Effective November 1, 2020
We value your privacy, and are committed to protecting your personal information. Please review this Policy in order to understand how we collect, use, and share personal information.
Personal Information We Collect About You
“Personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, deidentified, or aggregated.
The categories of Personal Information we collect include:
- Identifiers such as your name, address, zip code, telephone number, email address, date of birth, and IP address;
- Membership in a protected class, including sex and age;
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Biometric information, such as x-rays;
- Information relating to internet and other electronic network activity, including browsing history, search history and information regarding your interactions with our websites, Services, or advertisements;
- Geolocation data;
- Audiovisual information;
- Professional and employment-related information;
- Information about your medical conditions, treatment, payment, and insurance coverage;
- Inferences from any of the above that may reflect your preferences, characteristics, trends, predispositions, behavior, or attitudes.
Patient Health Information
In performing our core functions, we are not a covered entity or a business associate as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”). However, we routinely conduct business with medical practices, and as a result, situations arise when we may receive and store identifiable patient health information. We do so in accordance with applicable laws, rules and regulations, including those under HIPAA and the HITECH Act. For more information on your healthcare provider’s information-sharing practices, please contact the provider’s office.
How We Collect Personal Information
We collect your personal information through various means, including when you directly provide information to us, from your healthcare providers, and when we automatically collect information about you through your use of our Services.
Information You Provide to Us
We may collect personal information you provide directly to us, including:
When you, or someone on your behalf:
- Submit information through our website;
- Submit information to us via email, telephone, or online chat;
- Complete an assessment to determine if you are a candidate for our products/services;
- Register or maintain an account with us;
- Register for one of our webinars, meetings, presentations, or conferences;
- Submit a Patient Story, testimonial, photo, or video to us;
- Post comments to our online communities;
- Do business with us as a medical provider or practice;
- Apply for employment with us;
- Obtain technical support or speak with our customer service representatives;
- Participate in a survey, marketing promotion; or
- Connect with us via social media.
Information We Collect Automatically
In addition to information you provide to us, we and our agents, vendors, business partners, and consultants (collectively “Service Providers”) may collect information automatically about our Services and how you use them. Examples of the types of personal information collected automatically when using the Services include:
- IP address;
- Browser type and language, operating system, access time, duration of visit, and referring website address;
- The pages you view within our websites, search terms you enter, and other actions you take while visiting us;
- The pages you view immediately before and after you access our Services;
- Information related to whether you’ve opened an email or clicked on a link contained in an email;
- Information from a referring source (an advertising site, a blog, a social media site, etc.);
- Information from surveys and promotions;
- Information from content you post or share publically on discussion forums or other social media pages (including the content you post, your name, and a link to your profile) may be shared across our Services and in other public or private areas of the Internet.
Cookies and Tracking Technologies
How We Use Personal Information
We use your Personal Information for the following purposes:
- To help you determine if you may be a candidate for our products/services;
- To assist you with finding a doctor qualified to perform a procedure using our products/services;
- To respond to questions, requests, and comments from you;
- To provide you with downloadable information about our products/services;
- To send educational information about bunions and our products/services;
- To send promotional offers and advertisements regarding our products/services;
- To operate and improve our websites and Services;
- For customer service, security, and to detect, prevent and mitigate fraudulent, harmful or illegal activities;
- For purposes of hiring and employment with us;
- We may aggregate or de-identify your Personal Information so that it can no longer be linked to you. Aggregated/de-identified information may be used for any purpose.
How We Share Your Personal Information
We share Personal Information internally among our websites, and with our contractors, business partners, physician network and Service Providers. We may also share Personal Information if necessary for legal reasons, or to protect the rights, privacy, safety or security of you, us, our Services or websites. We do not sell Personal Information.
Ads on Third-Party Sites
We share personal information with third-party sites (such as Google, Facebook, Instagram, LinkedIn, YouTube, and Twitter) to market our products and services to you while you are browsing the internet or using social media. For more information on how these sites use your personal information to target advertising to you, please visit their websites.
Public Forums, Testimonials, and Patient Stories
We offer features on our websites that allow users to connect and share their stories. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these communities or sharing your information, photos, or videos with others.
Please be aware that any Personal Information you choose to submit in any Patient Stories, communities, forums, or reviews can be read, collected, or used by others, and could be used to send unsolicited messages to you. Despite our safety and privacy controls, we cannot guarantee that you will not encounter inappropriate or illegal conduct from others when using the Services. You can help us to make our websites (including public forums) welcoming for all users by reporting any offensive or unwelcome conduct to us.
We may engage our Service Providers to assist in providing community services to you.
Some of our websites offer an online chat feature where you can ask questions and get real-time answers about our products/services. We use service providers to help us run our online chat feature. If you choose to use this feature, the content of the chat messages, as well as your name, email address, and other personal information you provide, may be shared with our chat service providers.
Our Websites Are Not Intended for Children
Our websites are not intended for children nor targeted to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16. If we learn that we possess information from a child under the age of 16, we will delete such information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws. If you are a parent or guardian and you believe that your child under the age of 16 has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org.
From time to time, we and our Service Providers may send you email communications marketing our Services. You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or by sending us a request to unsubscribe to email@example.com. If you opt-out of receiving our marketing email communications, we may still send you email messages related to your account with us, including specific transactions or interactions with our Services.
Do Not Track
We do not currently have the technology to automatically respond to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms
Our Service Providers, such as Google, may collect data that relates to you on our websites, across time, and over other websites. Their responsiveness to do-not-track signals is governed by their privacy policies. You also may limit certain tracking by disabling cookies in your web browser. For more information on Do Not Track, please visit https://allaboutdnt.com/.
We have implemented appropriate and reasonable physical, technical, and administrative safeguards to help prevent unauthorized access to, use of, and disclosure of, your Personal Information. However, there is no perfect security, and we cannot guarantee the security of your Personal Information. You are responsible for maintaining the secrecy of any credentials used to access your account with us and you should report suspected unauthorized activity to us immediately.
Your California Privacy Rights
If you are a resident of California, your right to submit certain requests relating to your personal information is described below. Please note that when submitting a request, you will be asked to provide information to verify your identity before action is taken. You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below.
Right to Opt Out of the Sale of Your Personal Information
California residents have the right to opt out of the sale of their personal information. However, since we do not sell Personal Information, there is no need to submit such a request to us. If you have any questions, please reach out to us by email at firstname.lastname@example.org or by calling us at 1-877-360-3232.
Right to Request More Information
If you are a California resident, you have the right to request more information regarding the following, to the extent applicable:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- Our business or commercial purposes for collecting your personal information;
- The categories of third parties with which we share your personal information;
- The categories of personal information that we disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information;
- The specific pieces of personal information we have collected about you;
- A list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.
You may submit a request for the information above via email to email@example.com or by calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can and no later than legally required.
Right to Request Deletion of Your Personal Information
California residents also have the right to request that we delete your Personal Information collected or maintained by us. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records, and we will direct any Service Providers (such as Google Analytics) that may have collected personal information about you through our websites to delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct Service Providers to delete your Personal Information from their records. For example, if we need to: (1) retain your Personal Information to complete a transaction or provide services; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; or (5) comply with a legal obligation. You may submit a request to delete your personal information by via email to firstname.lastname@example.org or calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
Verification of Requests for Further Information or to Delete Personal Information
Upon submission of a request for information or a request to delete information, we will take reasonable steps to confirm that the person submitting the request to know or request to delete is the person to whom the information relates, and to prevent unauthorized access or deletion of information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the robustness of personal information provided to verify your identity, the nature of our business relationship with you, and available technology for verification.
We will generally try to avoid requesting additional information from you for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law.
The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
- Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.
Right to Non-Discrimination for the Exercise of Your Privacy Rights
If you choose to exercise any of the privacy rights conferred by the California Consumer Privacy Act of 2018, you also have the right not to receive discriminatory treatment by us. This means that, consistent with California law, we will not deny providing our services to you, charge you different prices or provide a different level or quality of services to you unless those differences are related to the value of your personal information.
Nevada Privacy Notice
Nevada law provides that Nevada residents may opt-out of the “sale” of “covered information” to third parties, including but not limited to name, address, social security number, and online service activity. Our uses of your Personal Information are not sales under Nevada law, so no opt-out is required.
How to Contact Us
If you have any comments or questions about how we collect and use your Personal Information, communications can be submitted to our postal address, via email to email@example.com, or by calling us at 1-877-360-3232.
Treace Medical Concepts, Inc.
203 Fort Wade Road, Suite 150
Ponte Vedra, FL 32081