, affiliated institution, or other similar identifiers.|
|B. Commercial Information||Records of devices, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.|
|C. Internet or Network Activity||Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement, and other online identifiers and Internet Protocol address.|
In accordance with applicable legal requirements, Personal information may not include:
- Publicly Available Data – Publicly available information from government records.
- Deidentified or Aggregate Information – “Deidentified Information” means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular individual, and for which Inari has implemented technical safeguards and business processes that prohibit reidentification of the individual. “Aggregate Information” means information that relates to a group or category of individuals, from which individual identities have been removed, that is not linked or reasonably linkable to any individual or household, including via a device.
1.2. Sources of Personal Information. We obtain the categories of personal information listed above on or through our Site from the following categories of sources:
• Personal Information You Provide. Inari collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information from Users when a User creates a user account; edits registration information; signs up to receive promotional communications; uses or accesses a device, product, or service; participates in one of our research or statistical studies; submits a request to our customer service team; interacts with our social media pages; or otherwise interact with us or other Users through the Site.
• Automatically Collected Personal Information. In addition to personal information that we may receive directly from you, Inari indirectly collects other information from you automatically through the Site. For example, we receive personal information from Users when a User visits and navigates our Site on any device. We may also collect personal information about Users over time and across different websites, apps, and devices when a User accesses the Site. Third parties also collect personal information this way on our Site. Inari collects some personal information automatically using cookies or other online tracking technologies as described in our Cookies Policy, available at https://www.inarimedical.com/cookie-policy.
• Personal Information Obtained from Third Parties. In addition to the personal information that we collect from you directly and automatically, Inari may receive personal information about you from other third party sources. For example, we receive personal information from our business partners, sponsors, or companies that provide personal information to supplement what we already know about Users. We may merge or combine such personal information with the personal information we collect from you directly or automatically.
2. USE OF PERSONAL INFORMATION
Inari may use personal information for various purposes, including without limitation to:
- To Provide Our Devices, Products, and Services. This could include fulfilling your requests for devices, products, or services. It could also include processing purchases or other transactions. For example, if you share your personal information to request a price quote or ask a question about our devices, products, or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a device, product, or service, we will use such information to process your payment and facilitate delivery. We may also save your personal information to facilitate new orders or process returns.
- To Improve Our Site. We use personal information to understand and analyze the usage trends and preferences of our Users to make our Site, or content available on the Site, better, diagnose technical issues, prevent fraud, and develop new features and functionality.
- To Understand Your Interests. We use your personal information to personalize your experience on the Site and to deliver information about devices, products, and services relevant to your interests. Our Site may make suggestions for content that may be interesting to you and others. We use the data you provide and the data we have about other users, to make these recommendations.
- To Process Your Payment for Devices, Products, or Services. We use personal information to facilitate payment for devices, products, and services that you select through our Site.
- To Respond to Your Requests or Questions. We use personal information to provide you with support and to respond to your requests for customer support, including to investigate and address your concerns and monitor and improve our responses. This may also include responding to your feedback.
- To Secure the Site. We use personal information to maintain the safety, security, and integrity of our Site, and devices, products, and services, and other technology assets, business, and other Users.
- To Perform Research and Statistical Studies. We may use your personal information to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest.
- To Comply with Regulatory Requirements. We may use your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.
- As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.
3. SHARING OF PERSONAL INFORMATION
3.1 Related Companies and M&A Transactions. We may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of its business or make a transfer of assets or is otherwise involved in a merger or business transfer, we may transfer your personal information to a third party as part of that transaction, including at the negotiation stage.
3.3 Legal Compliance. We may disclose personal information in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other Users; or to prevent a violation of our agreements.
3.4 Regulatory Agencies. We may disclose your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary. For example, we may disclose personal information for medical device regulatory reporting requirements.
3.6 Partner or Sponsor Offerings. We may jointly offer events, promotions, or any other device, product, or service offerings with third party partners or sponsors. The personal information that you submit through an event, promotion, or other offering may be combined and transmitted with other information that you have provided Inari. Third party partners or sponsors may collection information directly from you, which may be combined with personal information disclosed by us. If you decide to request, enter into, or participate in an event, promotion, or other offering that is offered by us and identified as a joint effort with a third-party partner or sponsor, the information that you provide may be shared with us and with that identified third party.
3.7 Behavioral-Based Advertising. We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Site so that we can provide advertising about products and services tailored to your interest. That advertising may appear either on our Site, or on other websites.
3.8 Social Networking. The Site may offer you the ability to share your personal information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button). The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site. For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.
4. SECURITY OF PERSONAL INFORMATION
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access or acquisition of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
5. YOUR CHOICES
You can make the following choices regarding your personal information:
5.1 Access to Your Personal Information. You may request access to your personal information by contacting us as described below. We will grant you reasonable access to the personal information that we have about you as required by law.
5.2 Changes to Your Personal Information. We rely on you to update and correct the personal information you have provided to Inari. Note that we may keep historical information in our backup files as permitted by law. If our Site does not permit you to update or correct certain personal information, please contact us as described below.
5.3 Deletion of Your Personal Information. You may request that we delete your personal information by contacting us contacting us as described below. We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Also, we may deny your deletion request if retention is necessary for us to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. Except as provided above, we will delete, aggregate, or deidentify all of your personal information as described in this subsection within the timeframes required by law.
6. OPTING OUT
You can make the following choices to opt out of certain activities regarding your personal information:
6.1 Promotional E-mails. You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our Site, and our devices, products, and services. You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below. If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those to fulfill orders for devices, products, and service you have requested or deliver notifications directly to you through the Site.
6.2 Behavioral-Based Advertising. We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Site so that we can provide advertising about products and services tailored to your interest. That advertising may appear either on our Site, or on other websites. If you wish to limit third parties’ collection of information about your use of our Site, you can opt-out of such at the Digital Advertising Alliance or Network Advertising Initiative in the U.S., the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE SITE. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.
6.3 Do-Not-Track. Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. At this time we do not modify your experience based upon whether such a signal is broadcast.
7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Inari is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein. We safeguard and enable the global transfer of personal information in a number of ways. For example, if you or your organization is required to enter into a contract or other binding legal act under EEA, UK, or Swiss law with your processors, and Inari is acting as a processor for you, as the controller, you may request that Inari enter into a Data Processing Addendum with Standard Contractual Clauses by contacting us at the address listed in the section titled “CONTACTING US” below.
8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA
The following applies to individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.
8.1 Lawful basis for processing. Inari is required to inform you of the lawful basis of our processing of your personal information, which are described in the table below. If you have questions about the lawful basis of how we process your personal information, contact us at the address listed in the section titled “CONTACTING US” below.
|Processing Purpose||Lawful Basis|
|• Collection of Sensitive Personal Information.
• To Improve Our Site.
• To Market Devices, Products, or Services.
• To Perform Research and Statistical Studies,
|Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Site.|
|• To Provide Our Devices, Products, or Services.
• To Communicate with You.
• To Understand Your Interests.
• To Process Your Payment for Devices, Products, or Services.
• To Respond to Your Requests or Questions.
|Processing is necessary for the performance of a contract. You are subject to a contract with us and we need to use your personal information to provide devices, products, and services.|
|• To Secure the Site.
• To Comply with Regulatory Requirements.
• As Required by Law.
|Processing is necessary to comply with our legal obligations.|
|• To Improve Our Site.
• To Understand Your Interests.
• To Market Devices, Products, or Services.
• To Secure the Site.
• To Perform Research and Statistical Studies,
|Processing activities constitute our legitimate interests. We consider and balance the potential impact on your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent, or we are otherwise required to perform a contract or by law).|
We will use your personal information only for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose. For example, we consider deidentification, aggregation, and anonymization of personal information to be compatible with the purposes listed above and in your interest, because the deidentification, aggregation, and anonymization of such information reduces the likelihood of improper disclosure of that information.
PLEASE NOTE WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.
8.2 Retention. Inari retains your personal information:
- For so long as needed to provide you with the Site or to fulfill our contractual obligations;
- As necessary to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements; and
- For so long as is necessary for the purposes for which we collected such personal information.
8.3 Your Rights. European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Correct. Update or correct inaccuracies in your personal information.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our lawful basis as the basis of our processing of your personal information that impacts your rights.
- Delete. Delete your personal information.
When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.
If you are a European resident and would like to exercise any of these rights, please submit your request to the address listed in the section titled “CONTACTING US” below. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection authority in your jurisdiction. You can find your data protection regulator here.
9. RESIDENTS OF CALIFORNIA
The following applies to residents of California.
9.1 Notice to California Residents. In the preceding 12 months, we have collected the following categories of personal information: Individual Identifiers and Demographic Information, Commercial Information, and Internet or Network Activity. For examples of the precise data elements that we collect and the sources of such collection, please see “Collection of Personal Information” above. We collect personal information for the business and commercial purposes described in the “Use of Personal Information” section above. We share personal information with the categories of third parties described in the “Sharing of Personal Information” section above.
We must disclose whether the following categories of personal information are disclosed for a “business purpose” or “valuable consideration” as those terms are defined under California law. Note that while a category below may be marked, that does not necessarily mean that we have personal information in that category about you. In the preceding twelve months, we have disclosed the following categories of personal information in the manner described.
|Category||Personal Information is Disclosed for a Business Purpose||Personal Information is Disclosed for Valuable Consideration|
|A. Individual Identifiers and Demographic Information||Yes||No|
|B. Commercial Information||Yes||No|
|C. Internet or Network Activity||Yes||No|
9.2 Notice of Disclosure for Direct Marketing. Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with Inari are entitled to ask us for a notice describing what categories of personal information we share with third parties for their direct marketing purposes. This notice will identify the categories of information shared with and will include a list of the third parties with which it is shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the section titled “CONTACTING US” below.
10. EXERCISING YOUR PRIVACY RIGHTS
10.1 No Fee Usually Required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive if permitted by applicable law.
10.2 What We May Need from You. When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.3 Time to Respond. We try to respond to all legitimate requests within 30 days of your request. Occasionally it may take us longer than 30 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
10.4 No Discrimination. You will not be subject to discrimination as a result of exercising the rights described herein. In some cases, when you exercise one of your rights, we will be unable to comply with the request due to legal obligations or otherwise, or we will be unable to provide you certain products or services. These responses are not discrimination and our reasons for declining your request or ceasing services will be provided at that time.
10.5 Authorized Agent. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide the requester’s proof of identification and the authorized agent’s proof of identification.
11. CONTACTING US
Attn: Inari Privacy Agent
9 Parker, Suite 100, Irvine, CA 92618
Last Revised: December 7, 2020