Privacy Statement – US
Vapotherm, Inc. (herein referred to as “Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Policy.
Information We Collect
When you use the Website, we may collect and use personally identifiable information about you, as well as other usage information. “Personal information” includes name, postal address, email address, telephone number, or other information that can be used to identify you and is defined as personal or personally identifiable information under applicable law. We may also collect usage information, which is information generated automatically as you navigate through the Website or our Platforms. More specifically, we may collect the following information:
- Details of your visits to a Platform and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data, including your IP address, browser type, the date and time you accessed or left the Website, and which pages you viewed;
- Information that you provide directly to us by filling in forms on a Platform including your name, email address, street address, telephone number, or other information; and
- Information provided to us when you communicate with us for any reason, including information you provide in emails you send us, responses to surveys, search queries on the Website, calls to our Customer and Technical support teams, and details of any transactions.
How We Collect this Information:
- Directly from you when you provide it to us. For example, calls to your Customer and Technical Support teams, emails or other electronic messages, or online web-submission forms on our Platforms.
- Automatically as you navigate through the Website. Information collected automatically may include usage details, IP address and Information collected through cookies, web beacons and other tracking technologies.
- From third parties (for example, our business partners).
How We Use Tracking Technologies
A cookie is a small file placed on the hard drive of your computer when you visit a Website. When you visit the Website again, the cookie allows that Website to recognize your browser. Cookies may store user preferences and other information. You may refuse to accept cookies by activating the appropriate setting on your browser.
Certain pages of the Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited these pages or opened the email and provide other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
Providing us your Personal Information is voluntary. You may always refuse to provide your Personal Information to us. If you choose not to provide us with your Personal Information, then we will not be able to communicate with you and provide you with certain information. If we have collected your Personal Information with your consent, you can withdraw your consent by following the instructions provided for doing so when you provide consent, or by contacting us using the contact information provided at the end of this Privacy Statement.
Use of Personal Information
We use the contact information that you choose to provide to us so that we can communicate with you to respond to your queries to Vapotherm, including calls to our Customer Service and Technical Support teams and providing you with our product or service updates. We may also use your contact information or the information you provide to us via any feedback requests to provide you with information about Vapotherm products or services or other marketing or advertising communications, or to enable you to participate in surveys or questionnaires.
In addition, we may use the contact information in order to:
- Contact you to solicit further information as appropriate and/or necessary;
- Facilitate internal market research;
- To deliver interest-based content and advertising that is targeted to the interests we identify through your online activities;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- To fulfill any other purpose for which you provide the information; and
- We may disclose aggregated information about our users and information that does not identify any individual without restriction.
- Any other purposes as may be appropriate and/or necessary in the circumstances.
We use the Information we collect through your use of the Vapotherm Website for our legitimate interests to manage, operate, maintain and secure our Website, network systems and other assets and to provide you with the features and various functionalities of the Vapotherm Website. We may also aggregate the Personal Information we collect through your use of our Platforms to help us to understand our visitors’ interests and to improve the content and performance of our Platforms.
In the event that we use your Personal Information for other purposes not covered above, we will inform you about the specific purpose for processing your Personal Information, and, when required, our basis for doing so at the time we collect the Personal Information from you to the extent required by law.
Sharing Personal Information
Vapotherm is a global company and it shares Personal Information with its affiliates and subsidiaries for the purposes described in this Privacy Statement. For more information about Vapotherm’s affiliates and subsidiaries, please contact us at [email protected]. Vapotherm does not sell, rent, or lease Personal Information to third parties.
We may disclose Personal Information that we collect or you provide as described in this Policy:
- To our subsidiaries and affiliates;
- To our trusted contractors, service providers and other third parties we use to support our business;
- To a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Vapotherm’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by Vapotherm about the Website users is among the assets transferred;
- To third parties to market their products or services to you if you have consented to/not opted out of these disclosures;
- To fulfill the purposes for which you provide it;
- For any other purpose disclosed by us when you provide the information; or
- With your consent.
These third parties are restricted from using your Personal Information in any way other than to provide services for us and we require them to provide an adequate level of protection for your Personal Information. For more information about Vapotherm’s service providers, please contact us at [email protected]
Legal & Regulatory Obligations
We may also use or disclose Personal Information to comply with our legal and regulatory obligations including to comply with applicable retention obligations, and as follows:
- To respond to lawful requests by public authorities, including meeting national security or law enforcement requirements, e.g. to investigate fraud or to respond to a government request.
- To investigate potential breaches or to protect the rights, property or safety of us, or the users of our Platforms or others.
- Where permitted by law, we may also enhance or combine Information about you by including your Personal Information with other information about you that we may obtain from third parties for the same purposes as described above.
We strive to provide you with choices regarding the Personal Information you provide to us. If you wish to exercise your rights under any applicable law.
You can object at any time to the processing of your Personal Information for direct marketing purposes and you can do so by “opting-out” of marketing or promotional communications in accordance with the instructions included in the specific communication. If you have questions about how we determine whether the processing is for our legitimate interests, or if you want to object to our processing on that basis, please contact us at [email protected] or by using the contact details set out below.
Accessing and Correcting Your Information
You may send us an email at [email protected] to request access to, correct, or delete Personal Information that you have provided to us. We may choose not to accommodate a request to change Personal Information if we believe the change will violate any law or legal requirement or cause the Personal Information to be incorrect.
If your Personal Information has been shared with a third party, as described elsewhere in this Policy, then that third party has received its own copy of your data. If you have been contacted by one of these third parties and wish to correct or delete your Personal Information, please contact them directly.
For information regarding your rights guaranteed by your state, please see information below.
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure. All Personal Information you provide to us is stored on our servers behind firewalls.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to the Website. Any transmission of Personal Information is at your own risk. We are not responsible for any circumvention of any privacy settings or security measures contained on the Website.
Users Only of Legal Age of Majority
The Website is designed and intended for those who are at least 18 years old. By using the Website, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a user’s misrepresentation of age. No one under age 13 is authorized to submit any information, including Personal Information, on the Website. Under no circumstances may anyone under age 13 use our Website. Parents or legal guardians of children under 13 cannot agree to these terms on their behalf.
California Privacy Rights
If you are a California resident, please review the California Privacy Notice, below.
Changes to Notice
Vapotherm reserves the right to amend this Policy at our discretion at any time. When we make changes to this Policy we will notify you by email or through a notice on our homepage.
If you have questions or concerns about this Policy or any matter referred to herein, please contact us by email to: [email protected] or by mail to: Compliance Specialist, Vapotherm Inc., 100 Domain Drive, Exeter, New Hampshire 03833 USA.
CALIFORNIA CONSUMER PROTECTION ACT OF 2018
The following information applies solely to our customers, potential customers and end users of our products and services and others who reside in the State of California (here referred to as “Consumers”). We have adopted this Policy to comply with the California Consumer Protection Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA will hold the same meaning when used in this notice.
Categories of Information Collected
We collect Information that identifies, relates to, describes, reference, is capable of being associated with, or could reasonable be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the following categories of Personal Information from Consumers within the last 12 months:
|A. Identifiers||Real name, alias, postal address, unique personal identifier, online identifier, email address, IP address, account name, Social Security Number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal Information listed under California Customer Records statue (Cal. Civ. Code § 1798.80(e)).||Name, signature, address, telephone number, employment, employment history, bank account number, credit card number, debit card number, financial Information||YES|
|C. Legally protected classification characteristics under California or federal law.||Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status, genetic Information (including familial genetic Information)||NO|
|D. Commercial Information.||Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric Information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying Information, such as fingerprints, faceprints, and voice prints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, Information on a consumer’s interaction with a Website application or advertisement.||YES|
|G. Sensory Data.||Audio files of recorded calls to Customer & Technical Support.||YES|
|H. Geolocation Data.||Physical Location or movements.||NO|
|I. Non-public professional or employment-related Information.||Current or past job history or performance evaluations.
|J. Non-public education Information (per the Family Education Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R)||Education records directly related to a student maintained by an educational institution or party acting on behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial Information, or student disciplinary records.||NO|
|K. Inferences drawn from other Personal Information to profile||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Personal Information does not include publicly available information for government records, de-identified or aggregated consumer data, or information excluded from the CCPA’s scope (such as medical data or clinical trial data).
Disclosure of Information
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
- Category A: Identifiers.
- Category B: California Customer Records Personal Information categories.
- Category C: Legally protected classification characteristics under California or federal law.
- Category D: Internet or other similar network activity.
- Category E: Sensory Data.
- Category G: Profile reflecting persons preferences.
Vapotherm does not sell, rent, or lease Personal Data. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
Your Rights & Choices as a California Consumer
The CCPA provides Consumers with specific rights regarding their Personal Information. The rights including the right to request access to, and rectification, or erasure of your Personal Information, or to restrict or object to such disclosure of Personal Information.
- Access: A Consumer can request access to or copies of the Consumer’s Personal Information that we have collected and/or used over the past 12 months for personal use including knowledge on the categories of data we hold, how we obtained it, how it was used. A Consumer can also request information about the categories of service providers who may have received the Consumer’s Personal Information to provide services to us.
- Deletion: A Consumer may request in certain circumstances that we erase or delete the Consumer’s Personal Information unless we have a legal obligation to continue to hold it or otherwise are permitted by applicable law to retain it. However, we may deny the deletion request if retain the information is necessary to:
- Complete the transaction for which We collected the information, provide a good or service the Consumer requested, take actions reasonably anticipated within the context of our on-going business relationship to the Consumer, or otherwise perform our contract with the Consumer.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- “Shine the Light”: California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the below information.
Exercising Consumer Rights
A Consumer can exercise rights to access, portability, deletion, and restriction of processing, by submitting a verifiable Consumer request to us by either:
- Calling us at (883)-234-1699
- By sending an email to [email protected].
Please note that once a Consumer contacts us by email, we will request additional information and documents from the Consumer, including certain Personal Information, in order to authenticate and validate the Consumer’s identity and process your request. Such additional information will be then retrained by us for legal purposes. Vapotherm cannot respond to a Consumer request or provide a Consumer with any Personal Information if we cannot verify the Consumer’s identity or authority to make such request.
Please note that only the Consumer or a person registered with the California Secretary of State that the Consumer has authorized to act on the Consumer’s behalf, may make a Consumer request related to the Consumer’s Personal Information. A Consumer may also make a verifiable Consumer request on behalf of a minor child for which the Consumer has appropriate parental or guardianship rights.
Response and Timing
Vapotherm will acknowledge the receipt of a verifiable Consumer request within ten (10) days after receipt of request. Vapotherm will endeavor to respond to a verifiable Consumer request within thirty 30 days after its receipt. If we require more time to properly respond to the request (not to exceed 90 days), we will inform the Consumer of the reason and extension period in writing, by mail or email. Any disclosures provided will only cover a twelve (12) month period preceding the date of the verifiable Consumer request’s receipt.
If Vapotherm cannot respond to a request, we will explain the reasons we cannot comply with the request in writing, by mail or email.
For data portability requests, we will select a format to provide the Personal Information that is usable and should allow the Consumer to transmit the information from one entity to another.
Vapotherm will not discriminate against Consumers for exercising any CCPA rights. Unless permitted by CCPA, we will not deny a Consumer goods or services or provide a Consumer a different level of goods or services.
If you have questions or concerns about this Policy or any matter referred to herein, please contact us by email to: [email protected] or by mail to: Compliance Specialist, Vapotherm Inc., 100 Domain Drive, Exeter, New Hampshire 03833 USA.
Vapotherm is a trans-national business headquartered in the United States. Our management structure and business processes cross borders. This means that our customer and employee data is transferred across borders.
Vapotherm may from time to time handle personal information collected from individuals located within European Union member countries. Vapotherm has certified that it adheres to the EU-US and Swiss-US Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purposes limitation
- Recourse, enforcement and liability
Vapotherm is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for the purposes of the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework.
This Policy applies to all information collected by Vapotherm from which an individual can be identified (“Personal Information”). The Personal Information we collect includes the Employee Information described below as well as certain information including names, email addresses, mailing and billing addresses and telephone and fax numbers collected from customers, potential customers and end users of our products and services for sales, marketing, order fulfilment and order delivery purposes. Additionally, in our section on Online Information we also discuss how we gather and use all information gathered online even if it is not Personal Information. Vapotherm will not deviate from this Policy even if applicable national laws are less stringent than this Policy.
Excluding our Employee Information which is discussed below, we collect, process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; product and service delivery; fulfilling our business obligations to our customers and resellers; communicating with customers and potential customers about marketing and technical information concerning our products and services; notifying our customers and potential customers regarding product launches and important events related to Vapotherm; and other related business activities of which you are informed at the time your Personal Information is collected or as soon thereafter as practicable. Vapotherm only collects personally identifiable information about individuals when such individuals specifically provide such information to us on a voluntary basis or while requesting information on our products or services. We may disclose Personal Information to our agents, resellers and business partners or to protect and defend the rights or property of Vapotherm. Vapotherm must reply to lawful requests from public authorities, including to meet national security or law enforcement requirements, for disclosure of Personal Information.
Vapotherm does not sell, lease, or rent Personal Information to third parties.
In general, you may visit our Websites without providing any Personal Information. However, you may choose to provide us with Personal Information by completing online forms. At the point of collection we will inform you of how your Personal Information will be used; apart from these uses, Vapotherm will only use your Personal Information in accordance with the terms of this Policy.
Cookies are small files that a site transfers to your computer’s hard drive through your web browser (if you allow) that enables it to recognize your browser and capture and remember certain information. A cookie cannot read data off your hard drive or read cookie files created by other sites. Cookies may do things like allow you to navigate faster through the site, remember your preferences and passwords and generally improve the user experience. You can turn off the ability to receive cookies by adjusting your bowser settings – please note that if you do so, this may affect the functionality of the website and the information you can access through it.
We collect Employee Information from prospective and present Employees only for legitimate business purposes, including
- the management and operations of our company, its functions and activities,
- Employee communications, including Employee surveys,
- maintaining a global directory,
- carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements,
- development and training programs,
- recruiting and hiring job applicants,
- assessing qualifications and performance,
- performing background checks and verifying references where applicable,
- managing Employee performance,
- determining Employee compensation or payment,
- managing the Employee termination process, and
- other general human resources purposes.
Our European Union Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other Vapotherm Employees only if necessary with respect to legitimate human resource functions or issues. Vapotherm will obtain affirmative consent from an Employee before using such Employee’s Personal Information for any purpose other than described above. Employees may decline to provide this consent, and Employees may withdraw their consent at any time.
For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Employee Personal Information is never sold, leased or rented to any third party. Employee Personal Information will never be disclosed to third parties except as follows:
- to those retained by Vapotherm as agents for the purposes set forth in the paragraph above,
- where required pursuant to an applicable law, government or judicial order, law or regulation, or to protect the rights or property of Vapotherm
- where authorised in writing by the Employee, and
- where the Employee voluntarily provides Personal Information and the context makes it clear such information will be provided to a third party.
Where personal data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities.
We will always give you an opportunity to choose opt-out before your Personal Information is (1) disclosed to a third party (other than a Vapotherm agent doing work at our direction), or (2) to be used for a purpose that is materially different than that for which it was originally collected or subsequently authorised by you. Although we do not ever anticipate providing sensitive Personal Information, such as Employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and expressly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to government or judicial order, law or regulation to meet national security or law enforcement requirements.
At a minimum, you will always be able to opt-out from receiving marketing materials from Vapotherm If we determine that applicable national law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the Principles of the EU-US and Swiss-US Privacy Shield Frameworks. We will only transfer data to our agents, resellers or third party service providers (such as accountants, attorneys, consultants and other service providers) who need the information in order to provide services or to perform activities on behalf of Vapotherm, including in connection with the delivery of services or products, Vapotherm’s management, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.
To protect Personal Information collected and stored by Vapotherm, we have in place reasonable and appropriate technical and operational security measures to prevent Personal Information from loss, misuse, unauthorised access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorised by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.
You have the right to access personal data relating to you. If you wish to access, amend, or confirm that Vapotherm has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at [email protected] or at (603) 658-0411. We will respond to your request within a reasonable time.
Employees may review their personal files and any Personal Information concerning them upon by emailing [email protected]
Recourse, Enforcement and Liability
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us at [email protected] or call us at (603) 658-0411. We will investigate your complaint, take appropriate action and report back to you within 45 days.
If the Personal Information in question was transferred from the EU or Switzerland to the United States, and you are not satisfied with our response, Vapotherm has agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) and Swiss FDPIC to resolve disputes pursuant to the EU-US Privacy Shield Principles. A resident of the European Union (EU) or Switzerland whose enquiry has not been satisfactorily addressed may contact the EU DPAs panel or individual EU DPAs using the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm to resolve disputes pursuant to the EU-US and Swiss-US Privacy Shield Principles.
Vapotherm commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
The services of the EU DPAs panel are provided at no cost to you.
Limitation on Application of Principles
Adherence by Vapotherm to these EU-US and Swiss-US Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; (c) to the extent expressly permitted by an applicable law, rule or regulation; and (d) to the extent that Vapotherm has limited or no control over the actions of the individuals who have provided information.
Questions or comments regarding this Policy should be submitted to Vapotherm by email to: [email protected] or by mail to: Vapotherm, 100 Domain Drive, Exeter, New Hampshire 03833.