Vapotherm Access Privacy Policy

LAST UPDATED July 16, 2021

We at Vapotherm Access respect your privacy, and we are committed to protecting it through our compliance with this policy (this “Privacy Policy”). This Privacy Policy describes the types of information we may collect from or about you, including when you visit Vapotherm Access (via the website www.vapothermaccess.com and its related sub-domains and subsites (collectively, our “Website”), our related  mobile device applications (the “App”) and any other related content, software, applications, materials and/or services, including our Website (collectively, the “Platform”)) offered by Vapotherm Access and/or its affiliates (collectively, the “Company,” “us,” or “we”), including how we use, maintain, protect, and disclose that information.

This Privacy Policy applies to information we collect, use, share, and otherwise process in connection with:

  • your use of the Platform and any other sites where this Privacy Policy is posted;
  • e-mail and other electronic messages between you and the Company.

Together, we refer to these activities as the “Services.”

This Privacy Policy applies only to the information collected in connection with the Services. Please read this Privacy Policy carefully to understand our policies and practices regarding your information.  If you do not agree with our policies and practices, your choice is not to use our Services.  By accessing our Website and/or the Platform and using the Services, you acknowledge this Privacy Policy.

WHAT INFORMATION WE COLLECT

Information We Collect Directly from You

We collect certain information directly from you, including your:

  • account information, such as your first and last name, mailing address, telephone number, and email address when you create an account;
  • health-related information, such as information you upload related to your health and medical history, as well as information uploaded by your provider to the Platform; and
  • location data, when you use the Services from your mobile device, if you give us permission to do so.

Information that We Collect Automatically 

We also collect certain information automatically from you. We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

We and the third parties we work with use cookies and similar tracking technologies to collect information about your use of the Services, such as your IP address, browser type, browser version, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Platform and other websites and platforms, provide customer support, troubleshoot issues with and improve the operation of our Website, Platform and Services, and better understand your online activity.

If you do not want a cookie placed on your hard drive or mobile device, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept cookies from us, the Website, Platform and/or Services may not function properly.

HOW WE USE YOUR INFORMATION

We may use your personal information for various purposes, including:

  • To provide, maintain, and improve our Services, including to facilitate your use of the Services.
  • To notify you about changes to our Services.
  • To allow you to participate in interactive features of our Services when you choose to do so.
  • To provide customer support.
  • To monitor usage of the Services.
  • To detect, prevent, and address technical issues.
  • To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to the Services.
  • To help us deliver targeted advertising including to consumers directly and through unaffiliated advertising partners, to measure the effectiveness of advertising on behalf of our advertising partners, and to identify the audience most likely to respond to an advertisement.
  • To comply with legal and/or regulatory requirements and cooperate with regulators and law enforcement bodies.
  • To protect our rights, your rights, and the rights of others, and to meet our own high standards of business practice.

HOW WE SHARE YOUR INFORMATION

We share your personal information that we have collected with the following persons/entities and in the following circumstances:

  • Third Party Service Providers.  We may share personal information with our vendors and service providers who perform services on our behalf.  These entities may also collect your personal information on our behalf.  We also engage third-party analytics providers to help us understand how users engage with the Platform.  These analytics providers may use cookies and similar technologies to collect information about your use of the Platform as well as information about your use of other websites and platforms over time.  We do not permit these parties to use your information except to provide services to us or otherwise as permitted by law.
  • Legal Compliance and the Protection of Our Rights. We will share information with regulators, government authorities, and third parties where we believe it is necessary to comply with a court order, subpoena, or regulatory request.  We may disclose information when we believe in good faith that such disclosures will support our detection of, prevention of, or response to fraud or intellectual property infringement; help protect your safety or security; or protect the safety and security of the Website, the Platform, the Services, or any individual.
  • Transfer of Business Assets. As we continue to develop our business, we might acquire or buy other businesses or assets.  In such transactions, customer information generally is one of the transferred business assets.  Also, we may transfer any information we have about you as an asset to third parties in connection with the consideration, negotiation, or completion of a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of our Company, or as part of a corporate reorganization or stock sale or other change in corporate control, for the purposes of such third parties carrying on our business in relation to the continued provision of our services to you as described in this Privacy Policy.
  • Company Affiliates.  We share information with our affiliates, parents and subsidiaries for the purposes described in this Privacy Policy. For more information about our affiliates, parents and subsidiaries, please contact us at compliance@hgehealth.com.

SECURITY AND DATA RETENTION 

We have implemented safeguards to help secure your personal information.  Despite these protections, however, we cannot guarantee that your data will never be compromised.  You should take measures to protect your personal information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.  Please note that it is the responsibility of account holders to ensure that their passwords are sufficiently complex and are kept secure.

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy.  When determining how long to keep your personal information after our relationship with you has ended, we take into account how long we need to retain the information to fulfill the purposes described above and to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

CHOICES AND ACCESS

If you do not want to receive marketing-related emails or other types of messages from us on a going-forward basis, you may opt-out by following the instructions in the relevant electronic communication. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative and Service or transaction-related messages, which you cannot opt-out of.

CHILDREN

The Services are not intended for children under 16 years of age.  We do not knowingly collect personal information from children under 16.  If you are under 16, do not use or provide any information on this Platform or provide any information about yourself to us through the Services.  If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.  If you believe we might have any information from or about a child under 16, please contact us at compliance@hgehealth.com.

IMPORTANT NOTICE TO NON-U.S. RESIDENTS

The Website, the Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By accessing the Website and/or the Platform and using the Services, and/or providing us with any information, you consent to this transfer.

EXTERNAL WEBSITES

Our Website or Platform may contain links to other sites or products that we do not own or operate.  Also, links to the Website or Platform may be featured on third party websites on which we advertise.  Except as provided herein, we will not provide any of your personal information to these third parties without your consent.  We provide links to third party websites as a convenience to the user.  These links are not intended as an endorsement of or referral to the linked websites.  We recommend you read carefully the privacy statements, notices and terms of use of any linked websites.  We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use, disclose, secure, or otherwise treat your personal information.

UPDATES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time.  The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised.  Any changes will become effective when we post the revised Privacy Policy.  Use of the Services following these changes, or your continued provision of personal information to us, signifies acceptance of the revised Privacy Policy.

CONTACTING US 

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at.

Mailing address:

HGE Health Care Solutions, LLC
1301 Virginia Drive, Suite 100
Fort Washington, PA  19034
Attn: Customer Care

E-mail: compliance@hgehealth.com

Phone:  (888) 410-6230, option 6

 

CALIFORNIA CONSUMER PROTECTION ACT OF 2018

The following information applies solely to our customers, potential customers and end users of our products and services and others who reside in the State of California (here referred to as “Consumers”). We have adopted this Policy to comply with the California Consumer Protection Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA will hold the same meaning when used in this notice.

Categories of Information Collected

We collect Information that identifies, relates to, describes, reference, is capable of being associated with, or could reasonable be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the following categories of Personal Information from Consumers within the last 12 months:

Category Examples Collected
  1. Identifiers
Real name, alias, postal address, unique personal identifier, online identifier, email address, IP address, account name, Social Security Number, driver’s license number, passport number, or other similar identifiers.  YES
  1. Personal Information listed under California Customer Records statue (Cal. Civ. Code § 1798.80(e)).
Name, signature, address, telephone number, employment, employment history, bank account number, credit card number, debit card number, financial Information  YES
  1. Legally protected classification characteristics under California or federal law.
Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status, genetic Information (including familial genetic Information) NO
  1. Commercial Information.
Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.  YES
  1. Biometric Information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying Information, such as fingerprints, faceprints, and voice prints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health or exercise data. NO
  1. Internet or other similar network activity.
Browsing history, search history, Information on a consumer’s interaction with a Website application or advertisement.  YES
  1. Sensory Data.
Audio files of recorded calls to Customer & Technical Support. YES
  1. Geolocation Data.
Physical Location or movements.  NO
  1. Non-public professional or employment-related Information.
Current or past job history or performance evaluations.  NO
  1. Non-public education Information (per the Family Education Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R)
Education records directly related to a student maintained by an educational institution or party acting on behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial Information, or student disciplinary records. NO
  1. Inferences drawn from other Personal Information to profile
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.  YES

Personal Information does not include publicly available information for government records, de-identified or aggregated consumer data, or information excluded from the CCPA’s scope (such as medical data or clinical trial data).

Disclosure of Information

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

  • Category A: Identifiers.
  • Category B: California Customer Records Personal Information categories.
  • Category C: Legally protected classification characteristics under California or federal law.
  • Category D: Internet or other similar network activity.
  • Category E: Sensory Data.
  • Category G: Profile reflecting persons preferences.

Vapotherm does not sell, rent, or lease Personal Data. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

Your Rights & Choices as a California Consumer

Consumer Rights

The CCPA provides Consumers with specific rights regarding their Personal Information. The rights including the right to request access to, and rectification, or erasure of your Personal Information, or to restrict or object to such disclosure of Personal Information.

  • Access: A Consumer can request access to or copies of the Consumer’s Personal Information that we have collected and/or used over the past 12 months for personal use including knowledge on the categories of data we hold, how we obtained it, how it was used. A Consumer can also request information about the categories of service providers who may have received the Consumer’s Personal Information to provide services to us.
  • Deletion: A Consumer may request in certain circumstances that we erase or delete the Consumer’s Personal Information unless we have a legal obligation to continue to hold it or otherwise are permitted by applicable law to retain it. However, we may deny the deletion request if retain the information is necessary to:
    • Complete the transaction for which We collected the information, provide a good or service the Consumer requested, take actions reasonably anticipated within the context of our on-going business relationship to the Consumer, or otherwise perform our contract with the Consumer.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for such activities.
    • Debug products to identify and repair errors that impair existing intended functionality.
  • “Shine the Light”: California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the below information.

Exercising Consumer Rights
A Consumer can exercise rights to access, portability, deletion, and restriction of processing, by submitting a verifiable Consumer request to us by either:

Please note that once a Consumer contacts us by email, we will request additional information and documents from the Consumer, including certain Personal Information, in order to authenticate and validate the Consumer’s identity and process your request. Such additional information will be then retrained by us for legal purposes. Vapotherm cannot respond to a Consumer request or provide a Consumer with any Personal Information if we cannot verify the Consumer’s identity or authority to make such request.

Please note that only the Consumer or a person registered with the California Secretary of State that the Consumer has authorized to act on the Consumer’s behalf, may make a Consumer request related to the Consumer’s Personal Information. A Consumer may also make a verifiable Consumer request on behalf of a minor child for which the Consumer has appropriate parental or guardianship rights.

Response and Timing
Vapotherm will acknowledge the receipt of a verifiable Consumer request within ten (10) days after receipt of request. Vapotherm will endeavor to respond to a verifiable Consumer request within thirty 30 days after its receipt. If we require more time to properly respond to the request (not to exceed 90 days), we will inform the Consumer of the reason and extension period in writing, by mail or email. Any disclosures provided will only cover a twelve (12) month period preceding the date of the verifiable Consumer request’s receipt.

If Vapotherm cannot respond to a request, we will explain the reasons we cannot comply with the request in writing, by mail or email.

For data portability requests, we will select a format to provide the Personal Information that is usable and should allow the Consumer to transmit the information from one entity to another.

Non-Discrimination

Vapotherm will not discriminate against Consumers for exercising any CCPA rights. Unless permitted by CCPA, we will not deny a Consumer goods or services or provide a Consumer a different level of goods or services.

Contact Information 

If you have questions or concerns about this Policy or any matter referred to herein, please contact us by email to: compliance@hgehealth.com or by mail to: HGE Health Care Solutions, LLC, 1301 Virginia Drive, Suite 100, Fort Washington, PA  19034 Attn: Customer Care.