PRIVACY POLICY
Last Updated February 26, 2018
  
TERMS AND CONDITIONS

STRATA Skin Sciences, Inc. (“STRATA”, “we”, “our”, or “us”) is the distributor of the Nordlys Hybrid System and STRATAPENTM and the manufacturer of the XTRAC® medical device used for the primary purposes of psoriasis and vitiligo treatment. STRATA is committed to protecting your privacy. This Privacy Policy (the “Policy”) is applicable to all information collected via electronic media (internet, e-mail, social media platforms, etc.) from which an individual can be identified (“Personal Information”). This Policy describes the information that we collect through your interactions with us and your use of our website. We respect the right to privacy of our customers and take reasonable steps for the user to be familiar with the manner in which rendered information is processed. This Policy describes how we use and disclose the information that we collect. By using our web page, you agree to the terms of this Policy. If you have any questions or concerns about this Policy, or about the way your information is collected, processed, or used, please contact us as described in the “Contact Us” section below.

DEFINITIONS

For purposes of this Policy the following definitions shall apply:

Cookies” are text files that are saved by your browser (e.g., Internet Explorer, Google Chrome) and stored on your computer’s hard drive, used for the purpose of automatic identification of a particular user that is visiting webpages or browsing the internet.

Devices / Products” include Nordlys Hybrid System and STRATAPENTM, both of which are exclusively distributed by STRATA, and the XTRAC® medical device manufactured by STRATA.

Non-Personal Information” means any information that does not uniquely identify a User; not Personal Information.

Personal Information” means any personally identifiable information or set of information that identifies or could be used by or on behalf of STRATA to identify an individual, including but not limited to, name, zip code, e-mail address, phone number, social security number, medical insurance carrier and ID number and address.

Services” means any service requested by the user including visiting any of STRATA’s websites, completing a request for additional information or using our Live Chat features.

Third Party” means any third party outside of STRATA that collects, process and/or uses Personal Information under the instruction of STRATA or provides user information to STRATA.

“Customer(s)” / “User(s)” / “You(r)” means any individual using our Services.

DATA GATHERING ENTITY

STRATA Skin Sciences, Inc. is the designated entity gathering and storing Personal and Electronic information. Personal Information is gathered through communications with our Patient Support Center, located at 2365 Camino Vida Roble, Suite B, Carlsbad, CA 92011. All information provided and stored electronically is controlled and monitored by STRATA, with its headquartered offices located at 5 Walnut Grove Drive, Ste. 140, Horsham, PA 19044.

PERSONAL INFORMATION WE COLLECT

We collect Personal Information online as necessary to assist in fulfilling requests placed by users for information on the Devices we sell and manufacture. User may provide Personal Information and other data that they enter into online forms or data fields on our web sites or online resources. In requesting information about our Devices via phone, e-mail or online forms and/or communicating with a Patient Advocate using the “Live Chat” feature on our website, you may be asked to provide information that uniquely identifies you or can be combined with other information that may uniquely identify you. Such information may include, but not be limited to, your name and contact information (such as, postal address, e-mail address and telephone number). In requests regarding XTRAC® coverage and eligibility, users may be requested to provide date of birth, medical insurance information, social security number and other information as needed to assist in determining treatment coverage.

Consistent with the purposes identified and standards set within this policy and other applicable privacy notices that have been provided, in some cases we consolidate and use Personal Information that individuals share with us through various services and channels, such as the telephone, e-mail, Live Chat, web sites and other online resources and communications, in order to enhance the quality of services that we offer. We also may use Personal Information to audit our online resources for compliance, authorized access and security.

Communications Preferences

By giving us any contact information, you are providing your express consent to have a representative of STRATA contact you to with further information about products and services. You may choose not to provide any Personal Information to us online by electing not to enter any Personal Information into a form or data field on our web sites, and by not using any personalized services provided by our online resources.

You may change your communications preferences (such as to opt-out of communications you requested previously) by contacting us via the information in the “Contact Us” section below.

How long we retain Personal Information

We generally retain Personal Information for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.

HOW WE USE COLLECTED PERSONAL INFORMATION

We may use your Personally Identifiable Information to:

  • Contact you with information about our products, Services or your transactions;
  • Send e-mail alerts or newsletters;
  • Provide you with customer service;
  • Send you marketing communications or administrative information;
  • Facilitate social sharing functionality that you initiate;
  • Cooperate with law enforcement. If law enforcement officials or judicial authorities request that we provide Personal Information, we may do so.

In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose Personal Information, including without court process. We may also use or disclose Personal Information to enforce our Terms and Conditions or other agreements, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you, or others; or investigate security breaches or otherwise cooperate with authorities.

HIPAA

STRATA takes the privacy of user information very seriously. Any user providing Personal Information to us by any method, is treated as a patient whose information is held private and confidential. We ensure that those we do business with uphold the same standard with regards to your information.

By requesting additional information regarding XTRAC® treatment, you may be asked for Personal Information that constitutes Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended. Upon your initial inquiry, STRATA will collect PHI in the form of: your full name, address, e-mail address and phone number.

Should you request additional information for treatment and wish to speak to a member of our internal direct-to-patient Reimbursement Team who can assist with checking your benefits coverage for XTRAC® treatment, you may be asked to provide additional PHI, including but not limited to: your health insurance information and account number, your gender, your age and your social security number. Should you ultimately seek treatment through a physician providing XTRAC® treatments, your PHI may be shared between the physician and STRATA for purposes of treatment coverage. No PHI will be shared without your express consent or request.

STRATA assures you that all physicians, treatment facilities, and other “covered entities” it works with are bound by the terms of a Business Associate Agreements (BAA), as required under HIPAA laws and that other Business Associates that STRATA works with, including insurance companies, are in compliance with the rules set forth under HIPAA and abide by the PHI protection rules mandated.

NON-PERSONAL ELECTRONIC INFORMATION
Information collected from your computer or other electronic device

We may collect Non-Personal Information through cookies, web beacons, log files, and similar technologies. We may collect information that does not uniquely identify you, but relates to your computer or other electronic device when you visit our web sites and use our online resources. This information may include your Internet Protocol (IP) address, Internet Service Provider (ISP), domain name, browser type, date and time of your visit/request, Country, State, City and Zip Code you are visiting from and information provided by tracking technologies, such as cookies, single-pixel tags, local share objects (Flash), local storage, E-tags and scripts. We may use cookies in conjunction with third parties to send advertisements to your computer or other electronic devices to remind you about our web site that you had previously visited.

We may use Non-Personal Information for any purpose, including any of the purposes for which we use Personal Information, except to the extent limited by applicable law. We may use Non-Personal Information for purposes including, but not limited to: providing Services to you or other customers; monitoring or improving the Services; furthering our business purposes, such as through data analysis, audits, fraud monitoring and prevention; developing our Services; determining the effectiveness of our promotional campaigns; operating and expanding our business activities; and monitoring the effectiveness and security of our online operations.

COOKIES

Cookies are small files that we place on your computer each time you visit one of our sites or social media pages. Cookies enable us to quickly confirm your computer’s identity. Cookies DO NOT pose any threat to your computer and do not identify, monitor, or track any Personal Information. We do not link the information we store in cookies to any personal data you submit while on our site. We may use cookies in conjunction with third parties to send advertisements to your computer or other electronic devices to remind you about our web site that you had previously visited. The use of third party cookies is not covered by our Privacy Policies. We do not have access or control over these cookies.

Cookies can be used on condition that they are accepted by a browser and that they shall not be removed from the storage media. Most web browsers automatically accept cookies without asking the user if he/she wants to do so, but your browser can be configured to accept or reject most types of cookies. Please consult your browser’s documentation for more information. If you choose to decline one of our cookies, you will still be able to use the features on our site.

MOBILE COMPUTING

Some of our websites and online resources are designed specifically for use on mobile computing devices. Some mobile versions of our web sites may require that you log in with your user account for that web site. Information about your use of the mobile version of the web site will be associated with your user account. Some of our web sites and online resources enable you to download an application (app), widget or other tool that you can use on your mobile or other computing device. Some of these apps may store information on your mobile or other device. These apps may transmit Personal Information to us, or others working for us, to enable you to access your user account or to enable us to track how these tools are used, such as how often they are used and which features are preferred. Some of these apps may enable you to e-mail reports and other information from the app. We may use personal or non-identifiable information transmitted to us to enhance these apps, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices we provide.

Most mobile devices provide users with the ability to disable location services. Most likely, these controls are located in the device’s settings menu. If you have questions about how to disable your device’s location services, we recommend you contact your mobile service carrier or your device manufacturer.

E-MAIL PRIVACY
How we obtain your e-mail address

You are receiving an email from us because you have inquired about our Services and Products. We have obtained your e-mail address because you: provided it to us directly through inquiry via phone, direct e-mail to our Patient Advocate Team or a request for contact through our websites, social media pages or our websites’ Live Chat feature. We do not obtain your e-mail address without your consent.

How we use your e-mail

We may use your e-mail address to contact you with information about our products, services or your transactions; send e-mail alerts or newsletters; provide you with customer service; and send you marketing communications or administrative information. If you do not wish to receive these e-mails or would like to have our contact information removed from our directory, please inform us via the “Contact Us” section below.

Marketing E-mails

By requesting e-mail communications from STRATA regarding our Devices, you are also consenting to receiving periodic marketing e-mails regarding our Services. If you do not wish to receive these e-mails or would like to remove your contact information from our directory, please inform us via the “Contact Us” section below.

SOCIAL MEDIA SITES

Social Media is considered to be any online resource providing interactive tools that typically enable you to collaborate and share information with others. Some examples of social media resources include social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and tools with others.

STRATA has Facebook and other social media sites for its brands. Our social media pages include features such as the Facebook “Like” button, “Share” button, “Submit” button and other interactive programs that run on our site including chat features.

We may collect personal information from you to enable you to use the online social media resources we may offer from time to time. We may also enable you to use these social media resources to post or share personal information with others. In order to post comments on our social media sites, you must sign into your personal social media account (i.e. Facebook, Instagram, etc.), as we use ‘social-media plugins’ to allow users to leave comments on our sites. Using your personal account, you may “like” or “follow” us on any social media site. By simply liking or following us on social media, you will not be required to provide any additional personal information and will not directly receive any information from us.

No personal information is tied to your posts, except for your username or any other information that you voluntarily post publicly. STRATA is not responsible for the public communications that take place on our social media sites in community chat rooms, public forums, discussion boards or comment pages. All information posted publicly by you is your responsibility and STRATA cannot guarantee the protection or privacy of that content. You should consider carefully what information about yourself you choose to share with others when you use social media resources. Please refer to our Social Media Guidelines for additional information.

If they are not hosted directly on our site, social media features and widgets are generally hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing it. STRATA can only warrant the protection of information provided to its employees and representatives STRATA social media sites are not warranted or guaranteed to be free of errors, omissions, delays, loss of data, viruses, bugs, worms or defects. Users assume all responsibility related to the security, privacy and confidentiality risks associated with sending any content over the Internet. STRATA does not warrant or safeguard against intentional or malicious attempts to intercept or compromise user information posted to STRATA’s social media or sent over the Internet.

THIRD PARTY

We may partner with third parties to display advertising on our websites, social media pages or to manage and serve our advertising on other sites and may share Personal Information with third parties for this purpose. We may also use other companies to deliver e-mail communications on our behalf or to place our advertisements on other web sites. Sites and advertisements created and monitored by third party sources and requests placed through these sites are not monitored by STRATA, as we do not have direct control over or access to these sites.

We may also transfer Personal information to our physician’s offices, insurance companies, consultants monitoring our IT functions, attorneys, and other service providers who need the information in order to provide Services to or perform activities on behalf of STRATA, and only for a purpose consistent with this Policy. Please be aware we are working with service providers and in order to guarantee proper functioning of your product we may share personal data with the said entities.

All third parties with which we share this information are required to use your Personal Information in a manner that is consistent with this Policy and applicable law. Our third party partners may use cookies and other tracking technologies, such as pixels and web beacons, to gather information about your activities on our websites and other sites in order to provide you with targeted advertising based on your browsing activities and interests. STRATA does not control the tracking technologies used by these other companies. Information stored by third party sources are not monitored by STRATA as we do not have direct control over or access to these sites.

To limit the use and disclosure of your Personal Information, please submit a written request by e-mailing us at PatientAdvocate@strataskin.com.

SURVEYS

From time-to-time we may provide you the opportunity to participate in a survey within our applications or via e-mail. If you participate, we may require your name and e-mail address. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose this information.

WHO MAY REQUEST INFORMATION

You must be 18 years of age or older to request information on STRATA Products and Services. We do not knowingly collect Personal Information online from any person we know to be under the age of 18, and users under 18 must not send any information to or through our Live Chat or email services.

YOUR RESPONSIBILITY

If you submit any Personal Information relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy. By requesting information from us, you agree that it is your responsibility to authorize, monitor, and control access to and use of the Personal Information you provide on behalf of yourself or another that you are representing. If you have reason to believe that the Personal Information you provided to us has been used for purposes outside of those listed in this Policy, you agree to promptly inform us via the information in the “Contact Us” section below.

DISCLOSURE POLICY

STRATA’s main purpose of gathering Personal Information is to assist users who request information on our Devices and Products. Any Personal Information you may choose to give us is used only to fulfill the Service(s) you have requested, such as requesting information on XTRAC® treatments.

STRATA reserves the right to disclose Personal Information to any of our parent, subsidiary, affiliated or successor companies. Personal data can be disclosed to entities into which STRATA is merged, or to which our assets, site or operations have been transferred. Mentioned entities will be able to use your Personal Information under the terms of this Policy. We will notify you if any of these events occur by updating this Policy and, if practically possible, via other means.

STRATA reserves the right to use its Privacy Policies, Terms of Use and user’s account information for the benefit of an entity that has become either a dependent entity, an associated entity, or has come into being as a result of merger or transformation of STRATA Skin Sciences, Inc.

DATA INTEGRITY AND PURPOSE

STRATA will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and will not use it in a way that is incompatible with such purposes unless such use has been authorized by user. STRATA will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We may occasionally contact you to determine that your data is still accurate and current.

DATA PROTECTION

The security of your personal data is important to us. STRATA applies technical safety measures to protect the provided personal data against loss, destruction, misuse, unauthorized access or disclosure. The measures and technology used ensure safety of the personal data provided by the user. The personal data is available solely to the user or to a person indicated by him/her provided authorized access has been granted to that person. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however, and no data transmission via the Internet can guarantee 100% safety. Therefore, we cannot guarantee its absolute security. STRATA takes all necessary steps to update and modernize its data protection system. When you enter Personal Information on our website or within our applications, we encrypt the transmission of that information.

Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, have any questions, or if you wish to take any other action concerning either this Policy or your Personal Information, we encourage you to contact us. We will investigate your complaint, take appropriate action and report back to you within 30 days.

The Services are designed for users from, and are controlled and operated by STRATA from, the United States. By using the Services, you consent to the transfer of your information in the United States and according to the data protection laws of the United States.

YOUR CALIFORNIA PRIVACY RIGHTS

California Civil Code Section §1798.83 (“Shine the Light Law”) permits users of the Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us as described in the “Contact Us” section below. To read more about this law and your rights, you may follow this link: to the California State Legislative Information website: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.83.&lawCode=CIV.

CHANGES TO THIS POLICY

We reserve the right to make changes to this Policy at any time. Each time any changes are made, the revised Policy will be posted to our website(s) under the “Privacy Policy” link at the bottom of each webpage(s). All revisions will be effective immediately upon release of the new Policy. Your use of our website(s) after we post a revised version of the Policy means that you accept the revised version and associated Terms of Use.

REMOVAL OR MODIFIACTION OF INFORMATION

You can request the removal or modification of the Personal Information you have provided to us by sending an e-mail to PatientAdvocate@strataskin.com. For your protection, we may only implement requests with respect to the Personal Information associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your Personal Information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

CONTACT US

Should you have questions about this Policy or our information collection, use and disclosure practices, you may contact our internal Compliance Manager at the following:

STRATA Skin Sciences, Inc.
Attn: Compliance Manager
5 Walnut Grove Drive, Ste. 140
Horsham, PA 19044
Email: jjackowski@strataskin.com

You may also contact the STRATA Patient Advocate Team at the following:

STRATA Skin Sciences, Inc.
Attn: Patient Advocate Team
2365 Camino Vida Roble, Suite B
Carlsbad, CA 92009
Phone: 1-800-974-8958
E-mail: PatientAdvocate@strataskin.com

We may contact you for follow up information and may share your inquiry with other individuals within our company or working for us that are responsible for functions related to the subject of your inquiry. Except where required by law, we cannot ensure a response to questions or comments regarding topics unrelated to this Policy or our privacy practices.