Notice of Privacy Policy and Practices
Introduction
This Privacy Policy (this “Notice”) applies to the software and information services we offer through our website located at https://www.kestramedical.com, websites, services, and communications sent as part of, in connection with, or relating to such software and information services (our “Services). We are committed to protecting the privacy of patients, customers, and partners.
By using the Services, you are consenting to our collection, use, disclosure, and transfer of your information as described in this Notice. This Privacy Policy is not a contract and does not create any contractual rights or obligations.
About Kestra Medical Technologies, Inc.
At Kestra Medical Technologies, Inc. (“Kestra”), it is our mission to provide innovative, intuitive medical technologies to protect and support at-risk patients. At the heart of Kestra is an uncompromising commitment to the highest quality our customers expect and patients trust.
Throughout this Notice, “Kestra” refers to Kestra Medical Technologies, Inc., including its affiliated companies and subsidiaries (also referred to as “we,” “us” and “our”). You can find information on how to contact us in the section titled “Contact Information” below. You can also find additional contact and location information on our website at: https://kestramedical.com/contact
In this Notice, we do not include Protected Health Information in the definition of personal information because Protected Health Information has different treatment under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”). Accordingly, if you are a patient of a health care provider, our use of such information is governed by our agreement with your provider and applicable law, including without limitation, HIPAA. Kestra does not collect PHI via the website. Please submit all requests and questions related to your Protected Health Information directly to your health care provider.
Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case Kestra will comply with local legal requirements, to the extent applicable. If you reside in California, Colorado, Connecticut, Utah or Virginia, the section titled “Locale Specific Law Privacy Rights” below may apply to you.
Information We Collect and How We Collect It
When you use our Services, Kestra may collect information about you, including:
- Personal information, which means information that identifies an individual or relates to an identifiable individual or household. Personal information may include your name and contact information, such as your mailing address, email address, and phone number. We collect this information directly from you, for example, when you submit information through our Services, complete one of our webforms or applications, or communicate with a Kestra agent.
- Usage Data, which is information that we automatically collect about your Internet or other electronic network activity, including your use of the Services and the sort that Web browsers and servers typically make available, through Web server logs, Web beacons, cookies and other similar tracking technologies, about the devices you use to access our Services, as well as information on how you interact with our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your location; computer and connection information such as your browser type and version; operating system and platform; and the URLs which lead you to and around the Services including the date and time of access. Usage Data generally does not directly identify an individual but may constitute Personal information in some instances. We use this information to ensure you have a good experience and can identify issues to serve you better.
- Electronic Funds Transfer (EFT) information, credit card information and banking information in order to process your transactions (as set forth below); and
- Any other information you choose to provide, such as during telephone interviews with our agents.
Payment Information
Some Kestra Services support payments and transactions with third parties requiring you to provide information for identification and verification for payment. This information is collected and protected according to credit card industry guidelines, better known as PCI-DSS (Payment Card Industry Data Security Standard) ("Payment Card Information"). By submitting your Payment Card Information, you expressly consent to the sharing of your information with third-party payment processers and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties).
Career Data
Kestra partners with Workable to aid career registrants and Kestra in identifying, recruiting, and hiring qualified candidates. You can find the Workable Privacy Policy here: https://www.workable.com/privacy.
Surveys, Feedback, and Informational Programs
Kestra partners with Workable to aid career registrants and Kestra in identifying, recruiting, and hiring qualified candidates. You can find the Workable Privacy Policy here: https://www.workable.com/privacy.
Cookies
We collect information about you and your devices through cookies and web beacons. A "cookie" is a small data file sent from a website and stored in your browser to identify your Device in the future and allow for an enhanced personalized user experience based on your previous activity on the website. A "session cookie" disappears after you close your web browser or may expire after a fixed period. A "persistent cookie" remains after you close your web browser and may be accessed every time you use our Services. We may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings to your desired settings. For more information about our cookie practices, please see our Cookie Policy (https://kestramedical.com/cookie-policy).
On our website (e.g., https://kestramedical.com), we specifically use Google Analytics cookies which enables us to collect certain data about your visits to our website, including:
- Your IP address;
- The pages on our website that you visit;
- The time you spend on certain pages on our website; and
- Various other statistics such as user agent string, browser version, and Operating System (OS) version.
Google’s ability to share and use your information collected via Google Analytics is restricted by the commitments made in the Google Analytics Terms of Service and the Google Privacy Policy. Some third parties may allow you to opt-out of targeted advertising based on this information. You can find more information about these opt-outs from the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).
When you access or use the Services, Kestra may collect personal information in the following ways:
- Information You Provide to Kestra: Kestra collects personal information when you use and interact with the Services, such as when you complete and submit forms to us on our Services, or when you communicate with Kestra about our Services whether by letter, e-mail, online chat window, or telephone.
- Information that Kestra Collects Automatically: When you use the Services, Kestra may automatically collect Usage Data subject to the settings of your device that you use to access the Services. Kestra may use this data to analyze trends and statistics to improve your online experience or our customer service.
- Information from Other Sources: We may receive or proactively gather information about you from other sources and add it to information we otherwise have about you for any purpose described in this Notice. This may include situations where a third party seeks to communicate with you through the Services or establish an "Integration".
How We Use Your Information
We use personal information about you, including personal information, for the following purposes, or as otherwise described in this Notice:
- To develop, operate, improve, deliver, maintain, and protect our Services including new functionality and features;
- Responding to questions and communications, or obtaining your feedback about our Services;
- Administering and logging your participation in informational programs, including webinars and other classes, and any product or support matters that may arise from our Services;
- Preparing and delivering announcements about features, functionality, terms of use, or other aspects of our Services or your interests and informing you about offers for services or products we believe may be of interest to you, including from third parties;
- Providing you with more relevant content, including clinical support tools, assessments or medical-related information or services, patient support programs, advertising, or other programs appearing on our Services or third-party services;
- Analyzing usage trends and patterns and measuring the effectiveness of content, programs, advertising, or the features or functionality of the Services, including emails that may be sent by us to you;
- Preparing reports for any of the purposes described in this Notice, including for current or future sponsors, providers, or other partners to show utilization or trends about the use of our products and Services;
- Safeguarding, protecting, and securing our Services, the information we collect, and the rights of us, our users or third parties, and to comply with legal requirements, including applicable laws, rules, regulations, contractual obligations, Terms of Use and our policies;
- Use of your Payment Card Information as stated in the "Payment Information" Section above;
- Verify your identity and detect and prevent fraud or other unauthorized or illegal activity;
- Any other purpose described in this Notice; or
- When we otherwise have your permission.
How We Share Your Information
We may share information about you, including personal information, as follows, or as otherwise described in this Notice:
- With vendors, consultants and other service providers who need access to such information to carry out work or perform services on our behalf;
- In response to requests from local, state, provincial or federal law enforcement officials, any judicial, administrative or similar proceeding or order, such as a subpoena if we believe disclosure is in accordance with, or required by any applicable law;
- If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Kestra and others;
- To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the Services’ rules or policies, or the rights of third parties or to investigate any suspected conduct which we deem improper;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
- Between and among Kestra and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;
- With your consent or at your direction; and
- As otherwise permitted or required by law.
Children’s Information
Kestra Services are not directed to minors. We do not knowingly collect or solicit personal information from children under 18. If you are a child under 18, please do not attempt to register for or otherwise use the Services or send us any personal information. If we learn we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal information, please contact us immediately.
How We Protect Your Information
The privacy and security of your personal information is important to us. We employ a variety of reasonable safeguards to protect the confidentiality, integrity, and availability of this information. Although Kestra attempts to protect the personal information in our possession, no security system is perfect, and Kestra cannot promise that your personal information will remain absolutely secure in all circumstances.
Third-party Websites and Integrations
Our Services may provide, or third parties may provide, links to other websites or resources. This Notice applies only to our websites and other Services. It does not apply to products and services offered by third parties, including websites and other online services to which our websites may display links. When you click on such links, you may be redirected to websites or interactive services operated by third parties, who have their own information practices. We do not have control over how any third party collects or uses information, so we recommend that you review their privacy policies to learn of their practices.
How Long We Retain Your Information
We keep your personal information for no longer than necessary for the business need for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise, or defend our legal rights.
We may be required under applicable laws or regulations to retain information about you for extended periods of time or indefinitely. We may also have independent obligations under applicable laws or regulations to retain some information indefinitely.
United States Only
The Services are intended for use only in the United States of America. If you use the Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) by using the Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Notice.
Locale Specific Law Privacy Rights
California Privacy Disclosures
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do currently support Do Not Track requests. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.
Categories of Information We Collect, Use, and Disclose for Business Purposes
As described in the “Information We Collect and How We Collect It” section, we collect the following categories of personal information listed below regarding California residents:
| Categories of Collected CCPA Personal Information | Examples |
|---|---|
| Identifiers | A real name, postal address, unique personal identifiers, Internet Protocol address, e-mail address, account name, telephone number, username, and other similar identifiers |
| Commercial Information | Payment information and records of the Services or devices you use, obtained, or considered. |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Note that some personal information included in this category may overlap with other categories. |
| Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement, page views, domain name, and hosting space. |
| Geolocation information | Location information, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs, if you have granted us access to that information. |
| Professional or employment-related information | Current or past job-related information, including role, job history, and performance evaluation data; information related to a particular company or practice; |
| Other | Information you provide us regarding products and services, for example, an alarm; messages on the Services; emergency contact information; and information recorded by your device which may vary depending on the device you use; other information as described in this Notice. |
Categories of Sources from Which the Personal Information is Collected
- Directly from you;
- Indirectly from you, which includes information collected in course of delivering services and information collected automatically through use of our Services;
- Other third parties that interact with us in connection with our Services;
- Health care providers;
- Employees and prospective employees; and
- Other vendors/suppliers.
Business or Commercial Purposes for Collecting Personal Information
Kestra uses the personal information we collect about California residents for the purposes set forth in the Section titled “How We Use Your Information.”
Your Privacy Rights
If you reside in certain states, such as California, Colorado, Connecticut, Utah or Virginia, you may have legal rights with respect to your personal information. You may have the right to: (i) request additional disclosures about the personal information we collect, use, and share; (ii) request access to and deletion of your personal information, subject to certain exceptions; (iii) opt out of the sale and sharing of your personal information; (iv) correct inaccurate personal information that we maintain about you; (v) limit the use and disclosure of sensitive personal information; and (vi) obtain a copy of your personal information. We will not discriminate against you for exercising any of these rights.
Methods for Submitting Requests
If you wish to exercise any of these rights, please email Privacy@kestramedical.com with the phrase “Privacy Rights” in the subject line. You may also send a request to us via mail at 3933 Lake Washington Blvd NE, St 300, Kirkland, WA 98033. (please mark the envelope ‘Data Protection Officer’), or call us toll free at (800) 957-0028. We will process your request within the timeframe provided by applicable law. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. You may have the right to appeal our decision with respect to a request you have submitted by emailing us at Privacy@kestramedical.com. Additionally, if we retain your personal information only in de-identified form, we will not attempt to re-identify your data in response to a privacy rights request.
If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us, or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.
Authorized Agents
You may use an authorized agent to submit a right to know or right to deletion request. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request for you. To protect your personal information, we reserve the right to deny a request from an agent that does not submit adequate proof that you authorized them to act for you.
Sales and Sharing of Personal Information
Under the CCPA, a ‘sale’ is defined broadly to include disclosing or making available personal information to a third-party in exchange for monetary compensation or other benefits or value, and ‘share’ broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. As such, we do not sell or share personal information.
We share personal information about California residents as set forth in the section titled “How We Share Your Information.”
Verification
When you exercise your right to know or right to delete, we will take steps to verify your identity with a reasonably high degree of certainty before processing your request. We may ask for additional information so that we can verify your identity. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. We will only use the personal information you provide to us in response to this request to verify your identity and to process your request, unless you initially provided the information for another purpose. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Shine the Light
Individuals who are California residents may request (i) a list of categories of personal information disclosed to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please send us an email or a letter to the addresses in the section entitled "Contact Information" below and specify you are making a "California Shine the Light” request. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Changes to This Notice
We may update this Notice when changes occur to what data we collect, how it is used, or the parties involved. When we make changes we will update the “effective on” date to reflect the current status. In other instances where we make material changes, we will use reasonable efforts to notify you of the change. For example, by posting a prominent notice on our website or sending you an email. Continued use of our site or Services means you acknowledge and accept the privacy practices as described herein.
Contact Information
If you have questions or are concerned that any of your privacy rights have been violated, wish to exercise any of your rights described in this Notice, or ask questions about those rights, please contact us at:
Phone: (800) 957-0028
Mailing:
ATTN: PRIVACY OFFICER KESTRA MEDICAL TECHNOLOGIES, INC. 3933 LAKE WASHINGTON BLVD., SUITE 200 KIRKLAND, WA 98033 UNITED STATES OF AMERICA
Privacy Notice Updates
Effective 06/01/2023
MKT-00087-01_A