This Privacy Notice provides you with necessary information about the personal information we collect, how this information may be used by Spinal Elements, Inc. and our affiliates (collectively the “Company”), your privacy rights and the Company’s obligations in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”).
1. CONSUMER RIGHTS
1.1. RIGHT TO ACCESS
You have the right to access Personal Information (“PI”) which we may collect or retain about you. PI is a fact about an individual which may be used to enable others to identify the specific person to whom the facts apply. If requested, we shall provide you with a copy of your PI which we collect, as permitted by the CCPA/CPRA.
1.2. RIGHT TO KNOW
You have the right to request that we disclose the following about your PI, as defined by the CCPA/CPRA:
- The specific PI we may collect;
- The categories of PI we may collect;
- The categories of sources from which we may collect your PI;
- The business purpose(s) for collecting or sharing your PI;
- The categories of PI we may disclose for business purposes; and
- The categories of third parties to whom we may share your PI.
1.3. RIGHT TO OPT-OUT / DO NOT SELL MY PERSONAL INFORMATION
For purposes of the CCPA/CPRA, the Company does not sell or share personal information for monetary or other valuable consideration. We also do not share personal information for advertising purposes, including behavioral advertising.
1.4. DO NOT SHARE OR DISCLOSE MY SENSITIVE PERSONAL INFORMATION
Sensitive Personal Information (“SPI”) is a subset of PI that is defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual and therefore requires greater security protections and standards of care in handling. You have the right to limit how your SPI is disclosed or shared with third parties, as defined in the CCPA/CPRA.
Company does not sell or share SPI for monetary or other valuable consideration. We do not use sensitive personal information for profiling purposed or for inferring characteristics about individuals.
1.5. RIGHT TO DELETION
In certain circumstances, you have the right to request the erasure of your PI. Upon verifying the validity of a deletion request, we will delete your PI from our records, and instruct any service providers or third parties to delete your information, when applicable.
1.6. RIGHT TO CORRECT/RIGHT TO RECTIFICATION
In certain circumstances, you have the right to request correction of any inaccurate PI. Upon verifying the validity of a verifiable consumer correction request, we will use commercially reasonable efforts to correct your PI as directed, taking into account the nature of the PI and the purposes of maintaining your PI.
1.7. PLEASE NOTE
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
2. EXERCISING YOUR RIGHTS
You can exercise any of your rights as described in this Notice and under applicable privacy laws by using the contact information below. We will not discriminate against you for exercising such rights. Except as described in this Notice or provided for under applicable privacy laws, there is no charge to exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may:
- Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
- Refuse to act on the request and notify you of the reason for refusing the request.
3. VERIFYING CONSUMER REQUESTS
To protect you and your personal information, requests must (i) provide sufficient information for us to reasonably verify you are the person or an authorized representative of the person whose personal information is the subject of the request, and (ii) describe your request with sufficient detail for us to properly understand, evaluate, and respond to it.
If you use an authorized agent to submit a request on your behalf, we may verify both your and your agent’s identities as well as documentation authorizing your agent to act on your behalf. We will only use personal information collected during the verification process to verify your identity or your agent’s authority to make the request on your behalf.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm their identity.
4. PERSONAL INFORMATION (PI) WE COLLECT
We collect PI, including SPI, as necessary to enable us to carry out your instructions, to manage and operate our business, and to comply with our legal and regulatory obligations.
The PI that we may collect in the course of providing our services and products, or as your potential employer, may include, but is not limited to, the following:
- Identifiers such as name and government-issued identifier (e.g., social security number (SSN), employee ID and unique identifiers);
- Personal information such as real name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, federal identification authorizing work in the United States, access and/or passcodes, insurance policy number, education, employment, employment history, bank account number, other financial information, medical information or health insurance information;
- Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, requests for leave and medical conditions;
- Health information, such as patient information from our healthcare provider partners for patient outcome-related benchmarking services, including patient ID number, diagnosis or condition, age, height, weight, gender, health history, and pre- and post-procedural health status and recovery progress;
- Commercial information, such as transaction information and purchase history (e.g., in connection with expense reimbursements, or purchases from the Company);
- Internet or network activity information, such as browsing history and interactions with our online systems and websites and any personal information that you provide while accessing the Company’s computer systems, such as personal credit card information and passwords;
- Audio, electronic, visual and similar information, such as security footage from our facilities, recordings from events in which you may participate, and voicemails recorded on our telephone system;
- Professional or employment-related information, such as work history, prior employers, data submitted in job applications, professional licenses, degrees, background checks, performance and disciplinary records, compensation, benefits and leaves of absence information; and/or
- Non-public education information.
You confirm that you are authorized to provide to us the PI which we shall collect on your behalf. Where the PI relates to your directors, shareholders, beneficial owners, employees, agents, associates or family members, it is not reasonably practicable for us to provide to them the information set out in this Notice. Accordingly, where appropriate, you are responsible for providing this information to any such person.
5. HOW PERSONAL INFORMATION IS COLLECTED
We collect most PI directly from you. However, we may also collect PI from the following:
- Publicly accessible sources;
- Third-party companies, such as background check companies, drug testing facilities, licensing and credentialing organizations;
- Third party financial institutions, such as banks and financial advisors, with your consent;
- Consultants and other professionals we may engage, such as our web hosting provider, analytics providers, and advertisers, who may provide us information about you.
- Our healthcare provider partners may provide patient information for patient safety, adverse event reporting purposes, quality improvement studies, and comparative effectiveness analyses;
- Our Information Technology (IT) systems, including:
- Document management and time recording systems;
- Door entry systems and reception logs; and/or
- CCTV and access control systems;
- Prior employers, references, recruiters and job -related social media platforms;
- Third-party sources of demographic information;
- Claim administrators and investigators.
6. THE PURPOSE FOR WHICH PERSONAL INFORMATION IS COLLECTED
The purposes for which the Company will collect or use your PI include:
- To carry out our business operations and associated administration in connection with our services and products, such as order fulfillment, payment processing, shipment, returns, customer service and responding to general inquiries;
- To comply with our internal business processes and policies;
- To comply with our legal, regulatory and professional obligations;
- For operational reasons, such as improving efficiency, training and quality control;
- To prevent unauthorized access and modifications to our systems;
- For updating customer records;
- For marketing our services and products to you;
- For the purpose of conducting due diligence and background checks to comply with the Anti-Kickback Statute, Stark law and the False Claims Act;
- Recruiting and retaining employees;
- Collecting and processing employment applications, including confirming eligibility for employment, background and related checks, and onboarding;
- Employee benefit plan and program administration;
- Leave of absence administration;
- Compensation administration and compliance, including payroll, bonuses, reimbursements, etc.;
- Maintaining personnel records and complying with record retention requirements;
- Communication with employees and/or employees’ emergency contacts and plan beneficiaries;
- Facilitating and administering the use of the company’s property and resources, including the company’s information systems, electronic devices, network and data, and preventing unauthorized access of such;
- Workplace health and safety compliance;
- Ensuring employee productivity and adherence to the policies;
- Investigating complaints, grievances, and suspected violations of policy;
- Complying with applicable state and federal laws, including labor, employment, tax, benefits, workers compensation, disability, equal employment opportunity, workplace safety and related laws; and/or
- Exercising and defending legal claims.
7. DISCLOSURE OF PERSONAL INFORMATION
The Company shall use a reasonable standard of care to store and protect from disclosure any PI collected by limiting access to PI and SPI to individuals with a “need to know.”
PI will be retained by us as set out in the Company’s policies. The Company may share your PI under the following circumstances:
- In the event that we sell or purchase any business or assets, or if all or substantially all of the Company’s assets are acquired by a third party, in which case we may disclose your PI to the prospective seller or buyer of such business or assets, solely for the purpose of permitting the due diligence required to decide whether to proceed with a transaction;
- If reasonably necessary to protect the vital interests of a person or the Company;
- If we are subject to disclose or share your information in order to comply with any legal or regulatory obligation; or
- To enforce or apply our terms and conditions or to establish, exercise or defend the rights of the Company, Company employees, customers or others.
Our third party service providers are subject to security and confidentiality obligations and are only permitted to process information for a specified, legitimate business purpose and in accordance with our instructions.
We only share your information with the following third parties:
- Affiliated companies and advisors as necessary to carry out the purposes for which the information was supplied or collected;
- Service providers such as data hosting providers, recruitment agencies, IT and software providers, legal services, marketing database providers, accountants and HR system providers, including benefits and payroll providers;
- Researchers and academics who may use your information with your consent for clinical studies; and/or
- Law enforcement or governmental agencies to comply with a court order, law, or legal process, including to respond to any government or regulatory request.
8. DATA STORAGE AND SECURITY
The Company shall use a reasonable standard of care to store and protect your PI. We use appropriate physical, technical and organizational security measures and procedures to protect PI from unauthorized use, loss, alteration, destruction or modification. The Company shall retain your PI until the initial purpose for collecting and retaining such data has been satisfied.
9. COOKIES NOTICE
10. CONTACT INFORMATION
Last Edited on 2023-06-26