Legal Information

Legal Information – Proteor USA

Last updated: September 7, 2023

GENERAL

In accordance with laws governing literary and artistic property rights or other similar rights, the reproduction or redistribution of the elements that make up the PROTEOR USA website, in whole or in part, is strictly prohibited. All of the brands cited herein are registered trademarks.

WEBSITE OWNER

PROTEOR USA, LLC
1236 West Southern Ave, Suite 101
Tempe, AZ 85282
855.450.7300

PARENT COMPANY

PROTEOR
6 Rue de la Redoute
21850 St Apollinaire, France
An SAS (Simplified joint-stock company) with share capital of €1,514,250.
Registered number: 542 083 704, at the Dijon Trade & Companies Register.
+33 (0) 380 784 242<

INCIDENT REPORTING

Should any serious incidents occur while wearing any of our devices, contact PROTEOR USA customer support at 855.450.7300. Additionally, serious incidents should be reported to the appropriate local and/or national authorities where the patient resides.

PRIVACY

PROTEOR USA is happy to welcome you to its website and to present its activities to the widest possible audience. PROTEOR USA declines all responsibility for any difficulties encountered in accessing the site or for communication line failure.

PROTEOR USA, LLC a Delaware limited liability company (“Proteor,” “we,” “our,” “us”) respects your privacy and are committed to protecting it through this Privacy Notice (“Privacy Notice”). This Privacy Notice describes the type of information we may collect from you or that you may provide to us when you visit our Site and use its interactive features and utilize or purchase our related services and mobile applications, including the mobile GAITLAB App, FREEDOM INNOVATIONS App, and KINNEX App (collectively, the “Services”), and our policies and practices regarding how we collect, use, and disclose that information. If you engage in Services offered by us, then you may be subject to other terms and conditions and disclosures relevant to the Services that are not included in this Privacy Notice.

BY ACCESSING OR BROWSING THE SITE OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY NOTICE, AS MODIFIED FROM TIME TO TIME BY US.

You may choose not to provide us with any Personal Information. In that case, you can still visit and browse our Site, however, you will not have access to or be able to use our Services.

This Privacy Notice applies to information we collect:

  • From clinics, clinicians, or business partners who enter into contracts with us (“Clients”).
  • From employees of Clients or patients or customers of our Clients (“Users”).
  • From visitors to the Site or individuals that download our application(s) (collectively, with Clients and Users, “you”).
  • In email, text, and other electronic messages between us.
  • When you engage with us to use our Services or request information about our Services.

We reserve the right, at any time and without notice to you, to add to, change, update, or modify this Privacy Notice. If we decide to change our Privacy Notice, we will post a new notice on our Site and change the date at the top of the Privacy Notice. Any change, update or modification will be effective immediately upon posting on our Site and will apply to any Personal Information (as defined below) provided to us on and after that date. Your continued use of the Site or Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Notice periodically for updates.

If you have any questions or comments about this Privacy Notice or how to exercise your rights, please contact us at info@proteorusa.com.

1. THE TYPES OF INFORMATION WE COLLECT.

We collect certain “Personal Information,” which is information that can be used to identify you individually. For example, we collect an Internet Protocol (“IP”) Address from all visitors to our Site, and, if the visitors choose to engage with us by submitting a form or requesting further information, we may also collect their names and e-mail addresses. You can turn off and adjust settings on your computers and devices that will not allow us to collect information.

We may collect information that identifies you personally when you submit comments, questions, or suggestions to us or to the Services using the https://us.proteor.com/contact form or by email, including attached files in an email sent to us. Any comments and any emails we receive from you are subject to this Privacy Notice.

Location of Loaner and Demonstration Units

If you are using a loaner or demonstration unit and have location enabled on your mobile device, we may collect the geo-location of your loaner unit. In many mobile devices, you can turn off location settings by selecting the “Settings” feature, choosing “Privacy”, and turning off “Location.” The loaner units are tracked by a de-identified serial number, not your name, and the location is used by us to provide a last known location for customer service.

2. HOW WE USE AND SHARE INFORMATION.

We use Personal Information to provide you with the features available through the Site and Services (to respond to requests that you initiate through the Site or Services, to process requests and required actions pursuant to our Services, and to communicate with you. When we have location information, we may use it to provide a last-known location for customer service purposes.

By accessing or using the Services, we might collect additional data as set forth below in the “Aggregate Information” paragraph.

We may use your Personal Information to contact you to deliver certain services, news, or information related to the Services, verify your authority to use our Services, and improve the content and general administration of the Services. If you do not wish for your Personal Information to be used as described in this Section, do not use the Services. You may also opt out of receiving promotional notifications by following the opt-out instructions in the emails that are sent to you.

Legal Requirement

We may disclose Personal Information, non-personal information, and aggregate information:

  1. to comply with the law, cooperate and respond to requests and claims or comply with legal process served on us (e.g., a lawful subpoena, warrant, or court order);
  2. to enforce or apply policies, or agreements (including to initiate, render, bill, and collect for amounts owed to us);
  3. to protect and defend us or our user’s rights or property, the Site, Services, our employees, visitors, or the public, (including protecting and defending from fraudulent, abusive, or unlawful use of, the Site or Services); or
  4. if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay.

Company Sale

Information collected through our Site or Services is considered our trade secret or proprietary information. As the owner of such information, we may disclose or sell such information as an asset of the company in conjunction with the sale to a third-party of our company or a portion of our assets.

Links to Other Websites

Please be aware that we may provide links to third-party websites (“External Web Sites”) as a service to our visitors, and that we are not responsible for the content or information collection practices of those pages. Such links do not constitute an endorsement by Proteor of those External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the linked to External Web Sites. Please note that these websites’ privacy policies may differ from our Privacy Notice. We encourage you to review and understand the privacy practices at third-party websites before providing them with information.

Opt-Out

You may opt out of receiving emails or text messages from us at any time either by texting the word “STOP” to any text message using the mobile device that is receiving the messages, by using the unsubscribe link contained in the email, or by contacting the sender. If you are unable to resolve this through these means, contact us at info@proteorusa.com. Despite your election to opt-out, if you are still receiving services from us or using our Services, we may send you emails or contact you by other means regarding your account, transactions, and your activities with the Services.

Aggregate Information

We may track the total number of visitors to our Site, the number of visitors to each page of our Site, browser type, and IP addresses. We may also analyze data collected by our mobile applications for trends statistics in the aggregate, but such information will be maintained, used and disclosed in aggregate form only and will not contain Personal Information.

We may use aggregated and de-identified data obtained from you as a part of our product development process. Aggregated and de-identified data is content that has had all of direct and indirect personal identifiers removed. We agree not to attempt to re-identify aggregated and de-identified data.

3. DATA SECURITY.

We follow generally accepted industry standards to protect Personal Information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

4. YOUR DATA RIGHTS.

Children’s Rights

The Children’s Online Privacy Protection Act (“COPPA”) requires that all online service providers, including Proteor, obtain parental consent before knowingly collecting Personal Information from children under the age of 13. Our Services are directed towards adults who are of the legal age to access them in their respective jurisdictions and by accessing and using our Services, you represent and warrant that you are of the legal age to form a binding contract with us in your respective jurisdiction and that you meet the foregoing eligibility requirements. We do not knowingly collect or solicit any Personal Information from children under the age of 13. Children under the age of 13 are prohibited from using the Services or creating an Account unless they are doing so with parental consent. If we learn that we have collected personal information from a person under the age of 13 that does not comply with COPPA, we will delete that information in a reasonably prudent amount of time. If you believe that a child under the age of 13 has provided Personal Information to us, please contact us at info@proteorusa.com.

Shine the Light Law

California Civil Code Section § 1798.83 permits users of our Site that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us info@proteorusa.com for any questions regarding your Personal Information.

Rights of California Residents

Under the California Consumer Privacy Act (“CCPA”) as Amended by the California Privacy Rights Act (“CPRA”), you have the right to know what personal information we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of Personal Information we have collected about you. We do not sell or share Personal Information as defined by the CCPA, and have neither sold nor shared any of your Personal Information with third parties in the past twelve (12) months.

If you are a resident of California, you have other rights under the CCPA/CPRA:

  • Right of Access: You can access your collected personal information.
  • Right to correct, update, or delete: You can correct, update or request deletion of your personal information. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
  • Right to Request Disclosure of Information Collected: You can request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
  • Right to Disclosure of Information Sold or Shared and Right to Opt-Out of the Sale or Sharing of your Personal Information: You have the right to know what information of yours we have sold, and you have the right to opt-out of any sale of your information. We do not sell or share any of your information.
  • Rights to Disclosure of Sensitive Information: You have a right to know how we collect, process, and disclose “Sensitive Personal Information” (SPI). SPI includes highly sensitive data such as: social security number; driver’s license; passport number; financial account information and log-in credentials; precise geolocation data; genetic data; and ethnic origin. We collect and process the following types of SPI: geolocation data. We use the SPI to provide the Services to Users. Please note that Proteor does not directly collect payment information and is not a money-services business. If this functionality is made available in the Services, it is provided by an unaffiliated third party, and like any other third-party service, subject to their terms of use.
  • Right to Retention Details: You have a right to know the length of time we retain each category of Personal Information or if that is not feasible, the criteria we will use to determine that retention period. Proteor stores and retains data including Personal Information for so long as may be required under the terms of an applicable agreement, or for so long as may be required to comply with a legal obligation, resolve disputes, maintain security, prevent fraud and abuse, enforce our terms of service, or fulfill your request to “unsubscribe” from further messages from us. We will also delete data upon any client request. We may retain certain information that de-identified information to enable us to refine and improve our Services after you have discontinued your use of the Services.
  • Right to Non-Discrimination: We do not and will not discriminate against you if you exercise your rights under the CCPA.

Rights of Colorado, Connecticut, Nevada, Utah, and Virginia Residents

If you are a resident of Colorado, Connecticut, Nevada, Utah, or Virginia, you have other rights under your respective states’ consumer privacy statutes:

  • Right of Access: You can access your collected personal information.
  • Right to correct, update, or delete: You can correct, update or request deletion of your personal information. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
  • Right to Request Disclosure of Information Collected: You have the right to request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
  • Right to Disclosure of Information Sold or Shared and Right to Opt-Out of the Sale or Sharing of your Personal Information: You have the right to know what information of yours we have sold, the categories of Personal Information shared, and you have the right to opt-out of any sale or sharing of your information. We do not sell or share any of your information.
  • Right to Disclosure of Targeted Advertising and Right to Opt-Out (Colorado, Connecticut, Utah, & Virginia): If you are a resident of Colorado, Connecticut, Utah, or Virginia, you have the right to know what information of yours we have processed for targeted advertising. We do not engage in targeted advertising.
  • Right to Non-Discrimination: We do not and will not discriminate against you if you exercise your rights under the CPA, CTDPA, NPICICA, UPA, or VCDPA.

Exercising Your Rights under Your States’ Consumer Privacy Statute

To exercise the rights described in this Privacy Notice, please submit a verifiable consumer request to us:

Only you, or someone legally authorized to act on your behalf (if in California, the person legally authorized to act on your behalf must be registered with the California Secretary of State), may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include the user’s:

  • First name
  • Last name
  • Email address
  • Please describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to your request.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information that relates to you. If we cannot initially verify your identity or authority, we will follow internal procedures to verify your identity and authority. We attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, and to the extent that we are able, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the Personal Information from one entity to another entity. If we are not able to do so, we will let you know.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you have any questions or comments about your rights under the CCPA, CPRA, CPA, NPICICA, VCDPA, and CTDPA please contact us at info@proteorusa.com

Users from Outside of the United States

  • General: By using the Services you acknowledge and agree that: (i) your information will be processed as described in this Privacy Notice; and (ii) you consent to have your information transferred to us and our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Notice.
  • European Economic Area (EEA) or Switzerland: If you are based in the EEA or Switzerland, you acknowledge and agree that we may transfer your information (including personal information) to us and our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Notice. Please review our Terms of Service and the applicable services agreement for more information regarding any other applicable data protections.
  • Legal Basis for processing your information: If you are a user located in the EEA or Switzerland, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we may also have a legal obligation to collect personal information from you. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details set forth herein.

Canadian User Rights – PIPEDA

We make every effort to cooperate with you in compliance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and all federal and provincial laws and regulations, including those related to privacy and anti-spam legislation.

PIPEDA aims to protect the privacy rights of individuals by regulating how organizations handle their personal information and fostering transparency, accountability, and consent in the collection and use of personal data.

This Privacy Notice and any applicable agreement you enter in with us detail our obligations in regard to confidentiality, transparency, accountability, and consent in the collection and use of data. PIPEDA compliance are predicated on all Parties’ compliance with these provisions.

Further, with regard to PIPEDA’s ten “fair information principles” forming the ground rules, so to speak, for how Personal Information should be collected and disclosed, the Privacy Notice complies with that as well. The goal of the Fair Information Principles is to examine any collection and use of Personal Information, and ensure that it only be used in such a way that a reasonable person would consider appropriate in the circumstances. We comply with that ask by being fully transparent and open with regard to all of its policies, and approaching them in not only a fully reasonable manner, but also in a cautious manner looking toward protecting all Personal Information.

GDPR

The goal of the GDPR is to standardize data protection laws and processing across the EU, and to give individuals stronger, more consistent rights to access and control their personal information. We are committed to ensuring the security and protection of all personal information that we process, and to approach data protection in a compliant and consistent manner. We have developed and are continuously implementing and updating our data protection roles, policies, procedures, controls, and measures to ensure compliance.

In most processing contexts, We act as a processor or service provider for a controller clinic or certifying entity. In those situations, where required by applicable law, We only transfer personal data to third countries or international organizations where the controller clinic or certifying entity has authorized us to do so in accordance with applicable law.

When we transfer information from individuals in the EEA to countries that have not received an adequacy finding under Article 45 of the GDPR, we rely on alternative adequate safeguards, such as the contractual mechanisms set forth in Article 46 of the GDPR or derogations for specific situations set forth in Article 49 of the GDPR. In the limited situations where we act as a controller and rely on a cross-border transfer mechanism under Article 49, we only collect and transfer your information to third countries: (i) with your consent; (ii) to perform a contract with you; or (iii) to establish, exercise, or defend legal claims.

Methods of Compliance

  • Information Audit: We periodically audit information to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
  • Policies & Procedures: We monitor and update data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
  • Data Retention & Erasure: We have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right To Be Forgotten’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response time frames and notification responsibilities.
  • Data Breaches: We have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time, and have disseminated these to all employees.
  • International Data Transfers & Third-Party Disclosures: We carry out strict due diligence checks with all recipients of personal information to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
  • Subject Access Request (SAR): We have revised our SAR procedures to accommodate the revised 30-day time frame for providing the requested information and for making this provision free of charge. Our procedures detail how to verify the data subject, what steps to take for processing an access request, and what exemptions apply to ensure that communications with data subjects are compliant, consistent and adequate.
  • Legal Basis for Processing: We reviewed all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the related activity. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
  • Privacy Notice/Policy: We have revised our Privacy Notices to comply with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
  • Direct Marketing: We have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions, a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
  • Processor Agreements: Where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting, etc.), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organizational measures in place and compliance with GDPR.
  • Special Categories Data: Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed when we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Further, in general, we do not request or require sensitive or special category information about you, including:
    • Racial or ethnic origins
    • Political opinions
    • Religious or philosophical beliefs
    • Trade-union membership
    • Genetic data
    • Biometric data
    • Data regarding Your health (including mental or physical health), sex life, or sexual orientation
    • Criminal records
    • Credit history and creditworthiness
    • Citizenship or immigration status

Rights of Data Subject

  • Right of access: You can access your collected personal information.
  • Right to correct, update, or delete: You can correct, update, or request deletion of your personal information.
  • Right to restriction of processing: You can ask us to restrict processing your personal information.
  • Right to object to processing: You may object to the processing of your personal information by us at any time. This right does not exist if we have already processed your personal information.
  • Right to data portability: You can ask to take your personal information that you provided to us, in a structured format.
  • Right to withdraw consent: You have the right to withdraw your consent to our processing of your information. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to file a complaint with the local supervisory authority: You have a right to raise questions or complaints with your local data protection authority at any time.