Last Updated February 26, 2018
For purposes of this Policy the following definitions shall apply:
“Cookies” are text files that are saved by your browser (e.g., Internet Explorer, Google Chrome) and stored on your computer’s hard drive, used for the purpose of automatic identification of a particular user that is visiting webpages or browsing the internet.
“Devices / Products” include Nordlys Hybrid System and STRATAPENTM, both of which are exclusively distributed by STRATA, and the XTRAC® medical device manufactured by STRATA.
“Non-Personal Information” means any information that does not uniquely identify a User; not Personal Information.
“Personal Information” means any personally identifiable information or set of information that identifies or could be used by or on behalf of STRATA to identify an individual, including but not limited to, name, zip code, e-mail address, phone number, social security number, medical insurance carrier and ID number and address.
“Services” means any service requested by the user including visiting any of STRATA’s websites, completing a request for additional information or using our Live Chat features.
“Third Party” means any third party outside of STRATA that collects, process and/or uses Personal Information under the instruction of STRATA or provides user information to STRATA.
“Customer(s)” / “User(s)” / “You(r)” means any individual using our Services.
DATA GATHERING ENTITY
STRATA Skin Sciences, Inc. is the designated entity gathering and storing Personal and Electronic information. Personal Information is gathered through communications with our Patient Support Center, located at 2365 Camino Vida Roble, Suite B, Carlsbad, CA 92011. All information provided and stored electronically is controlled and monitored by STRATA, with its headquartered offices located at 5 Walnut Grove Drive, Ste. 140, Horsham, PA 19044.
We collect Personal Information online as necessary to assist in fulfilling requests placed by users for information on the Devices we sell and manufacture. User may provide Personal Information and other data that they enter into online forms or data fields on our web sites or online resources. In requesting information about our Devices via phone, e-mail or online forms and/or communicating with a Patient Advocate using the “Live Chat” feature on our website, you may be asked to provide information that uniquely identifies you or can be combined with other information that may uniquely identify you. Such information may include, but not be limited to, your name and contact information (such as, postal address, e-mail address and telephone number). In requests regarding XTRAC® coverage and eligibility, users may be requested to provide date of birth, medical insurance information, social security number and other information as needed to assist in determining treatment coverage.
Consistent with the purposes identified and standards set within this policy and other applicable privacy notices that have been provided, in some cases we consolidate and use Personal Information that individuals share with us through various services and channels, such as the telephone, e-mail, Live Chat, web sites and other online resources and communications, in order to enhance the quality of services that we offer. We also may use Personal Information to audit our online resources for compliance, authorized access and security.
By giving us any contact information, you are providing your express consent to have a representative of STRATA contact you to with further information about products and services. You may choose not to provide any Personal Information to us online by electing not to enter any Personal Information into a form or data field on our web sites, and by not using any personalized services provided by our online resources.
You may change your communications preferences (such as to opt-out of communications you requested previously) by contacting us via the information in the “Contact Us” section below.
How long we retain Personal Information
We generally retain Personal Information for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain information for a longer period of time based on laws or regulations that apply to our business or for other necessary business purposes. Where possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the original retention period.
HOW WE USE COLLECTED PERSONAL INFORMATION
We may use your Personally Identifiable Information to:
- Contact you with information about our products, Services or your transactions;
- Send e-mail alerts or newsletters;
- Provide you with customer service;
- Send you marketing communications or administrative information;
- Facilitate social sharing functionality that you initiate;
- Cooperate with law enforcement. If law enforcement officials or judicial authorities request that we provide Personal Information, we may do so.
In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose Personal Information, including without court process. We may also use or disclose Personal Information to enforce our Terms and Conditions or other agreements, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you, or others; or investigate security breaches or otherwise cooperate with authorities.
STRATA takes the privacy of user information very seriously. Any user providing Personal Information to us by any method, is treated as a patient whose information is held private and confidential. We ensure that those we do business with uphold the same standard with regards to your information.
By requesting additional information regarding XTRAC® treatment, you may be asked for Personal Information that constitutes Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended. Upon your initial inquiry, STRATA will collect PHI in the form of: your full name, address, e-mail address and phone number.
Should you request additional information for treatment and wish to speak to a member of our internal direct-to-patient Reimbursement Team who can assist with checking your benefits coverage for XTRAC® treatment, you may be asked to provide additional PHI, including but not limited to: your health insurance information and account number, your gender, your age and your social security number. Should you ultimately seek treatment through a physician providing XTRAC® treatments, your PHI may be shared between the physician and STRATA for purposes of treatment coverage. No PHI will be shared without your express consent or request.
STRATA assures you that all physicians, treatment facilities, and other “covered entities” it works with are bound by the terms of a Business Associate Agreements (BAA), as required under HIPAA laws and that other Business Associates that STRATA works with, including insurance companies, are in compliance with the rules set forth under HIPAA and abide by the PHI protection rules mandated.
NON-PERSONAL ELECTRONIC INFORMATION
Information collected from your computer or other electronic device
We may use Non-Personal Information for any purpose, including any of the purposes for which we use Personal Information, except to the extent limited by applicable law. We may use Non-Personal Information for purposes including, but not limited to: providing Services to you or other customers; monitoring or improving the Services; furthering our business purposes, such as through data analysis, audits, fraud monitoring and prevention; developing our Services; determining the effectiveness of our promotional campaigns; operating and expanding our business activities; and monitoring the effectiveness and security of our online operations.
Some of our websites and online resources are designed specifically for use on mobile computing devices. Some mobile versions of our web sites may require that you log in with your user account for that web site. Information about your use of the mobile version of the web site will be associated with your user account. Some of our web sites and online resources enable you to download an application (app), widget or other tool that you can use on your mobile or other computing device. Some of these apps may store information on your mobile or other device. These apps may transmit Personal Information to us, or others working for us, to enable you to access your user account or to enable us to track how these tools are used, such as how often they are used and which features are preferred. Some of these apps may enable you to e-mail reports and other information from the app. We may use personal or non-identifiable information transmitted to us to enhance these apps, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices we provide.
Most mobile devices provide users with the ability to disable location services. Most likely, these controls are located in the device’s settings menu. If you have questions about how to disable your device’s location services, we recommend you contact your mobile service carrier or your device manufacturer.
How we obtain your e-mail address
You are receiving an email from us because you have inquired about our Services and Products. We have obtained your e-mail address because you: provided it to us directly through inquiry via phone, direct e-mail to our Patient Advocate Team or a request for contact through our websites, social media pages or our websites’ Live Chat feature. We do not obtain your e-mail address without your consent.
How we use your e-mail
We may use your e-mail address to contact you with information about our products, services or your transactions; send e-mail alerts or newsletters; provide you with customer service; and send you marketing communications or administrative information. If you do not wish to receive these e-mails or would like to have our contact information removed from our directory, please inform us via the “Contact Us” section below.
By requesting e-mail communications from STRATA regarding our Devices, you are also consenting to receiving periodic marketing e-mails regarding our Services. If you do not wish to receive these e-mails or would like to remove your contact information from our directory, please inform us via the “Contact Us” section below.
We may partner with third parties to display advertising on our websites, social media pages or to manage and serve our advertising on other sites and may share Personal Information with third parties for this purpose. We may also use other companies to deliver e-mail communications on our behalf or to place our advertisements on other web sites. Sites and advertisements created and monitored by third party sources and requests placed through these sites are not monitored by STRATA, as we do not have direct control over or access to these sites.
We may also transfer Personal information to our physician’s offices, insurance companies, consultants monitoring our IT functions, attorneys, and other service providers who need the information in order to provide Services to or perform activities on behalf of STRATA, and only for a purpose consistent with this Policy. Please be aware we are working with service providers and in order to guarantee proper functioning of your product we may share personal data with the said entities.
To limit the use and disclosure of your Personal Information, please submit a written request by e-mailing us at PatientAdvocate@strataskin.com.
From time-to-time we may provide you the opportunity to participate in a survey within our applications or via e-mail. If you participate, we may require your name and e-mail address. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose this information.
You must be 18 years of age or older to request information on STRATA Products and Services. We do not knowingly collect Personal Information online from any person we know to be under the age of 18, and users under 18 must not send any information to or through our Live Chat or email services.
If you submit any Personal Information relating to other people in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Policy. By requesting information from us, you agree that it is your responsibility to authorize, monitor, and control access to and use of the Personal Information you provide on behalf of yourself or another that you are representing. If you have reason to believe that the Personal Information you provided to us has been used for purposes outside of those listed in this Policy, you agree to promptly inform us via the information in the “Contact Us” section below.
STRATA’s main purpose of gathering Personal Information is to assist users who request information on our Devices and Products. Any Personal Information you may choose to give us is used only to fulfill the Service(s) you have requested, such as requesting information on XTRAC® treatments.
STRATA reserves the right to disclose Personal Information to any of our parent, subsidiary, affiliated or successor companies. Personal data can be disclosed to entities into which STRATA is merged, or to which our assets, site or operations have been transferred. Mentioned entities will be able to use your Personal Information under the terms of this Policy. We will notify you if any of these events occur by updating this Policy and, if practically possible, via other means.
DATA INTEGRITY AND PURPOSE
STRATA will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and will not use it in a way that is incompatible with such purposes unless such use has been authorized by user. STRATA will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We may occasionally contact you to determine that your data is still accurate and current.
The security of your personal data is important to us. STRATA applies technical safety measures to protect the provided personal data against loss, destruction, misuse, unauthorized access or disclosure. The measures and technology used ensure safety of the personal data provided by the user. The personal data is available solely to the user or to a person indicated by him/her provided authorized access has been granted to that person. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however, and no data transmission via the Internet can guarantee 100% safety. Therefore, we cannot guarantee its absolute security. STRATA takes all necessary steps to update and modernize its data protection system. When you enter Personal Information on our website or within our applications, we encrypt the transmission of that information.
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, have any questions, or if you wish to take any other action concerning either this Policy or your Personal Information, we encourage you to contact us. We will investigate your complaint, take appropriate action and report back to you within 30 days.
The Services are designed for users from, and are controlled and operated by STRATA from, the United States. By using the Services, you consent to the transfer of your information in the United States and according to the data protection laws of the United States.
YOUR CALIFORNIA PRIVACY RIGHTS
California Civil Code Section §1798.83 (“Shine the Light Law”) permits users of the Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us as described in the “Contact Us” section below. To read more about this law and your rights, you may follow this link: to the California State Legislative Information website: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.83.&lawCode=CIV.
CHANGES TO THIS POLICY
REMOVAL OR MODIFIACTION OF INFORMATION
You can request the removal or modification of the Personal Information you have provided to us by sending an e-mail to PatientAdvocate@strataskin.com. For your protection, we may only implement requests with respect to the Personal Information associated with the particular e-mail address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your Personal Information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
Should you have questions about this Policy or our information collection, use and disclosure practices, you may contact our internal Compliance Manager at the following:
STRATA Skin Sciences, Inc.
Attn: Compliance Manager
5 Walnut Grove Drive, Ste. 140
Horsham, PA 19044
You may also contact the STRATA Patient Advocate Team at the following:
STRATA Skin Sciences, Inc.
Attn: Patient Advocate Team
2365 Camino Vida Roble, Suite B
Carlsbad, CA 92009
We may contact you for follow up information and may share your inquiry with other individuals within our company or working for us that are responsible for functions related to the subject of your inquiry. Except where required by law, we cannot ensure a response to questions or comments regarding topics unrelated to this Policy or our privacy practices.