Surgalign Spine Technologies Web Privacy Policy and Transparency Disclosure Notice

General Information 

Surgalign Spine Technologies and its subsidiary and affiliate entities (“Surgalign”) are committed to protecting the privacy and security of personal data in our custody. 

Surgalign maintains a network of websites, including  http://www.surgalign.com/, https://coflexsolution.com/, https://simmetrytherapy.com/ (collectively referred to as the “Site”). Surgalign Spine Technologies’ Web Privacy Policy and Transparency Disclosure Notice (“Policy”) describes how Surgalign collects and uses personal data received through its Site and is provided as part of Surgalign’s compliance with the European General Data Protection Regulation (“GDPR”). 

All references to “you” and “your” in this document refer to the individual whose personal data may be processed by Surgalign. 

It is important that you read this notice so that you are aware of and understand how and why we are using such information and how your personal data is processed. 

Surgalign is a data controller. This means that we are responsible for deciding how we hold personal data about you. Our Data Protection Officer or his/her designee oversees compliance with issues in relation to this notice. If you have any questions about this notice, require this notice in a different language, or have a request to exercise your legal rights as set forth in this notice, please contact our Data Protection Officer using the details set out below: 

Data Protection Officer
Surgalign Spine Technologies
520 Lake Cook Road
Suite 315
Deerfield, IL 60015
DPO@surgalign.com

This notice may be updated from time to time. This version is dated June 15, 2020. Previous versions may be obtained by contacting our Data Protection Officer. By agreeing to this Policy and continuing to use the Site, you are consenting the use of your personal data as outlined in this Policy and representing that you are sixteen (16) years of age or older or have the consent of a parent/legal guardian processing of your personal data related to your use of this Site. You will also be asked to review and consent to this Policy prior to submission of the webforms noted below. 

Global Data Protection Regulation (GDPR) 

What Data We May Collect 

General Browsing

When you visit our website, Surgalign collects information about you including: 

    • IP address 
    • Cookies 
    • Device information 
    • Log file 

Some of this data may be “non-personally identifiable information,” meaning that standing alone it is insufficient to identify a specific individual. However, if combined with other personal information, it may be sufficient to identify an individual and will be treated as personal data for as long as it is combined. 

Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the Site and to compile statistical reports on Site activity. For further information visit www.aboutcookies.orgorwww.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. You will still be able to use our Site with cookies disabled, however, some of our Site features may not function as a result. 

Surgalign’s Site also has multiple different areas from which additional personal data may be requested as part of webform submissions. 

Donation and Sponsorship Request Form

As part of its corporate social responsibility policySurgalign provides financial and in-kind sponsorship to charitable organizations in the communities we have facilities as well as to charitable organizations that support science education, organ and tissue donation, and healthcare. These sponsorship requests are conducted via a webform (or via a similar address per your relevant location and language preferences as detected by IP address and/or cookies as noted under “general browsing”) 

Personal data Surgalign collects from you to review these sponsorship request submissions includes: 

    • Name 
    • Charitable entity with which you are associated 
    • Address of charitable entity with which you are associated 
    • Title or job description of your position with the charitable entity 
    • Email address 
    • Age (verification that you are over the age of sixteen) 
    • Identification of any officers or board members of your charitable organization that are healthcare professionals 
    • Other data (some fields are free form so a user may include additional personal data in these fields) 

Product Information Request Forms

On occasion, Surgalign hosts webforms allowing individuals to request additional information about Surgalign products. This is an example of such a form https://www.surgalign.com/contact-us/ (or via a similar address per your relevant location and language preferences as detected by IP address and/or cookies as noted under “general browsing”) 

Personal data Surgalign collects from you when using these product information request forms includes: 

    • Name 
    • Email address 
    • State 
    • Relevant job type (i.e. – surgeon or medical device distributor) 
    • Age (verification that you are over the age of sixteen) 
    • Name 
    • Email address 
    • Phone number 
    • Age (verification that you are over the age of sixteen) 
    • Other data (some fields are free form so a user may include additional personal data in these fields) 

Contact Us Forms

Surgalign hosts webforms on its website for individuals to contact us with comments, questions, concerns, compliments or complaints on both the Surgalign site. These webforms are located at https://www.surgalign.com/contact-us/(or via a similar address per your relevant location and language preferences as detected by IP address and/or cookies as noted under “general browsing”),  

Personal data Surgalign collects from you to when using these “Contact Us” webforms includes*: 

*Note – to allow for confidential reporting of ethical concerns, the “name,” “email address,” and “phone number” fields are optional to include when submitting messages to the ombudsman. 

Newsletters

Surgalign is a publicly traded company and manages news alerts for individuals interested in investment related matters. The webform for signing up for this newsletter is located at https://www.surgalign.com/contact-us/ (or via a similar address per your relevant location and language preferences as detected by IP address and/or cookies as noted under “general browsing”) 

Personal data Surgalign collects from you when signing up for these newsletters includes: 

    • Name 
    • Email address 
    • Company and job title (for the Surgalign investor newsletter only) 
    • Age (verification that you are over the age of sixteen) 

Where We Might Collect Data 

Surgalign might collect your personal data from various sources, including: 

    • You (e.g. by visiting our Site and/or filling out forms) 
    • The charitable organization with which you are associated (i.e. – in requesting additional information to process donation and sponsorship request submissions) 
    • Publicly available sources (i.e. – as part of due diligence research related to donation and sponsorship request submissions) 

Purpose, Legal Basis, and Retention Period of Data Collected 

General Browsing 

Personal data collected for general browsing purposes is used to provide you a better experience in using our Site as well as for us to improve our Site design and services. The legal basis for this processing of your personal data is your consent. You are free to withdraw your consent by contacting our Data Protection Officer. Surgalign will not engage in further processing of your personal data after the point of revoking consent, however, returning to our Site would constitute renewed consent for collection of personal data related to general browsing. 

Donation and Sponsorship Requests

Surgalign engages in donation and sponsorship activities via contracts with charitable organizations and or individuals engaged in charitable projects (e.g., healthcare professionals participating in Doctors Without Borders who wish to request in-kind donation of products). 

All personal data collected related to donation and sponsorship requests is used by us for pre-engagement work – including due diligence screening – leading to the execution of a contract, communications during course of performance of a contract, renewals of a contract, disputes related to a contract, and/or resolution of a contract. 

For contracts with individuals, the legal basis for this processing of your personal data is that it is necessary for the performance of a contract to which you are a party or necessary in order to take steps prior to entering into such a contract. 

For contracts with charitable organizations, the legal basis for this processing of your personal data is your consent to serve as a contact point on behalf of your charitable organization related to the contracting process outlined above. You are free to withdraw your consent by contacting our Data Protection Officer. If consent is revoked at the initiation of the contracting process, Surgalign would securely destroy all your personal data. If consent is revoked at later stages of the contracting process, Surgalign may retain your personal data for its legitimate business interest of documenting the course of performance and business communications related to the contract prior to the point of revoking consent. Surgalign will not engage in further processing of your personal data after the point of revoking consent. 

If you decline to provide this data, Surgalign may be unable to go forward with the contracting process with you or your charitable organization or may be unable to perform contract terms of an existing contract. 

Product Information Requests and Contact Us Communications

Personal data collected by submitting Product Information Request or Contact Us webform submissions is used to respond to your inquiries. The legal basis for this processing of your personal data is your consent. Surgalign will not engage in further processing of your personal data after the point of revoking consent. 

For messages to the ombudsman, any personal data submitted is used as part of the investigation of the ethical concern noted in your communication. Messages to the ombudsman are treated with confidentiality, and unless required to complete a full investigation of the matter alleged or required by law, personal data included in messages to the ombudsman is not shared with other individuals. Surgalign’s legal basis for this processing of your personal data is that Surgalign has a legal obligation to investigate allegations related to violation of law or breach of ethical duties. 

News Alerts

Personal data collected by signing up for one of our news alerts is used to communicate with you regarding investment. The legal basis for this processing of your personal data is your consent. You are free to withdraw your consent by contacting our Data Protection Officer or by using the “unsubscribe” feature on any of the emails. Surgalign will not engage in further processing of your personal data after the point of revoking consent. 

Surgalign does not use personal data collected from its Site for profiling or marketing – other than providing responses to the product information requests and contact us submissions noted above. Automated decision-making processing of personal data is limited to cookies and other web browsing tools that allow us to provide you with a better and more personalized experience on the Site (i.e., detecting your general location and related language to present the site in the language we believe you are most likely to be fluent). 

Personal data will only be used for the purpose(s) outlined above unless Surgalign reasonably considers that it needs to use it for another reason that is compatible with the original purpose. If you wish to determine if your personal information has been used for another purpose and, if applicable, receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer. 

If Surgalign needs to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which would allow Surgalign to do so. 

Please note that Surgalign may process your personal data without your knowledge or consent where such is required by law. 

Surgalign only maintains personal data only as long as necessary to conduct the legitimate business purposes outlined above or as may be otherwise required by law. After this time, personal data is securely destroyed. Surgalign may, however, continue to store anonymous or anonymized information, such as Site visits, without identifiers, in order to improve our Site design and services. If you want further details related to the period of time your personal data will be stored, please contact our Data Protection Officer. 

Identities of Data Controllers and Data Security Measures 

To protect your personal data, Surgalign ensures that access to your personal data is limited to individuals performing functions related to the legitimate business purpose for which it was collected. Additionally, individuals engaged in compliance, internal audit, or data protection and security functions on behalf of Surgalign or individuals who may be involved in handling disputes related to a contract (for donation and sponsorship requests) may have access to your personal data. These individuals are usually Surgalign employees, however, on occasion Surgalign employees third parties for some of these functions. To protect your personal data, Surgalign requires that third parties with which it shares personal data contractually agree to the relevant privacy principles of this Policy or with relevant data protection principles called for under the GDPR or other relevant data protection laws based on the type of personal data shared. 

Our Data Protection Officer can advise you on the identities of other parties or individuals with whom we have shared your personal data. 

Surgalign has put into place appropriate security measures to prevent your personal data from being accidentally lost, used/accessed in an unauthorized way, altered, or disclosed. 

Surgalign has put into place procedures to deal with any suspected data breach which exposes personal data and will notify you and any applicable data protection authority of a breach where we are legally required to do so. 

Hyperlinks 

Surgalign’s Site may contain links to websites operated by other entities. This Policy applies only to the websites outlined in the “General Information” section in which “Site” is defined. Privacy policies for any third party sites and services may differ from Surgalign’s Policy. Upon linking to a third party website, you should read and review their privacy policies to ensure protection of your personal data. 

Surgalign 

International Transfers 

Surgalign has its headquarters in Deerfield, Illinois, USA. As such, personal data outlined above will be transferred outside of the European Economic Area (EEA). Such transfers would always be made in compliance with the requirements of the GDPR. If you would like further details on how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer. 

Your Rights 

If you have any questions about this privacy notice or about Surgalign’s use of your personal data, please contact our Data Protection Officer. Under certain conditions, you may have the right to require Surgalign to: 

    • Provide you with further details on the use Surgalign makes of your personal data 
    • Provide you with a copy of the personal data you have provided to Surgalign in a format that facilitates portability of your personal data 
    • Provide you with a copy of the personal data Surgalign has about you from other sources as well as the source from which Surgalign obtained this data, and if applicable, whether it came from a publicly accessible source(s) 
    • Update any inaccuracies in your personal data Surgalign holds 
    • Delete any personal data that Surgalign no longer has a lawful basis to hold or use 
    • Where processing is based on consent, withdraw your consent so that Surgalign stops that particular processing 
    • Object to any processing based on the legitimate interests ground unless Surgalign’s reasons for undertaking that processing outweigh any prejudice to your data protection rights 
    • Restrict how Surgalign uses your personal data while a complaint is being investigated 
    • Have Surgalign pass along to any entities with which it has shared your personal data your request to update inaccuracies, delete data, or restrict processing 

In certain circumstances, Surgalign may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of a crime) and Surgalign’s interests (e.g., the maintenance of legal privilege). 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, Surgalign may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternately, we may refuse to comply with your request in these circumstances. 

Surgalign may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to an unauthorized person (i.e. someone who may be impersonating you). 

Surgalign tries to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made multiple requests. In this situation, Surgalign will notify you and keep you updated as to a timeline for completion of your request. 

For residents of the European Union, if you are not satisfied with Surgalign’s use of your personal data or Surgalign’s response to any request by you to exercise any of your rights, or if you suspect that Surgalign may have breached the requirements of the GDPR, then you have the right to lodge a complaint with a member state supervisory authority for data protection issues. You may locate the relevant data protection authority by consulting the European Commission’s online directory. 

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm 

Surgalign would appreciate the opportunity to deal with your concerns directly before you approach a supervisory authority and respectfully request you contact us prior to engaging a data protection authority. Please direct communication to 

Data Protection Officer
Surgalign Spine Technologies 
520 Lake Cook Road
Suite 315
Deerfield, IL 60015
DPO@surgalign.com

California Consumer Privacy Act 

Surgalign complies with the California Consumer Privacy Act. To understand what personal information we collect, use and disclose about California residents, click here to view our . California Consumer Privacy Policies.  If you are a California resident and would like to make a request to access or delete your information, please contact our Data Protection Officer, at DPO@surgalign.com.  

 

CALIFORNIA RESIDENTS 

The following provisions apply to the personal data of California residents collected by Surgalign, whether collected online or offline. These provisions supplement the other sections of the Privacy Policy. 

We do not sell personal data about California residents. 

During the past 12 months we may have engaged in delivering online advertising that was tailored to your interests, which might be deemed to be a sale of data under the California Consumer Privacy Act, but we did not disclose data that would identify you by name, address or phone number.  

CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND DISCLOSE 

Listed below are the categories of personal data about California residents that we collect and disclose for a business purpose. For more information about how we disclose your personal data, refer to the How We Share Your Personal Data Section above. 

    1. NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, user name, social security number, tax ID, driver’s license number, passport number, or other similar identifiers.  Employees; candidates for employment; contractors; health care providers; investigators; patients; clinical trial participants; caregivers; website visitors.
    2. CUSTOMER AND OTHER RECORDS: Paper and electronic customer records containing personal data, such as name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurancepolicy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Employees; candidates for employment; contractors; patients; clinical trial participants; employees; caregivers;
    3. PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, color, sex, gender, age, national origin, disability, and citizenship status.Employees; candidates for employment; contractors; health care providers; investigators; patients; clinical trial participants; caregivers
    4. PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of products or services considered, purchased or owned.
    5. AUDIO/VISUAL: Audio, electronic, or visual recordings, or similar information.
    6. EMPLOYMENT HISTORY: Professional or employment-related information.
    7. EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

As described in the Data We Collect And Use Section above, we collect this personal data from you and from other categories of sources: public databases; social media platforms; and other third parties, when they share the information with us. 

Also as described above in the How We Use Personal Data Section we may use this personal data to serve you; to connect you with third parties; to validate your ability to access and/or use certain products, services and information; to improve products and services; to protect patients and consumers; and in accordance with special program terms. In addition, we may use employee personal data to manage our workforce, to perform workforce analytics, to communicate and handle emergencies, to conduct our business operations, for compliance purposes and for monitoring and investigations. 

INDIVIDUAL RIGHTS 

Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months: 

    • Copy: You may request a copy of the specific pieces of personal data that we have collected about you in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows you to transmit this information to another entity without hindrance. 
    • Deletion: You may request deletion of your personal data that we have collected about you. 
    • Know: You may request that we provide you certain information about how we have handled your personal data in the prior 12 months, including the: categories of personal data collected; 

We will not discriminate against you for exercising these rights. 

Submitting Requests. You may submit requests to delete, copy and/or know personal data we have collected about you by emailing us at: DPO@surgalign.com. We will respond to your request consistent with applicable law.