Vapotherm Access Privacy Policy

LAST UPDATED January 28, 2022

We at Vapotherm Access respect your privacy, and we are committed to protecting it through our compliance with this policy (this “Privacy Policy”). This Privacy Policy describes the types of information we may collect from or about you, including when you visit Vapotherm Access (via the website www.vapothermaccess.com and its related sub-domains and subsites (collectively, our “Website”), our related  mobile device applications (the “App”) and any other related content, software, applications, materials and/or services, including our Website (collectively, the “Platform”)) offered by Vapotherm Access and/or its affiliates (collectively, the “Company,” “us,” or “we”), including how we use, maintain, protect, and disclose that information.

This Privacy Policy applies to information we collect, use, share, and otherwise process in connection with:

• your use of the Platform and any other sites where this Privacy Policy is posted, including telehealth services you may receive via the Platform through physicians, other licensed healthcare professionals and providers of healthcare services ("Providers");
• e-mail and other electronic messages between you and the Company.

Together, we refer to these activities as the “Services.”

This Privacy Policy applies only to the information collected in connection with the Services. Please read this Privacy Policy carefully to understand our policies and practices regarding your information.  If you do not agree with our policies and practices, your choice is not to use our Services.  By accessing our Website and/or the Platform and using the Services, you acknowledge this Privacy Policy.

Please note that we provide you with access to the Platform, but we are not a healthcare provider and do not provide professional medical services, mental health care or other healthcare services. To the extent you receive telehealth services via the Platform through Providers who are “covered entities” as such term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), the Provider will provide its HIPAA Notice of Privacy Practices to you, which describes how the Provider uses and disclosure your “protected health information” or “PHI” (as such term is defined under HIPAA), as well as your rights with respect to such PHI. When we receive PHI in the course of performing services for a HIPAA covered entity, we use and disclose it in accordance with our obligations as a business associate under HIPAA, our contractual obligations to such covered entity and in accordance with your authorization.

WHAT INFORMATION WE COLLECT

Information We Collect About You

We collect certain information directly from you and/or from third parties, including your:

• account information, such as your first and last name, mailing address, telephone number, and email address when you create an account;
• health-related information, such as information you upload related to your health and medical history, as well as information uploaded by any Providers to the Platform;
• other information you provide, when you access or use the Services and each time you interact with the Services or otherwise with us, for example, when you update Information in Platform, communicate with us by telephone or email; 
• payment information, such as your bank account, credit or debit card information, and billing address; and
• location data, when you use the Services from your mobile device, if you give us permission to do so.

Information that We Collect Automatically

We also collect certain information automatically from you. We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

We and the third parties we work with use cookies and similar tracking technologies to collect information about your use of the Services, such as your IP address, browser type, browser version, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Platform and other websites and platforms, provide customer support, troubleshoot issues with and improve the operation of our Website, Platform and Services, and better understand your online activity.

If you do not want a cookie placed on your hard drive or mobile device, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept cookies from us, the Website, Platform and/or Services may not function properly.

HOW WE USE YOUR INFORMATION

We may use your personal information for various purposes, including:

• To provide, maintain, and improve our Services, including to facilitate your use of the Services.
• To notify you about changes to our Services.
• To allow you to participate in interactive features of our Services when you choose to do so.
• To process your payment and provide you with Services through the Platform.
• To provide customer support.
• To monitor usage of the Services.
• To detect, prevent, and address technical issues.
• To create anonymized and aggregated data sets that may be used for a variety of functions, including internal analysis, analytics, and other functions.
• To communicate with you about the Services, and any health-related information that we have collected about you, and to provide you with news, special offers, and general information about the Services as well as other goods, services, and events that we offer that are similar to the Services.
• To help us deliver targeted advertising including to individuals directly and through unaffiliated advertising partners, to measure the effectiveness of advertising on behalf of our advertising partners, and to identify the audience most likely to respond to an advertisement.
• To comply with legal and/or regulatory requirements and cooperate with regulators and law enforcement bodies.
• To protect our rights, your rights, and the rights of others, and to meet our own high standards of business practice.
• To communicate with you to collect feedback about your experience with us, in order to improve our products and services.

HOW WE SHARE YOUR INFORMATION

We share your personal information that we have collected with the following persons/entities and in the following circumstances:

• Providers. We may share personal information, including health-related information with Providers in order for them to provide healthcare services to you.
• Third Party Service Providers.  We may share personal information with our vendors and service providers who perform services on our behalf, including payment processor vendors.  These entities may also collect your personal information on our behalf.  We also engage third-party analytics providers to help us understand how users engage with the Platform.  These analytics providers may use cookies and similar technologies to collect information about your use of the Platform as well as information about your use of other websites and platforms over time.  We do not permit these parties to use your information except to provide services to us or otherwise as permitted by law.
• Sharing with a Friend. We may share your personal information when you request our referral services to forward or share certain content with a friend, such as an email inviting a friend to use the Services or sharing certain content from the Services with a friend.
• Legal Compliance and the Protection of Our Rights. We will share information with regulators, government authorities, and third parties where we believe it is necessary to comply with a court order, subpoena, or regulatory request.  We may disclose information when we believe in good faith that such disclosures will support our detection of, prevention of, or response to fraud or intellectual property infringement; help protect your safety or security; or protect the safety and security of the Website, the Platform, the Services, or any individual.
• Transfer of Business Assets. As we continue to develop our business, we might acquire or buy other businesses or assets.  In such transactions, customer information generally is one of the transferred business assets.  Also, we may transfer any information we have about you as an asset to third parties in connection with the consideration, negotiation, or completion of a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of our Company, or as part of a corporate reorganization or stock sale or other change in corporate control, for the purposes of such third parties carrying on our business in relation to the continued provision of our services to you as described in this Privacy Policy.
• Company Affiliates.  We share information with our affiliates, parents and subsidiaries for the purposes described in this Privacy Policy. For more information about our affiliates, parents and subsidiaries, please contact us at compliance@hgehealth.com.

In addition, we may share anonymized and aggregated data sets to third parties to the extent not prohibited by and/or in accordance with applicable law. We may share aggregated information to develop and deliver targeted advertising to the extent permitted by law. We may also use this information for behavioral advertising and for web analytics to the extent permitted by law.

PAYMENTS

We use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their privacy policy. These payment processors adhere to the Payment Card Industry Data Security Standards (PCI-DSS) as managed by the Payment Card Industry Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

SECURITY AND DATA RETENTION 

We have implemented safeguards to help secure your personal information.  Despite these protections, however, we cannot guarantee that your data will never be compromised.  You should take measures to protect your personal information. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.  Please note that it is the responsibility of account holders to ensure that their passwords are sufficiently complex and are kept secure.

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy.  When determining how long to keep your personal information after our relationship with you has ended, we take into account how long we need to retain the information to fulfill the purposes described above and to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

CHOICES AND ACCESS

If you do not want to receive marketing-related emails or other types of messages from us on a going-forward basis, you may opt-out by following the instructions in the relevant electronic communication. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative and Service or transaction-related messages, which you cannot opt-out of.

CHILDREN

The Services are not intended for children under 16 years of age.  We do not knowingly collect personal information from children under 16.  If you are under 16, do not use or provide any information on this Platform or provide any information about yourself to us through the Services.  If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.  If you believe we might have any information from or about a child under 16, please contact us by calling our contact center at (888) 410-6230.

IMPORTANT NOTICE TO NON-U.S. RESIDENTS

The Website, the Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By accessing the Website and/or the Platform and using the Services, and/or providing us with any information, you consent to this transfer.

EXTERNAL WEBSITES

Our Website or Platform may contain links to other sites or products that we do not own or operate.  Also, links to the Website or Platform may be featured on third party websites on which we advertise.  Except as provided herein, we will not provide any of your personal information to these third parties without your consent.  We provide links to third party websites as a convenience to the user.  These links are not intended as an endorsement of or referral to the linked websites.  We recommend you read carefully the privacy statements, notices and terms of use of any linked websites.  We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use, disclose, secure, or otherwise treat your personal information.

UPDATES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time.  The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised.  Any changes will become effective when we post the revised Privacy Policy.  Use of the Services following these changes, or your continued provision of personal information to us, signifies acceptance of the revised Privacy Policy.

CONTACTING US 

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at.

Mailing address:

HGE Health Care Solutions, LLC
1301 Virginia Drive, Suite 100
Fort Washington, PA  19034
Attn: Customer Care

E-mail: compliance@hgehealth.com

Phone:  (888) 410-6230, option 6

 

PRIVACY POLICY ADDENDUM FOR CALIFORNIA RESIDENTS

Under the California Consumer Privacy Act (“CCPA”), California residents are afforded certain rights about the personal information (as such term is defined under the CCPA) we have collected about them, which we have described in more detail below. This addendum does not apply to “protected health information” or “PHI” that is governed by the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and all regulations promulgated thereunder (“HIPAA”) or “medical information” that is governed by the California Confidentiality of Medical Information Act (“CMIA”).

In the chart below, we have described the categories of Personal Information that we have collected and shared over the past twelve (12) months, the purposes for such collection and the types of entities with whom we have shared such information.

 

Categories of Personal Information	Sources of Information	Use of Information	Sharing of Information
Identifiers, including your name, postal address, email address, and telephone number. These data types also include “personal information,” as the term is defined by Cal. Civ. Code 1798.	We collect this information directly from you.	We use this information to: provide, maintain, and improve our Services; deliver products to you; respond to consumer inquiries; and personalize your online experience.	We share this information with service providers who help us provide, maintain, and improve our Services; deliver products to you; and personalize your online experience.
Internet or other electronic network activity information, such as IP addresses and cookies.	We collect this information automatically from your computer or device.	We use this information to provide, maintain, and improve our Services and to personalize your online experience.	We share this information with service providers who collect this information on our behalf to help us provide, maintain, and improve our Services and to personalize your online experience.
Audio, Electronic, Visual, Thermal, Olfactory or Similar Information	We collect this information directly from you or from your Provider(s).	We may record calls to our customer and technical support personnel or may record other calls / visits for your Provider(s), upon request by such Provider(s).	We share this information with your Provider(s) and with service providers who collect this information on our behalf to help us provide, maintain, and improve our Services and to personalize your online experience.
Geolocation data.	We collect this information from your device when you give us permission to do so.	We use this information to provide features of our Service and to improve and customize our Services.	We work with service providers who collect this information on our behalf to help us provide, maintain, and improve our Services and to personalize your online experience.
Inferences drawn from other Personal Information	We collect this information directly from you and/or collect this information from your device when you give us permission to do so.	We use this information to provide features of our Service and to improve and customize our Services.	We work with service providers who collect this information on our behalf to help us provide, maintain, and improve our Services and to personalize your online experience.

The Company does not, and during the past twelve (12) months did not, “sell” personal information of California residents (as such term is defined in the CCPA).

Rights under the CCPA 

If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.

Right to Know Request

Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:

1. the categories of personal information about you that we collected;
2. the categories of sources from which the personal information was collected;
3. the purpose for collecting personal information about you;
4. the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
5. the specific pieces of personal information we collected about you.

Right to Delete Request

Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.

“Shine the Light”: California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits users of our Website or the Platform who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the below information.

How to Exercise Your Rights

If you are a California resident to whom the CCPA applies, you may contact us to exercise your rights by either:

• calling us at (883) 234-1699
• sending an email to complianceadmin@vtherm.com

Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. We may need to collect information from you to verify your identity, such as your email address, government issued ID or date of birth. You may make a verifiable consumer request to access your personal information twice per twelve (12) month period. We aim to fulfill all verified requests within 45 days pursuant to the CCPA.  If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.

You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.