Effective date: May 25, 2018
Last updated: May 24, 2018
Website Privacy Statement
- About Nevro
- Information we collect
- How we use information
- How we share information
- How we store and secure information
- Your choices and rights
- How we transfer information we collect internationally
- Other important privacy information
Nevro is a global medical device company that offers products and services for the Senza© and Senza II HF10&tm; Systems.
Information we collect
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as described below. We collect the following types of information:
- Information you provide through our Sites: When you complete and submit an online form on the “Contact Us” page of our Sites, we collect your name, phone number, and email address. When you complete and submit your patient assessment form on our HF10.com website in the U.S., we collect your age, gender, phone number, email address, and other health-related information. We do not directly collect this contact information outside of the U.S. We also collect information such as your name, city, state, photographs and videos of you when you consent to publish your testimonial on the Patient Stories section of our Sites
- Information you provide for Nevro HF10 Therapy: We may collect information about you when you receive HF10 Therapy to facilitate treatment and post-treatment care. This includes your name, gender, date of birth, mailing address, email, phone number, information relating to your pain (pain scores, procedure type, pain location), your Nevro medical device settings, and your experience with our Services. We also collect your name and appointment information from healthcare providers, such as hospitals and clinics, where your procedure is performed.
- Information you provide at events: When you attend Nevro-hosted professional education events we collect your name, email address, and phone number during the registration process. We also collect contact information to coordinate travel for attendees of Nevro-hosted professional education events and trainings. When you engage with us at trade shows and conferences, we collect contact information you provide to us, such as your name, email address, and phone number.
- Device information: When you use our Sites, we automatically collect your operating system, IP address, device type, and device version.
- Browsing information: When you visit our Sites, we automatically collect your browser type and usage details, such as time, frequency, and use pattern. We may collect the domain name from which you access our Sites, the pages of our Sites that you visit, the amount of time spent on our Sites, and the number of times you return to our Sites.
- “Do Not Track” technologies: We currently do not respond to web browser “Do Not Track” signals.
How we use information
We use the information we collect about you to:
- Communicate with you: We may contact you to respond to your inquiries, requests, and/or send important notices. For example, we may contact to provide customer support, schedule appointments, update you about new Services, or to send invitations to Nevro-hosted events. See “Your choices and rights” below to learn how to manage your communication preferences.
- Provide and improve our Services: We use information we collect to provide and analyze how you use our Services, develop new products and services, and improve functionality, efficiency, and quality of our Services.
- Perform data analytics for patient outcomes: The information we collect is anonymized and aggregated to perform data analytics. That helps us improve the quality of our Services, optimize our algorithms for HF10 Therapy, and present patient outcomes to current and prospective customers.
- Conduct scientific research and clinical studies: We conduct clinical studies and trials to test and improve our Services. Participation is voluntary and we retain only anonymized data for research and clinical studies in connection with our Services. We use anonymized data for scientific research purposes in connection with our Services.
- Billing: Depending on your location, we may use your information for billing purposes. We collect your name, date of birth, and insurance number to send billing notices to insurance companies.
- Marketing and advertising: We only publish Patient Stories on our Sites, send marketing emails and newsletters, or call you about our Services with your consent. We advertise our Services on social media platforms, such as Facebook, but we will not directly contact you or collect your information through these platforms. In the U.S., we engage in behavioral advertising and partner with third parties, such as Google, to provide you targeted advertisements on our Sites.
- Coordinate travel for events: We use your contact information to coordinate travel arrangements if you attend a Nevro-hosted professional education event that requires you to travel outside of your city.
Legal basis for processing (for EU and EEA customers)
If you are an individual in the European Union (EU) or European Economic Area (EEA), we collect and process your personal data only where we have a legal basis for doing so under applicable EU laws. The legal basis we determine depends on how you use our Services. This means we collect and use your personal information only:
- To perform direct marketing activities and publishing patient stories on our Sites with your consent;
- For the provision of patient treatment and support in connection with our Services;
- To operate our business, develop and improve our Services, and for fraud prevention purposes;
- For scientific or research purposes in connection with our Services; and/or
- For compliance with legal obligations, such as regulatory safety reporting obligations.
If you have any questions about these lawful bases and how we use your personal information, please contact firstname.lastname@example.org.
How we share information
We share information about you with third party service providers only in the manner described below:
- Service providers: We provide your information to other third party service providers to help us perform our Services. These service providers are authorized to use your information only as necessary to provide services on our behalf and under our direction. We use service providers for customer relationship management, data center hosting services, customer support, document management, marketing, and email administration.
- Nevro Corp. and Nevro affiliated companies: We share information we have about you with our affiliated companies to operate and improve our Services. Nevro affiliate companies are owned or operated by us. This Policy applies to the information we share with our affiliates.
- Legal purposes: We disclose your information when we believe that disclosure is (1) reasonably necessary to comply with any applicable law, regulation, subpoena, legal process or enforceable governmental request; (2) necessary to enforce the provisions of this Policy; or (3) necessary to protect against harm to the rights, property, or safety of Nevro, our customers, or the public as required or permitted by law.
International data transfers
We collect information globally, including from customers in the U.S., EEA, and Australia. We may transfer your information outside of the country in which you originally provided it to where our affiliated companies and service providers operate. These countries may not have the same data protection laws as the country in which you provided your personal data. In particular, the European Commission has determined that the United States does not provide an adequate level of data protection.
To ensure that your data is secure, we use European Commission approved standard contractual clauses when we transfer information from the EEA and Switzerland. We also make use of intra-group data export agreements to protect your information when we transfer it to our affiliated companies.
Your choices and rights
Where appropriate or legally required, we will describe how we use personal information we collect so you can make choices about how your data is used. You can notify us during the information collection process and change your preferences at any time.
- Marketing communications: With your consent, we may contact you by email or phone to provide additional information about our Services. If you would like to opt-out of further marketing communications, you can click the link in the bottom of any marketing email, or email us at email@example.com.
- Patient care communications: Subject to applicable law, we may call, email, or send SMS texts after your procedure to schedule appointments and facilitate follow up treatment.
- Transactional communications: We send transactional emails if you submit a message through the “Contact Us” form on our websites, to notify you about changes to our Services, and to send other disclosures as required by law.
As required by law, you have the right to:
- Access and receive a copy of your data
- Update, amend, or correct incomplete or inaccurate data
- Request to delete or stop processing your personal data
- Withdraw your consent of our ability to use your data where we rely on consent as the legal basis
- Object to the processing of your data where we rely on our legitimate interest as the legal basis
- Lodge a complaint with a Data Protection Authority/EU Supervisory Authority
We can correct, delete, or provide a copy of your information upon request, but we reserve the right to use your information to request additional information to verify your identity before we process your request. If you wish to exercise these rights, email us at firstname.lastname@example.org and we will respond to your request within 30 days. Depending on your location, you may have the right to file a complaint with a government regulator if you are not satisfied with our response.
How we store and secure information
We maintain appropriate administrative, technical, and physical safeguards designed to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We maintain a Corporate IT Security Policy and use tested access and security controls to ensure that your data is secure. We also require third party service providers acting on our behalf or with whom we share your information also provide such security measures in accordance with industry standards.
We use data hosting service providers in the U.S. and EEA to host the information we collect in connection with our HF10 Therapy. The servers which store the information we collect are kept in a controlled environment. Where data is transferred over the Internet as part of our website, the data is encrypted using industry standard SSL (HTTPS).
Although we implement safeguards designed to protect your information, it is impossible to guarantee absolute security in all situations. If you have any questions about security of our Services, please contact us at email@example.com.
We retain your information for as long as needed to comply with our legal obligations (such as reporting to regulatory authorities), resolve disputes, and enforce our rights. We also may retain your information to support our business operations and develop our Services.
Other important privacy information
Our Services are intended for a general audience and are not directed to children. We do not knowingly collect personal information online from children under the age of 13. If you believe that a child under the age of 13 may have provided us with personal information, please contact us at firstname.lastname@example.org and we will promptly delete that information from our records.
Third party services, applications, and websites
Certain third party services or websites you use, or navigate to or from our Services (such as social media sites) may have separate user terms and privacy policies that are independent of this Policy. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.
We may update this Policy to reflect changes in our personal data practices or relevant laws. We will notify you if we make any material changes by revising the "effective date" at the top of this Policy. We encourage you to review this Policy for updates each time you use our Services.
If you have any questions about our privacy practices, or if you would like to exercise your rights, please contact our Data Protection Officer at email@example.com or write to us at:
Attn: Data Protection Officer
1800 Bridge Pkwy
Redwood City, CA 94065