This privacy notice (“Notice”) describes how Nevro Corp. (“Nevro”, “us” or “we”) collects and processes patient (“Patient”, “you”, “your” or “yours”) personal information obtained when using the App (“Personal Data”). We are committed to protecting the privacy of our customers and patients (“Patients”, “you” or “your”).
This Notice may be amended and replaced from time to time and Nevro will notify you of material amendments in advance of such amendments becoming effective.
1. Personal Data We Collect
We may collect the following types of Personal Data when you voluntarily input Personal Data into the App. We also automatically collect Personal Data such as, device-related data, when you interact with the App.
We collect and process the following types of Personal Data:
- (a) Basic identification information and contact details: your name, mobile telephone number, address, e-mail address, Nevro patient ID, date of birth;
- (b) Information about your health: pain scores and outcomes data (activity level increase or decrease, medication increase or decrease, overall pain relief), other information you input into forms or text boxes in the App, effectiveness of particular programming settings, desired activities;
- (c) Data about your Nevro device: unique device identifier (medical device model and serial number), programming history, device diagnostics, device programming settings;
- (d) Usage data: data about your activities and use of the App, usage history, browser history, IP address;
- (e) Data about your mobile device: device ID, operating system, browser type, other device or network information.
2. Use of Personal Data
We may process your Personal Data for the purposes set out below:
- (a) To enroll you into the App for account activation and to communicate with you (including, to provide you with customer support);
- (b) To provide you with the therapy optimization services;
- (c) To provide you with technical support;
- (d) To provide, maintain, and increase the safety and security of the App, including uploading patches to the App;
- (e) To operate, maintain, improve, provide, create, and develop all of the features, functionalities (new and existing) found on the App or other Company products;
- (f) To comply with regulatory obligations and other legal obligations.
3. Sharing of Personal Data with third parties
Nevro may disclose certain Personal Data for the above purposes to the following third-party recipients:
We disclose your Personal Data to service providers and partners who work on our behalf, such as:
- (a) Analytics partners that provide analytic data resources such as crash reports;
- (b) Service providers of cloud computing and storage facilities and resources to store the Personal Data, including Salesforce (https://www.salesforce.com/), Amazon Web Services (https://aws.amazon.com/), and Snowflake (https://www.snowflake.com/en/).
We may also disclose your Personal Data to physicians and other medical staff that provide healthcare and treatments to you.
Your Personal Data may also be transferred as part of a bankruptcy, merger, acquisition, reorganization, or sale of Nevro’s assets if we are involved in such a transaction, including any evaluation of such a transaction.
We may disclose your Personal Data if we believe it is necessary to comply with law, regulation, legal process, or governmental requests such as court orders, subpoenas, or warrants in the manner allowed by law. We also may disclose your Personal Data when we believe, in good faith, that disclosure is appropriate or reasonably necessary to (i) protect Nevro from fraudulent, abusive, or unlawful uses; (ii) to investigate and defend ourselves against third-party claims or allegations; (iii) to protect the security or integrity of Nevro; (iv) or to protect your rights, property, or safety, of Nevro’s and of others.
4. Geographic Limitations
The App is intended for use within the United States. All Personal Data related to the App may be stored in and transmitted to the United States or jurisdictions outside the United States by us, and you expressly consent to such storage and transmission.
5. Retention of your Personal Data
Your Personal Data will be stored for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements, including statutory retention obligations.
To determine the appropriate retention period, the amount, nature, and sensitivity of the Personal Data are considered, together with the necessity and purposes for the processing (including, whether such purposes can be achieved through other means) and the potential risk of harm from unauthorized use or disclosure of the Personal Data. In exceptional cases your Personal Data may need to be kept for longer periods of time, for example, due to ongoing litigation procedures or where the law requires us to do so.
6. Data Security
We take reasonable steps and use industry standard security safeguards of a physical, electronic and procedural nature to protect Personal Data from loss and unauthorized access, modification, disclosure, inappropriate alteration or misuse.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. Data security incidents and breaches can occur due to a variety of factors that cannot reasonably be prevented; therefore, our safeguards may not always be adequate to prevent all breaches of security.
7. Your rights
Subject to restrictions or limitations, you may have certain rights with respect to your Personal Data, as follows:
- Right of access – to obtain information regarding the processing of your Personal Data, including the right to obtain a copy of the processed Personal Data;
- Right of rectification – to request amendments to any inaccurate Personal Data or to complete any incomplete Personal Data;
- Right of erasure – to request for the deletion of your Personal Data that we hold. However, we may not always be able to delete your Personal Data for legal and regulatory reasons;
- Right to restriction of processing – to request that we restrict or suppress the processing of your sensitive Personal Data or opt-out of processing for profiling/targeted advertising purposes;
- Right of portability – to receive certain Personal Data that you have provided to us, in a machine-readable form and/or that we transmit it to a third party with your express authorization.
You can exercise your data subject rights by submitting a request at the link at the top of Nevro’s Online Privacy Notice available here: https://nevro.com/English/en/privacy/default.aspx or by emailing us at [email protected].
8. Contact details
You may contact our Chief Privacy Officer if you have any inquiries or feedback on our Personal Data protection policies and procedures, or if you wish to make any request, by reaching out to us at [email protected].