Effective August 30, 2021
We value your privacy and are committed to protecting your personal information. Please review this Policy in order to understand how we collect, use, and share personal information.
Personal Information We Collect About You
“Personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, deidentified, or aggregated.
The categories of Personal Information we collect include:
- Identifiers such as your name, address, zip code, telephone number, email address, date of birth, and IP address;
- Membership in a protected class, including sex and age;
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Biometric information, such as x-rays;
- Information relating to internet and other electronic network activity, including browsing history, search history and information regarding your interactions with our websites, Services, or advertisements;
- Geolocation data;
- Audiovisual information;
- Professional and employment-related information;
- Information about your medical conditions, treatment, payment, and insurance coverage;
- Inferences from any of the above that may reflect your preferences, characteristics, trends, predispositions, behavior, or attitudes.
Patient Health Information
In performing our core functions, we are not a covered entity or a business associate as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”). However, we routinely conduct business with medical practices, and as a result, situations arise when we may receive and store identifiable patient health information. We do so in accordance with applicable laws, rules and regulations, including those under HIPAA and the HITECH Act. For more information on your healthcare provider’s information-sharing practices, please contact the provider’s office.
How We Collect Personal Information
We collect your personal information through various means, including when you directly provide information to us, from your healthcare providers, and when we automatically collect information about you through your use of our Services.
Information You Provide to Us
We may collect personal information you provide directly to us, including:
When you, or someone on your behalf:
- Submit information through our website;
- Submit information to us via email, telephone, online chat or the Patient Call Center;
- Complete an assessment to determine if you are a candidate for our products/services;
- Register or maintain an account with us;
- Register for one of our webinars, meetings, presentations, or conferences;
- Submit a Patient Story, testimonial, photo, or video to us;
- Post comments to our online communities;
- Do business with us as a medical provider or practice;
- Apply for employment with us;
- Obtain technical support or speak with our customer service representatives;
- Participate in a survey or marketing promotion; or
- Connect with us via social media.
Information We Collect Automatically
- IP address;
- Browser type and language, operating system, access time, duration of visit, and referring website address;
- The pages you view within our websites, search terms you enter, and other actions you take while visiting us;
- The pages you view immediately before and after you access our Services;
- Information related to whether you’ve opened an email or clicked on a link contained in an email;
- Information from a referring source (an advertising site, a blog, a social media site, etc.);
- Information from surveys and promotions;
- Information from content you post or share publicly on discussion forums or other social media pages (including the content you post, your name, and a link to your profile) may be shared across our Services and in other public or private areas of the Internet.
Cookies and Tracking Technologies
How We Use Personal Information
We use your Personal Information for the following purposes:
- To help you determine if you may be a candidate for our products/services;
- To assist you with finding a doctor qualified to perform a procedure using our products/services;
- To assist you in arranging appointments with the doctor that you select;
- To respond to questions, requests, and comments from you;
- To provide you with downloadable information about our products/services;
- To send educational information about bunions and our products/services;
- To send promotional offers and advertisements regarding our products/services;
- To operate and improve our websites and Services;
- For customer service, security, and to detect, prevent and mitigate fraudulent, harmful or illegal activities;
- For purposes of hiring and employment with us;
- We may aggregate or de-identify your Personal Information so that it can no longer be linked to you. Aggregated/de-identified information may be used for any purpose.
How We Share Your Personal Information
We share Personal Information internally among our websites, and with our contractors, business partners, physician network and Service Providers. We may also share Personal Information if necessary for legal reasons, or to protect the rights, privacy, safety or security of you, us, our Services or websites. We do not sell Personal Information.
Ads on Third-Party Sites
We share personal information with third-party sites (such as Google, Facebook, Instagram, LinkedIn, YouTube, and Twitter) to market our products and services to you while you are browsing the internet or using social media. For more information on how these sites use your personal information to target advertising to you, please visit their websites.
Public Forums, Testimonials, and Patient Stories
We offer features on our websites that allow users to connect and share their stories. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these communities or sharing your information, photos, or videos with others.
Please be aware that any Personal Information you choose to submit in any Patient Stories, communities, forums, or reviews can be read, collected, or used by others, and could be used to send unsolicited messages to you. Despite our safety and privacy controls, we cannot guarantee that you will not encounter inappropriate or illegal conduct from others when using the Services. You can help us to make our websites (including public forums) welcoming for all users by reporting any offensive or unwelcome conduct to us.
We may engage our Service Providers to assist in providing community services to you.
Some of our websites offer an online chat feature where you can ask questions and get real-time answers about our products/services. We use service providers to help us run our online chat feature. If you choose to use this feature, the content of the chat messages, as well as your name, email address, and other personal information you provide, may be shared with our chat Service Providers.
Lapiplasty® Patient Call Center
Some of our websites offer a phone number, online appointment form or other ways to interact where you can ask questions and get answers about our products/services or request an appointment with the doctor that you select using the “Find a Lapiplasty® Doctor” tool. We use Service Providers to help us run this Patient Call Center. If you choose to use the Patient Call Center, the content of your conversations or online forms or other interactions, as well as your name, phone, email address, insurance information and other personal information you provide, may be shared with our Patient Call Center Service Providers and with the office of the doctor that you select through the “Find a Doctor” tool.
Our Websites Are Not Intended for Children
Our websites are not intended for children nor targeted to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16. If we learn that we possess information from a child under the age of 16, we will delete such information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws. If you are a parent or guardian and you believe that your child under the age of 16 has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org.
From time to time, we and our Service Providers may send you email communications marketing our Services. You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or by sending us a request to unsubscribe to email@example.com. If you opt-out of receiving our marketing email communications, we may still send you non-marketing email messages related to your account with us, including specific transactions or interactions with our Services.
Opting Out of Commercial Phone and Text Communications
By choosing to provide us with your mobile phone number, you have provided us, our Service Providers, and the doctors you select through the “Find a Doctor” tool with express written consent to send you marketing text messages and phone calls.
You may opt-out of receiving marketing text messages and phone calls regarding the Lapiplasty® procedure at any time by sending us a text message from your mobile phone with any of the following words: STOP, STOP ALL, END, QUIT, CANCEL or UNSUBSCRIBE. Once you opt-out, you will no longer receive any automated marketing phone calls or text message from us. However, we reserve the right to send you a final text message to confirm that you have unsubscribed. You may also unsubscribe from receiving automated marketing communications by notifying us by email at firstname.lastname@example.org. For more information regarding our text messaging and alerts, please contact us at email@example.com or 1-877-360-3232.
If you opt-out of receiving our marketing calls or text messages, we may still send you text messages or call you for non-marketing purposes, including but not limited to providing you information regarding your account with us, appointment reminders, educational information, and specific transactions or interactions with our Services.
Do Not Track
We do not currently have the technology to automatically respond to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms
Our Service Providers, such as Google, may collect data that relates to you on our websites, across time, and over other websites. Their responsiveness to do-not-track signals is governed by their privacy policies. You also may limit certain tracking by disabling cookies in your web browser. For more information on Do Not Track, please visit https://allaboutdnt.com/.
We have implemented appropriate and reasonable physical, technical, and administrative safeguards to help prevent unauthorized access to, use of, and disclosure of, your Personal Information. However, there is no perfect security, and we cannot guarantee the security of your Personal Information. You are responsible for maintaining the secrecy of any credentials used to access your account with us and you should report suspected unauthorized activity to us immediately.
Your California Privacy Rights
If you are a resident of California, you have the right under the California Privacy Rights Act of 2020 (CPRA) and California Consumer Privacy Act of 2018 to submit certain requests relating to your personal information as described below. Please note that when submitting a request, you will be asked to provide information to verify your identity before action is taken. You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below.
Right to Know and Access Information
If you are a California resident, you have the right to request information regarding the following, to the extent applicable:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- Our business or commercial purposes for collecting your personal information;
- The categories of third parties with which we share your personal information;
- The categories of personal information that we disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information;
- The specific pieces of personal information we have collected about you;
- A list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.
You may submit a request for the information above via email to firstname.lastname@example.org or by calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can and no later than legally required.
Right to Request Deletion of Your Personal Information
California residents also have the right to request that we delete your Personal Information collected or maintained by us Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records, and we will direct any Service Providers (such as Google Analytics) that may have collected personal information about you through our websites to delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct Service Providers to delete your Personal Information from their records. For example, if we need to: (1) retain your Personal Information to complete a transaction or provide services; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; or (5) comply with a legal obligation (e.g. a statute that requires that the business maintain documentation relating to the consumer such as maintain “Do Not Call Lists” under the TCPA). You may submit a request to delete your personal information by via email to email@example.com or calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
Verification of Requests for Information or to Delete Personal Information
Upon submission of a request for information or a request to delete information, we will take reasonable steps to confirm that the person submitting the request to know or request to delete is the person to whom the information relates, and to prevent unauthorized access or deletion of information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the robustness of personal information provided to verify your identity, the nature of our business relationship with you, and available technology for verification.
We will generally try to avoid requesting additional information from you for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law.
The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
- Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.
Right to Non-Discrimination for the Exercise of Your Privacy Rights
We will not discriminate against you for choosing to exercise any of the privacy rights conferred by the CPRA. This means that, we will not deny you goods or services, charge you different prices or rates, or provide you a different quality of services unless those differences are related to the value of your personal information.
Rights under California’s Shine the Light Statute
Under California Civil Code Section 1798.83, California consumers can request information relating to whether a business has disclosed Personal Information to any third-parties for the third-parties’ direct marketing purposes. Treace will not sell or transfer your Personal Information to third-party companies for their direct marketing purposes without your consent.
Nevada Privacy Notice
Nevada law provides that Nevada residents may opt-out of the “sale” of “covered information” to third parties, including but not limited to name, address, social security number, and online service activity. Our uses of your Personal Information are not sales under Nevada law, so no opt-out is required.
How to Contact Us
If you have any comments or questions about how we collect and use your Personal Information, communications can be submitted to our postal address, via email to firstname.lastname@example.org, or by calling us at 1-877-360-3232.
Treace Medical Concepts, Inc.
203 Fort Wade Road, Suite 150
Ponte Vedra, FL 32081