1. INFORMATION WE COLLECT
1.1 Information you voluntarily provide to us
We collect personal information about you – that is, information that relates to you and which either on its own or in combination with other pieces of information can be used to uniquely identify you. This includes your name, address, phone number, e-mail address, and responses to specific questions (e.g., reasons for visiting our Site). We collect this information when you voluntarily provide it to us, such as when you fill out a job application through our Careers page, fill out requests for information, register for an event, or listen to webcasts through our Sites. We may also record the types of product information you have requested on our Sites.
1.2 Job applicant data
If you fill out a job application through our Careers page, you may be given the opportunity to provide your gender, race, ethnicity, and veteran status. Provision of this sensitive information is voluntary and is not a requirement of employment. We only collect this information in order to monitor compliance with employment and equalities legislation, and providing this information will in no way affect the decision regarding your application for employment. This information will be kept confidential.
You will also be prompted for relevant personal information including, but not limited to, address, phone number, e-mail address and employment history. This information is necessary for us to process your application, and if you do not provide it, it may not be possible for us to process or accept your application.
1.3 Information collected automatically
We collect certain types of non-personal information from you automatically through the use of "cookies" and 1-pixel gifs, and also extract other information about your device and browsing information. Cookies are small text files that your web browser places on your computer’s hard drive. 1-pixel gifs are tiny graphic image files embedded on certain pages of our Sites that send certain information from your web browser back to our servers. The other information we collect includes your IP address (a unique number that identifies your access account on the Internet), domain, and web browser information.
We combine the personal information collected from you with the information collected automatically for the purposes set out below.
2. HOW DO WE USE THE INFORMATION THAT WE COLLECT?
We use your personal information primarily to:
- respond to questions or requests submitted by you, in order to meet our business interests in providing an efficient and helpful service to visitors to our Sites;
- send you requested product or service information, to meet our business interests in providing our services to visitors to our sites;
- process applications submitted by you (including job applications) and create employment records for applicants we hire. We do this to take the steps required before entering into a contract with you, and if we do enter into a contract, to meet our obligations under that contract;
- conduct market research, including surveys and analysis, which is necessary to meet our business interests in understanding the market and adjusting our business accordingly;
- improve our products, services and Sites, and personalize your experience on our Sites, in order to meet our business interests in providing you the best service possible;
- contact you about changes affecting our Sites, or the information collected about you, where necessary to inform you about changes, to meet our business interests in ensuring that you understand the ways we use your information and how our Sites operate.
When you have provided your consent, or when we are otherwise legally entitled to do so, we use your personal information for direct marketing. You can opt out at any time using the mechanisms described below. Where we use your personal information to meet our business interests, you can object to those uses of personal information by contacting us using the details below.
Additionally, if at any time you wish us to stop using your personal information for any or all of the above purposes, please contact us as set out below. Where required by law, we will stop the use of your personal information for such purposes as soon as it is reasonably possible to do so.
3. HOW WE SHARE INFORMATION WITH THIRD PARTIES, AND WHY
We share your personal information with our subsidiaries and affiliates, who use your personal information in the ways described in this notice.
We also share certain personal information with third parties, including current or potential business partners, for a number of reasons, including, but not limited to, direct marketing and market research. These service providers generally act solely on our instructions and on our behalf for the purposes described above.
Notwithstanding anything else in this policy, we may also disclose to third parties personal information: (a) to respond to a request that you have made as described above; (b) to comply with legal obligations, such as when required by a valid legal mechanism such as a search warrant, subpoena, or court, governmental, or administrative order, or when required to report information regarding use of our products; (c) when necessary to protect our interests in ensuring the integrity of our Sites or the safety of Site users, our employees, or property; or (d) if we sell some or all of our assets or there is another transfer of our business. In such event, we may retain a copy of the transferred information.
4. USE OF PERSONAL INFORMATION OUTSIDE YOUR HOME COUNTRY
NxStage uses and stores the personal information it collects on servers located primarily in the United States, but also in other countries and territories. The third parties with which we share personal information are also located in the United States and other countries, and these countries may not be considered to provide the same level of protection as the country in which you live.
When we transfer your personal information to these countries and territories, we put in place safeguards, including contractual commitments, to ensure your personal data is subject to a level of protection which has been approved by law.
In particular, NxStage Medical, Inc. is certified to the EU-U.S. Privacy Shield Framework. Accordingly, our privacy practices for all personal information received in the U.S. from the EU are subject to this framework and are consistent with the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and enforcement. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our U.S.-based third party dispute resolution provider (free of charge), the BBB EU Privacy Shield Dispute Resolution Procedure, (contact information is available at http://www.bbb.org/EU-privacy-shield/for-eu-consumers).
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
5. YOUR RIGHTS AND CHOICES OVER YOUR PERSONAL INFORMATION
We strive to give you ways to update your personal information or to delete it unless we have to keep that information for legitimate business or legal purposes. Subject to local law, you also have certain rights over your personal information. These include the following rights to, in certain circumstances:
- Access and receive a copy of your personal information;
- Restrict our use of your personal information;
- Object to our use of your personal information; and
- Receive your personal information in a usable electronic format and transmit it to a third party (the right of ‘data portability’).
If you would like to discuss or exercise these rights, please contact us using the details below. We will contact you if we need additional information from you in order to honour your requests.
6. STORAGE OF YOUR INFORMATION
We will keep your personal information for as long as we have a relationship with you and until you opt out of receiving communications from us (see Section 9), for example for as long as your job application is ongoing or for as long as we are responding to your question or request for information. We will retain your personal information for a period of time that enables us to:
- Maintain business records for analysis and/or audit purposes
- Comply with record retention requirements under the law
- Defend or bring any existing or potential legal claims
- Deal with any complaints regarding the services
We will delete or anonymize (such that you cannot reasonably be reidentified using any means available to us) your personal information when it is no longer required for these purposes.
7. CHILDREN’S ONLINE PRIVACY PROTECTION
Our Sites are not targeted to children, and we do not knowingly collect personal information from children under the age of 16 on our Sites. Our Sites are entirely aimed at adults. We do not filter advertisements or other content that children may view through the public portions of our Sites.
8. HOW E-MAIL LINKS ARE TREATED
We use e-mail links located on the "Contact Us" page or on other pages on our Sites to allow you to contact us directly with any questions or comments you may have. We attempt to read every message we receive and try to reply promptly to each one. The information you provide when you contact us is used to respond directly to your questions or comments and may be shared within the Company. We may also file your comments to improve the Sites and learning programs, or review and discard the information.
9. HOW TO OPT OUT OF RECEIVING COMMUNICATIONS FROM NXSTAGE
At any time, you may request that we stop sending you communications. We will process your request as promptly as possible, though you may receive another contact before the removal takes effect. Our Sites give you the following options:
If you do not wish to receive further e-mail communications, further direct mail, telephone, or other communications send an e-mail to email@example.com with the word UNSUBSCRIBE in the subject line. Please include your first name, last name, address, city, state, zip code, and phone number to ensure we can process your request.
If you do not wish to receive further e-mail communications from Investor Relations, send an e-mail to: firstname.lastname@example.org with the word UNSUBSCRIBE in the subject line. Please include your first name, last name, firm affiliation (if any) and phone number to ensure we can process your request.
If you prefer, you can send us a letter describing your opt-out request at the following address. Please include your first name, last name, address, city, state, zip code, and phone number to ensure we can process your request:
NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843 USA
Attn: Colleen Moore, Marketing Communications
10. PRIVACY CHOICES
You can control the use of information collected about you through our Sites.
Our Sites may contain links to other websites. NxStage is not responsible for the privacy practices or the content of such websites. Additionally, the existence of any external link does not suggest that we endorse the linked company or its products or services. We recommend that you read the privacy policies of each website that you visit.
12. OTHER TERMS AND CONDITIONS
13. CHANGES TO THIS POLICY
14. NOTICE TO US RESIDENTS OF THE STATE OF CALIFORNIA ABOUT YOUR CALIFORNIA PRIVACY RIGHTS
All requests for such information must be in writing and sent to NxStage’s designated address:
NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843
Attn: Legal Department
15. QUESTIONS REGARDING PRIVACY
If you have any questions about this privacy statement or our practices, you may contact:
NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843 USA
Attn: Privacy Officer
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of the country in which you live using their website.
Revised May 20, 2018