Effective Date: December 2022
Please read this Policy carefully to understand what personal information we collect and how we treat it. We recommend that you review this Policy periodically because we revise from time to time without notice to you. The “Effective Date” at the top of this page indicates when this Policy was last revised.
1. Personal Information We Collect
We collect Personal Information about you directly from you and from third parties, as well as automatically through your use of the Sites. In this Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular resident or household.
Information Provided by You
- Registration Information. When you register for our newsletter or to download materials from the Sites, you may provide us with Personal Information, such as name, email address, mailing address, and mobile phone number, specialty, institution, country, and specific areas of interest.
- Correspondence and other communications. When you contact us via a contact form, email, or by other means, you may provide us with Personal Information, such as name, email address, mailing address, and the contents and nature of your correspondence with us.
Information Collected via Automated Means
Information Collected from Third Parties
- Information from Other Sources. We may obtain information, including Personal Information, from third parties and sources other than the Sites, such as our partners and advertisers. If we combine or associate information from other sources with Personal Information that we collect through the Sites, we will treat the combined information as Personal Information in accordance with this Policy.
2. How We Use Personal Information
We use Personal Information we collect on the Sites as necessary for the following purposes:
- Understanding usage, improving the Sites and business purposes. We use the information that we collect on the Sites to understand and analyze the usage trends and preferences of our users, to improve the Sites, and to develop new products, services, feature, and functionality, and other purposes related to managing our businesses.
- Communicating with you. We use your email address or other Personal Information we collect on the Sites as necessary to contact you for administrative purposes such as to provide services and information that you request, and to respond to comments and questions.
- Marketing. We use your email address and other Personal Information to send marketing communications, including updates on promotions and events, relating to products and services offered by us and by third parties we work with. Generally, you have the ability to opt-out of receiving any promotional communications as described below under Your Rights and Choices. Where required under applicable law, we will only send you promotional emails with your opt-in consent.
- Legal purposes. We use and share your information for legal purposes, including as described below in the section titled “When We Disclose Information,” including the transfer of such Personal Information to third parties in countries outside of your country of residence where data protection laws may be less adequate compared to your own country’s data protection laws.
Below is an overview of the types of cookies we and third parties use to collect Personal Information.
- Functional cookies. Some cookies are strictly necessary to make our Sites available to you. For example, functional cookies remember user location, chosen language or other settings to provide a personalized user experience on a website, and to remember your consent and privacy choices. We cannot provide you with the Sites without this type of cookies.
- Advertising cookies. We work with third-party advertising companies to show you ads we think may interest you. For example, we show you ads about Shockwave Medical on third party websites and apps, or ads about third parties’ products and services on our website and app. To do so, we and our advertising partners place and access cookies through our Sites and otherwise collect or access Personal Information collected over time and across different online services. For example, we use HubSpot, and Google Analytics Advertising Features, such as Remarketing with Google Analytics.
Our Use of European Personal Information
If you are located in the European Economic Area (the “EEA”), we only process your Personal Information when we have a valid “legal basis”, including when:
- We need your Personal Information to provide you with the Sites, for example to respond to your inquiries.
- We have a legal obligation to use your Personal Information, for example to comply with tax and accounting obligations.
- We or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Sites. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
3. When We Disclose Information
Except as described in this Policy, we will not disclose your information that we collect on the Sites to third parties without your consent. We disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
- Any information that you voluntarily choose to post to a publicly accessible area of the Sites, will be available to anyone who has access to that content, including other users.
- We work with third party service providers to provide website, application development, hosting, maintenance, and other services for us. These third parties have access to or process your information as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions on our behalf, and we require them to agree to maintain the confidentiality of such information.
- We make certain information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Sites. Where required under applicable law, we will only use anonymized or aggregated information for these purposes.
- We disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Sites and any facilities or equipment used to make the Sites available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our rights and agreements), or the rights, property, or safety of others.
- Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, including disclosures in connection with due diligence in advance of such a transaction.
- We share Personal Information with our affiliates, subsidiaries, and branch offices to which it is reasonably necessary or desirable for us to disclose Personal Information to carry out the above-mentioned information processing purposes.
- We also share Personal Information for any other purposes disclosed to you at the time we collect your information or with your consent.
4. Your Rights and Choices
You can, of course, decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of the Sites. If you wish to access, amend, or delete any other Personal Information we hold about you, you can contact us using the “Do Not Sell My Personal Information” link located on www.shockwavemedical.com or use contact details at the end of this Policy. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, as permitted under applicable data protection law.
If you receive commercial emails from us, you can unsubscribe at any time by following the instructions contained within the email. You can also opt-out from receiving commercial email from us, and any other promotional communications that we send to you from time to time, by contacting us using the contact details at the end of this Policy. We allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Sites.
Please be aware that if you opt-out of receiving commercial emails from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Sites.
Your Cookie Choices
- Google cookies. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or via Google’s Ads Settings or Ad Settings for mobile apps.
- Do Not Track. We do not specifically respond to Do Not Track (“DNT”) signals. However, some third-party websites do keep track of your browsing activities, including across other websites on the Internet, which enables these websites to tailor what they present to you. Your browser may allow you to set a DNT signal on your browser so that these third parties know you do not want to be tracked.
5. California Residents
For California residents, personal information is broadly defined under the California Privacy Rights Act (the “CPRA”) to include, among other things, all information that can be directly or indirectly linked to an individual or household. In all cases, personal information does not include deidentified information, aggregate information that cannot be linked to a particular individual, or pseudonymized information.
For the 12-month period prior to the date of this Policy, the table below shows the categories of personal information subject to the CPRA’s notice provisions we have collected, the purpose for the collection and, if the information was shared, with which categories of categories of third parties. This does not include personal information reflecting communications or a transaction between Shockwave Medical and a California resident who is acting as an employee, owner, director, officer, or contractor of an entity or government agency and who is communicating or transacting with us in that capacity for due diligence or for providing or receiving a product or service.
|Identifiers, e.g., name, email address, online identifiers (such as username)||We use this data in order to identify you, answer questions for you, improve the content of the Sites, customize content you see, communicate with you about our products and services, market to you, associate other data with you, analyze other data we collect, and for security and fraud prevention.||Our affiliates.|
|Internet and other online activity, and device information, such as IP address, device ID, browser information and history, cookie information, operating systems, time stamps, the pages you request, the path you take on the Sites, user settings, your use of our Service and apps, etc.||We use this data to determine how customers use parts of the Sites or services so that we can make the Sites appealing to as many customers as possible and improve our services.||Our affiliates; service providers that host our Sites and place advertisements for us.|
|Geolocation data||We use this data in order to identify you, answer questions for you, improve the content of the Sites, customize content you see, communicate with you about our products and services, associate other data with you, analyze other data we collect, consider new product offerings, and for security and fraud prevention.|
|Professional or employment related information||We use this data in order to identify you, market to you, associate other data with you, analyze other data we collect.|
|Educational information||We use this data in order to identify you, market to you, associate other data with you, analyze other data we collect.|
|Inferences drawn from other information||We use this data in order to identify you, market to you, associate other data with you, analyze other data we collect.|
Sources. We obtain the data identified in the chart above directly from you when you provide it to us, when you sign up for our services or marketing, and when you interact with our Sites. We also obtain this data indirectly from cookies, tags, and other digital tools. We make inferences drawn from other information based on our own observation, analysis, or algorithms.
Future Collection, Use, Disclosure and Transfers. We will continue to collect the same categories of information, for the same purposes, and from the same sources as described above. We also in the future may use, disclose, or transfer all types of the information from or about you that we collect as described in the section titles “When We Disclose Information.”
Non-Discrimination. You have the right to be free from discrimination for exercising your rights to know or delete. We will not deny you products or services, charge you different rates, or give you different discounts because you used any of these rights.
Right to Know. You may request that we provide you a list of the categories of personal information we have collected about you over the last 12 months, the categories of sources from which it was collected, the business or commercial purpose for collecting or selling the information, and the categories of third parties to whom we disclosed or sold that information.
Right to Rectify. You may request that we rectify any of your personal information that we possess if you believe it is not accurate. We will ensure that all references to such personal information within our systems is updated according to your request.
Right to Portability. You may also request that we provide you a copy of the specific pieces of personal information we have collected about you in the past 12 months in an electronic format. You may make a request to know up to two times in a 12-month period, subject to limitations described in the law. For a list of general categories of information that we have collected and shared in the past 12 months, see the table above. The foregoing does not apply to personal information exempted under the CPRA.
Right to Delete. You may request that we delete any personal information that we have collected from you, apart from information that the law allows us to keep. When we respond to your request to delete, we will explain what (if any) information we have kept and why. The foregoing does not apply to personal information exempted under the CPRA.
How to Make a Request to Know or Delete. You may make a request to know or delete by completing a Privacy Web Form request online or emailing email@example.com. When you make a request, we will take steps to verify your identity before responding. This is to protect your information. We will ask you to provide us your email address.
Authorized Agent. You may designate an authorized agent to make requests on your behalf. We will require verification that you did, in fact, authorize the agent. Unless the law requires otherwise, your authorized agent must provide contact details for you. We will contact you to confirm that you authorized the agent. Once you confirm, we will promptly respond to the rights request.
No Sales of Personal Information. We have not sold personal information to third parties during the 12 months prior to the Effective Date of this Privacy, and do not plan to do so without further notice (except for a sale in connection with the sale or transfer of the business or our assets, as noted in the section above about sharing).
No Automated Decision-Making. We do not perform any automated decision-making with the personal information that we collect about you and do not plan to do so without further notice.
6. European Visitors
If you are located in the EEA or United Kingdom (the “UK”), you have additional rights described below.
- You may request access to and receive information about the Personal Information we maintain about you, update, and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- You may withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
You may exercise these rights by contacting us using the contact details at the end of this Policy. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
If you are located in the EEA or UK, we will comply with applicable EEA/UK data protection law when transferring your Personal Information outside of the EEA/UK. We transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission (e.g., Switzerland, Canada), use contractual protections for the transfer of Personal Information, or transfer to recipients who have adopted Binding Corporate Rules. For more information about how we transfer Personal Information outside of the EEA/UK, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us as specified below.
7. Japan Visitors
If you are located in Japan, you have additional rights described below.
You may request access to and receive information about the Personal Information we maintain about you, update, and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, and have the information deleted pursuant to the Act on the Protection of Personal Information of Japan (the “APPI”). In addition, you may also have the right to lodge a complaint with the competent authority.
You may exercise these rights by contacting us using the contact details at the end of this Policy. Please note that there are exceptions and limitations to each of these rights under the APPI.
We transfer your Personal Information to countries whose laws may not provide the same level of data protection as Japan. For these cases, we have established contractual arrangements and security safeguards within Shockwave Medical and with third parties to ensure an adequate level of data protection at least as required for personal information processing operators under the APPI.
If we share your Personal Information with our affiliates and subsidiaries, Shockwave Medical is responsible for such sharing and our General Counsel is our representative.
8. International Visitors
The Sites are hosted in the United States. If you choose to use the Sites from regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing, which does not have the same data protection laws as your jurisdiction. Also, we transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Sites. By providing any information, including Personal Information, on or to the Sites, you consent to such transfer, storage, and processing.
9. Children’s Privacy
Our Sites are for general audiences and are not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Sites at any time or in any manner. If we learn that Personal Information has been collected on the Sites from persons under 13 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has provided Personal Information on the Sites, then you may alert us using the contact details at the end of this Policy, and request that we delete that child’s Personal Information from our systems.
We retain your Personal Information only for as long as is reasonably necessary to fulfill the purpose for which it was collected, and to meet legal requirements, including record retention, resolving disputes, and enforcing our agreements. We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period. When determining the specific retention period, we consider various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations.
11. Third-Party Services
The Sites contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Sites. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Sites. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
12. Data Security
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Data that we collect and maintain. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk.
13. Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we update from time to time. If we modify this Policy, we will make it available through the Sites, and indicate the date of the latest revision. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Sites for the first time after such material changes are made. Your continued use of the Sites after any revisions to this Policy have become effective indicates that you have read, understood, and agreed to the current version of this Policy.
14. Our Contact Information
Unless otherwise indicated, Shockwave Medical is entity responsible for the processing of your Personal Information as described in this Policy. Please contact us with any questions or comments about this Policy, your Personal Information, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org.
Shockwave Medical, Inc.
5403 Betsy Ross Drive
Santa Clara, CA 95054