Privacy Policy

Inari Medical, Inc., on behalf of its affiliates and subsidiaries (collectively, “Inari,” “us,” “we,” or “our”) has prepared this Privacy Policy (“Privacy Policy”) to describe to you, or if you represent an entity or other organization, that entity or organization (in either case, “you,” or “your”) our practices regarding the personal information that Inari collects, uses, and shares on behalf of end users (“Users”) of the websites located at www.inarimedical.com and ir.inarimedical.com, and any other websites and platforms operated by Inari that link to this Privacy Policy (each, a “Site”), and our related online and offline services, events, social media pages, and email and other electronic communications (collectively, and together with the Site, the “Services”). 

This Privacy Policy does not apply to personal information processed in connection with our clinical trials or other research studies. Individuals involved in clinical trials or research studies should refer to the informed consent form or other policies presented as part of the clinical trial or study. Similarly, if you are an Inari job applicant or employee, we may notify you separately concerning how we use personal information processed in connection with your job application or employment. Please contact Inari human resources or your Inari recruiting contact for more information.

Inari reserves the right, at any time, to modify this Privacy Policy.  If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy.  You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices.  We will note the effective date of the latest version of our Privacy Policy at the end of this Privacy Policy.  Your continued use of the Site following posting of changes constitutes your acceptance of such changes.  

This Privacy Policy covers the following topics:

  1. COLLECTION OF PERSONAL INFORMATION
  2. USE OF PERSONAL INFORMATION
  3. SHARING OF PERSONAL INFORMATION
  4. SECURITY OF PERSONAL INFORMATION
  5. YOUR CHOICES
  6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
  7. OTHER SITES AND SERVICES
  8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA
  9. RESIDENTS OF CALIFORNIA
  10. RESIDENTS OF NEVADA
  11. CONTACTING US

1.     COLLECTION OF PERSONAL INFORMATION

1.1 Personal Information Collected. The following table describes the categories (with non-exhaustive examples) of personal information we may collect about you. We may also collect other personal information that is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Categories Examples
Individual Identifiers

Contact information, such as first and last name, postal address, email address, phone number, and social media handle.

 

Professional Information

Professional information, such as your affiliated organization’s name and location, and your job title, email, phone number, and other details we may collect about your organization or profession.

 

Commercial Information

Transaction history, such as records of devices, products, or services purchased from us, obtained, or considered.

 

Payment information, such as credit or debit card number used for payments.

 

Preferences, such as any marketing or communications preferences.

 

Survey responses, such as the information you provide in response to our surveys or questionnaires.

 

Communications, such as the information associated with your requests or inquiries, and any feedback you provide when you communicate with us.

 

Audio, Electronic, Visual, or Similar Information Customer service call recordings, recorded by us and our service provider for training and quality assurance purposes.
Internet or Network Activity

Online activity information, such as the website you visited before browsing to the Site, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

 

Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.

 

Inferences Drawn from Personal Information Profiles reflecting preferences, characteristics, and behavior.

Certain laws require separate privacy notices or are exempt from general personal information privacy policy disclosure requirements.  Such laws include health or medical information, including deidentified patient information, covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Confidentiality of Medical Information Act, or clinical trial data subject to the Federal Policy for the Protection of Human Subjects, also known as the Common Rule.  As mentioned at the beginning of this Privacy Policy, we may notify you separately according to those laws if any of our collection, use, or sharing of personal information falls under any of those laws.

We may also collect or create de-identified information from personal information in a manner that it cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. To the extent that we classify such information as “de-identified,” we commit to maintaining and using such information in a de-identified form and to not attempting to re-identify such information (except for purposes permitted by law).

1.2 Sources of Personal Information. We obtain the categories of personal information listed above from a variety of sources, including the following sources:

  • Personal Information You Provide. Inari collects personal information when you voluntarily submit it to us.  For example, we may collect or receive personal information from Users when a User signs up to receive promotional communications; uses or accesses a device, product, or service; submits a request to our customer service team; interacts with our social media pages; or otherwise interacts with us. 
  • Automatically Collected Personal Information. In addition to personal information that we may receive directly from you, Inari, our service providers, and our advertising partners may automatically collect information about you, your computer, or mobile device, and your activity over time on our Site and other sites and online services, such as the Internet or Network Activity described above. Inari collects some personal information automatically using cookies or other online tracking technologies, such as:
    • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
    • Flash cookies, or locally-stored objects, which are used on websites for purposes similar to cookies but allow storage of a larger amount of data.
    • Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
    • Local storage, which is used to save data on a visitor’s device. We use data from local storage to turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our services, remember your preferences, and measure ad effectiveness.

For more information, please visit our Cookie Policy linked at the bottom of the Site.

  • Personal Information Obtained from Third Parties. In addition to the personal information that we collect from you directly and automatically, Inari may receive personal information about you from other third party sources.  For example, we receive personal information from our service providers, advertising partners, data analytics partners, operating systems and platforms, social media platforms, event sponsors, publicly available sources, or data licensors/providers.  We may merge or combine such personal information with the personal information we collect from you directly or automatically.
  • Referrals. Users of the Services may have the opportunity to refer colleagues or other contacts to us and share their contact information. Please do not provide us with someone’s contact information unless you have their permission to do so.

2. USE OF PERSONAL INFORMATION

Inari may use personal information for various purposes, including without limitation to:

Inari may use personal information for the purposes set forth below and as otherwise described in this Privacy Policy or at the time of collection.

2.1 To Provide the Services. Our primary purpose for collecting personal information is to provide the Services that your request and to operate our business. This could include fulfilling your requests for devices, products, or services, personalizing your experience on or with the Services, verifying your identity, communicating with you (providing notices and responding to any requests or inquiries), providing maintenance and support, or to fulfill any other purpose for which you provide personal information.  It could also include processing purchases or other transactions.  For example, if you share your personal information to request a price quote or ask a question about our devices, products, or services, we will use that personal information to respond to your inquiry.  If you provide your personal information to purchase a device, product, or service, we will use such information to process your payment and facilitate delivery.  We may also save your personal information to facilitate new orders or process returns.

2.2 Research and Development of our Services. We use personal information for research and development purposes, including to understand and analyze the usage trends and preferences of our Users to make our Site, or content available on the Site, better, and develop new devices, products, features and functionality.  As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.

2.3 Direct Marketing. We use personal information to deliver Inari-related or other direct marketing communications as permitted by law, including materials or information about devices, products, and services from us and our business partners that are relevant to your interests. 

2.4 Behavioral-Based Advertising. We work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our devices, products, and services. These companies may use cookies and similar technologies to collect information about you (including the Internet and Network Activity described above) over time across our Site and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting behavioral-based advertising in the “YOUR CHOICES” section below.

2.5 To Secure the Site. We use personal information to maintain the safety, security, and integrity of our Services, devices, and products, and other technology assets, business, and other Users; to audit our internal processes for compliance with legal and contractual requirements and internal policies; enforce any terms and conditions that govern the Services; and prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

2.6 To Comply with Regulatory Requirements. We may use your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.

2.7 As Required by Law. We use personal information as we believe necessary or appropriate to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.

2.8 With Your Consent. We will use or disclose your personal information in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

3. SHARING OF PERSONAL INFORMATION

In addition to the specific situations discussed elsewhere in this Privacy Policy or at the time of collection, Inari may share your personal information in the following circumstances:

3.1 Related Companies and M&A Transactions. We may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of the business or make a transfer of assets or are otherwise involved in a merger or business transfer, or consolidation, reorganization, divestiture, or dissolution of all or a part of our business, we may transfer your personal information to a third party as part of that transaction, including at the negotiation stage.

3.2 Consent. We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy, and we may do so with your consent.

3.3 Legal Compliance. We may disclose personal information in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws.  We may also share your personal information in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other Users; or to prevent a violation of our agreements.

3.4 Regulatory Agencies. We may disclose your personal information to comply with requirements of regulatory agencies such as the United States Food and Drug Administration (FDA), the European Medicines Agency (EMA) and Medical Technology Associations, if necessary.  For example, we may disclose personal information for medical device regulatory reporting requirements.

3.5 Service Providers. We may share your personal information with third parties who perform services on our behalf that are necessary for the orderly operation of the Services.  Among other things service providers may help us perform website hosting, maintenance services, database management, web analytics, app analytics, billing, payment processing, fraud protection, marketing, or any other use set out in this Privacy Policy.

3.6 Partner or Sponsor Offerings. We may jointly offer events, promotions, or any other device, product, or service offerings with third party partners or sponsors.  The personal information that you submit through an event, promotion, or other offering may be combined and transmitted with other information that you have provided Inari.  Third party partners or sponsors may collection information directly from you, which may be combined with personal information disclosed by us.  If you decide to request, enter into, or participate in an event, promotion, or other offering that is offered by us and identified as a joint effort with a third-party partner or sponsor, the information that you provide may be shared with us and with that identified third party.

3.7 Behavioral-Based Advertising. We may share personal information with third parties who we partner with for advertising campaigns or that collect information about your activity on the Site for the purposes described in the “Behavioral-Based Advertising” section above.

3.8 Social Networking. The Site may offer you the ability to share your personal information through a social networking website (e.g., Facebook, Twitter), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button).  The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site.  For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites.

3.9 Professional Advisors. Professional Advisors. We may share personal information with persons, companies, or professional firms providing Inari with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.

    4. SECURITY OF PERSONAL INFORMATION

    No method of transmission over the Internet, or method of electronic storage, is fully secure.  While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.  In the event that we are required by law to inform you of any unauthorized access or acquisition of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

    5. YOUR CHOICES

    You can make the following choices regarding your personal information:

    5.1 Access to Your Personal Information. You may request access to your personal information by contacting us as described below.  We will grant you reasonable access to the personal information that we have about you as required by law.

     5.2 Changes to Your Personal Information. We rely on you to update and correct the personal information you have provided to Inari.  Note that we may keep historical information in our backup files as permitted by law.  If our Site does not permit you to update or correct certain personal information, please contact us as described below.

    5.3 Deletion of Your Personal Information. You may request that we delete your personal information by contacting us contacting us as described below.  We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.  Also, we may deny your deletion request if retention is necessary for us to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.  Except as provided above, we will delete, aggregate, or deidentify all of your personal information as described in this subsection within the timeframes required by law.

    6. OPTING OUT

    You can make the following choices to opt out of certain activities regarding your personal information:

    6.1 Promotional E-mails. You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our Site, and our devices, products, and services.  You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below.  If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those to fulfill orders for devices, products, and service you have requested or deliver notifications directly to you through the Site.

    6.2 Behavioral-Based Advertising. We participate in behavioral-based advertising.  This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Site so that we can provide advertising about products and services tailored to your interest.  That advertising may appear either on our Site, or on other websites.  If you wish to limit third parties’ collection of information about your use of our Site, you can opt-out of such at the Digital Advertising Alliance or Network Advertising Initiative in the U.S., the Digital Advertising Alliance of Canada in Canada, or the European Digital Advertising Alliance in Europe.  PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE SITE.  IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.

    6.3 Do-Not-Track. Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online.  At this time we do not modify your experience based upon whether such a signal is broadcast.

    7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

    Inari is based in the United States of America.  If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America.  By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein.  We safeguard and enable the global transfer of personal information in a number of ways.  For example, if you or your organization is required to enter into a contract or other binding legal act under EEA, UK, or Swiss law with your processors, and Inari is acting as a processor for you, as the controller, you may request that Inari enter into a Data Processing Addendum with Standard Contractual Clauses by contacting us at the address listed in the section titled “CONTACTING US” below.

    8. RESIDENTS OF THE EUROPEAN ECONOMIC AREA

    The following applies to individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland.

    8.1 Lawful basis for processing. Inari is required to inform you of the lawful basis of our processing of your personal information, which are described in the table below.  If you have questions about the lawful basis of how we process your personal information, contact us at the address listed in the section titled “CONTACTING US” below.

    Processing Purpose Lawful Basis
    • Collection of Sensitive Personal Information.

    • To Improve Our Site.

    • To Market Devices, Products, or Services. 

    • To Perform Research and Statistical Studies,

    Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated on the Site.
    • To Provide Our Devices, Products, or Services.

    • To Communicate with You. 

    • To Understand Your Interests. 

    • To Process Your Payment for Devices, Products, or Services. 

    • To Respond to Your Requests or Questions. 

    Processing is necessary for the performance of a contract.  You are subject to a contract with us and we need to use your personal information to provide devices, products, and services.
    • To Secure the Site.

    • To Comply with Regulatory Requirements.

    • As Required by Law.

    Processing is necessary to comply with our legal obligations.
    • To Improve Our Site.

    • To Understand Your Interests. 

    • To Market Devices, Products, or Services.

    • To Secure the Site.

    • To Perform Research and Statistical Studies,

    • To Use Personal Information as Otherwise Described in this Privacy Policy.

     

    Processing activities constitute our legitimate interests.  We consider and balance the potential impact on your rights before we process your personal information for our legitimate interests.  We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent, or we are otherwise required to perform a contract or by law).

    We will use your personal information only for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose.  For example, we consider deidentification, aggregation, and anonymization of personal information to be compatible with the purposes listed above and in your interest, because the deidentification, aggregation, and anonymization of such information reduces the likelihood of improper disclosure of that information.

    PLEASE NOTE WE MAY PROCESS YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY LAW.

    8.2 Retention. Inari retains your personal information:

    • For so long as needed to provide you with the Site or to fulfill our contractual obligations;
    • As necessary to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements; and
    • For so long as is necessary for the purposes for which we collected such personal information.

    8.3 Your Rights. European data protection laws give you certain rights regarding your personal information.  You may ask us to take the following actions in relation to your personal information that we hold:

    • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
    • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
    • Correct. Update or correct inaccuracies in your personal information.
    • Restrict. Restrict the processing of your personal information.
    • Object. Object to our reliance on our lawful basis as the basis of our processing of your personal information that impacts your rights.
    • Delete. Delete your personal information.

    When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.

    If you are a European resident and would like to exercise any of these rights, please submit your request to the address listed in the section titled “CONTACTING US” below.  If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection authority in your jurisdiction.  You can find your data protection regulator here

    9. RESIDENTS OF CALIFORNIA

    The following applies to residents of California.

    9.1 Notice to California Residents. In the preceding 12 months, we have collected the following categories of personal information: Individual Identifiers and Demographic Information, Commercial Information, and Internet or Network Activity.  For examples of the precise data elements that we collect and the sources of such collection, please see “Collection of Personal Information” above.  We collect personal information for the business and commercial purposes described in the “Use of Personal Information” section above.  We share personal information with the categories of third parties described in the “Sharing of Personal Information” section above.

    We must disclose whether the following categories of personal information are disclosed for a “business purpose” or “valuable consideration” as those terms are defined under California law.  Note that while a category below may be marked, that does not necessarily mean that we have personal information in that category about you.  In the preceding twelve months, we have disclosed the following categories of personal information in the manner described.

    Category Personal Information is Disclosed for a Business Purpose Personal Information is Disclosed for Valuable Consideration
    A. Individual Identifiers and Demographic Information Yes No
    B. Commercial Information Yes No
    C. Internet or Network Activity Yes No

    9.2 Notice of Disclosure for Direct Marketing. Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with Inari are entitled to ask us for a notice describing what categories of personal information we share with third parties for their direct marketing purposes.  This notice will identify the categories of information shared with and will include a list of the third parties with which it is shared, along with their names and addresses.  If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the section titled “CONTACTING US” below.

     

    10. EXERCISING YOUR PRIVACY RIGHTS

    When exercising the rights or options described in this Privacy Policy, the following guidelines apply:

    10.1 No Fee Usually Required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights).  However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive if permitted by applicable law.

    10.2 What We May Need from You. When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity.  This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

    10.3 Time to Respond. We try to respond to all legitimate requests within 30 days of your request.  Occasionally it may take us longer than 30 days to respond, for instance if your request is particularly complex or you have made a number of requests.  In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.

    10.4 No Discrimination. You will not be subject to discrimination as a result of exercising the rights described herein.  In some cases, when you exercise one of your rights, we will be unable to comply with the request due to legal obligations or otherwise, or we will be unable to provide you certain products or services.  These responses are not discrimination and our reasons for declining your request or ceasing services will be provided at that time.

    10.5 Authorized Agent. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide the requester’s proof of identification and the authorized agent’s proof of identification.

    11. CONTACTING US

    If you have any questions or concerns about our Privacy Policy or any other privacy or security issue, please contact us at:

    Inari
    Attn: Inari Privacy Agent
    9 Parker, Suite 100, Irvine, CA 92618
    info@inarimedical.com 

     

    Last Revised: December 7, 2020