Advanced Brain Monitoring, Inc. (ABM) is a neuro-diagnostics device company internationally recognized for its innovative technologies. Our products are used by individuals, clinicians, researchers, and in clinical trials to interpret brain and physiological function as they relate to chronic diseases and early stage neurodegeneration, as well as to improve sleep quality and enhance performance. ABM is an ISO 13485 certified and FDA registered device manufacturer. ABM has a global distribution network established in Australia, Asia, Canada, and the EU. ABM is based in Carlsbad, CA, USA with a European office in Belgrade, Serbia.
PRIVACY COMMITMENT STATEMENT
ABM is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. Consistent with this commitment, ABM maintains compliance with several regulatory programs. We are dedicated to ensuring compliance with all of our products and services, as well as the underlying processing of personal data on behalf of our customers.
ABM is HIPAA compliant. HIPAA establishes standards for the security of electronic protected health information. We perform periodic technical and non-technical evaluations that establish the extent to which our security policies and procedures meet the HIPAA security requirements. The U.S. Department of Health and Human Services (HSS) does not currently offer HIPAA certification. Please visit the HHS website to learn more about HIPAA.
ABM is HITECH compliant. HITECH promotes the adoption and meaningful use of health information technology, as well as privacy and security concerns associated with the electronic transmission of health information. HHS does not currently offer HITECH certification. Please visit the HSS website to learn more about HITECH.
ABM maintains certifications for the EU-US and Swiss-US Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the U.S., respectively. Please visit the DPF website to view our certification and learn more about the Data Privacy Framework.
Compliance with GDPR, which is effective as of May 25, 2018, is an active process and will continue up to and after the enforcement date. The GDPR provides a set of standardized data protection laws across all EU member countries, and is applicable to any organization collecting information from an individual residing in the EU regardless of where the organization is located. The European Commission does not currently offer GDPR certification. Please visit the European Commission website to learn more about GDPR.
INDIVIDUAL RIGHTS
Individuals have personal data rights to the following:
PERSONAL INFORMATION VOLUNTARILY SUBMITTED
This statement of privacy applies to the ABM website and governs data collection and usage. If you choose to provide ABM with personal information by completing a “Contact Us” form, we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.
All information included on the Contact Form is sent to Zoho, ABM’s third party customer relationship management (CRM) provider. Zoho initiates an email to ABM and an ABM representative reaches out to the individual requesting information. Once patient inquiries/requests have been satisfied, personal data is deleted from Zoho. ABM considers medical and research providers business to business (B2B) contacts. B2B contact information is saved in Zoho for further business development. For more information, please review Zoho’s Privacy Policy.
Occasionally, ABM will reach out to B2B contacts through a targeted marketing campaign to inform contacts regarding items such as new products or services, scientific findings, or press releases for FDA clearance.
WEB TOOLS
COOKIES
ABM’s website uses cookies. Cookies are small text files that can be used by websites to personalize a user’s online experience and make the experience more efficient. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer.
GDPR regulations state that we can store cookies on a user’s device if they are strictly necessary for the operation of our site. However, for all other types of cookies we need your permission. ABM employs Cookiebot service to help facilitate obtaining consent for the use of cookies. Cookiebot itself automatically sets up cookies in the user’s web browser when the user visits our website: The first-party cookie, “CookieConsent” which stores the user’s consent, expire automatically for renewal after 12 months from the date of the user’s consent. A user may withdraw a consent at any time by deleting the “CookieConsent” cookie. A user consent is logged and documented by registration of the user’s anonymized IP number, browser user agent, website URL, date and time of consent and a unique, encrypted key that is stored in a data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd in Dublin, Ireland.
THIRD PARTY LINKS AND FEATURES
The ABM website may contain links to third-party websites (such as social media sites) and may contain third-party plug-ins (such as the YouTube videos) and functionalities. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. ABM is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not ABM’s privacy policy. We urge you to read the privacy and security policies of these third parties.
SECURITY
ABM is committed to ensuring that personal information is secure. We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.
For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.
DISCLOSURE
ABM does not sell, distribute, or lease personal information to third parties, ever.
ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.
RETENTION AND STORAGE
ABM retains personal information for no longer than necessary for the purpose for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it.
All information is stored on secured servers owned and operated by ABM. We use third party vendors to support our services, which includes an IT Security Consultant. We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe. All IT services are governed by a written contract.
ASSIGNMENT
If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity. By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.
CONTACT US
In addition to understanding what information we collect, how we use it, with whom we share it, and how long we retain it, as detailed above, individuals have other rights as identified in the “Individual Rights” section. Should you desire to exercise one of these rights, or have any questions regarding our privacy policy, please use the Privacy Contact page to submit a request.
Please note: ABM does not have the right to copy, correct, delete, limit, or transmit any personal data without first obtaining identity verification. Should an individual desire to exercise one of these rights, or have any questions regarding our privacy policy, please contact ABM by email at privacy@b-alert.com.
Advanced Brain Monitoring Inc. ("Company") has adopted this Data Privacy Framework Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that the Company obtains from Customers located in the European Union and Switzerland.
The Company complies with the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the US Department of Commerce. The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regards to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. The Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction over the Company’s compliance with the Data Privacy Framework.
Definitions
“Personal Information” or “Information” means information that (1) is transferred from the EU or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Principles
Notice
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected. To exercise any of these rights, contact us via the information provided in the product-specific policies linked in Appendix A.
Choice
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. To exercise any of these choices (opt-out or opt-in), contact us via the information provided in the product-specific policies linked in Appendix A.
Onward Transfers
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company may store such Personal Data in the facilities operated by Third Parties. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. Company is liable for appropriate onward transfers of personal data to third parties. See Appendix A for links to product-specific policies including information about the identity of third parties and/or the purposes for which we disclose information.
Data Security
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. See Appendix A for links to product-specific policies.
Data Integrity
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. See Appendix A for links to product-specific policies.
Access
Company acknowledges the right of individuals to access their personal information. Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons than the individual would be violated. See Appendix A for links to product-specific policies.
Enforcement
Company uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB National Programs Data Privacy Framework Services, operated by the Council of Better Business as a third party resolution provider.
Amendments
This privacy policy may be amended from time to time consistent with the requirements of the Data Privacy Privacy Framework. The revised policy will be posted on our website.
Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information within the scope of the Data Privacy Framework Agreement. The Company may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Collection and Use of Personal Data
This policy describes the principles we follow with respect to transfers of personal information belonging to personal information hosted on the Company’s Sleep Profiler and Night Shift Portal Systems, and personal information gathered on our website between countries in the European Union (EU), Switzerland and the United States. See Appendix A for links to product-specific policies.
Privacy Complaints
In compliance with the EU-US Data Privacy Framework Principles, Advanced Brain Monitoring, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact:
Privacy Officer
Advanced Brain Monitoring Inc.
2237 Faraday Avenue, Suite 100 Carlsbad CA, 92008, USA
Privacy@b-alert.com
Advanced Brain Monitoring, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
Appendix A – Product-Specific Privacy Policies
1. Sleep Profiler Portal - Privacy Notice.
2. Night Shift Portal - Privacy Notice.
3. ABM Website - See Company Privacy Policy Tab
