Advanced Brain Monitoring, Inc. (ABM) is a neuro-diagnostics device company internationally recognized for its innovative technologies. Our products are used by individuals, clinicians, researchers, and in clinical trials to interpret brain and physiological function as they relate to chronic diseases and early stage neurodegeneration, as well as to improve sleep quality and enhance performance. ABM is an ISO 13485 certified and FDA registered device manufacturer. ABM has a global distribution network established in Australia, Asia, Canada, and the EU. ABM is based in Carlsbad, CA, USA with a European office in Belgrade, Serbia.
PRIVACY COMMITMENT STATEMENT
ABM is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. Consistent with this commitment, ABM maintains compliance with several regulatory programs. We are dedicated to ensuring compliance with all of our products and services, as well as the underlying processing of personal data on behalf of our customers.
ABM is HIPAA compliant. HIPAA establishes standards for the security of electronic protected health information. We perform periodic technical and non-technical evaluations that establish the extent to which our security policies and procedures meet the HIPAA security requirements. The U.S. Department of Health and Human Services (HSS) does not currently offer HIPAA certification. Please visit the HHS website to learn more about HIPAA.
ABM is HITECH compliant. HITECH promotes the adoption and meaningful use of health information technology, as well as privacy and security concerns associated with the electronic transmission of health information. HHS does not currently offer HITECH certification. Please visit the HSS website to learn more about HITECH.
ABM maintains certifications for the EU-US and Swiss-US Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the U.S., respectively. Please visit the DPF website to view our certification and learn more about the Data Privacy Framework.
Compliance with GDPR, which is effective as of May 25, 2018, is an active process and will continue up to and after the enforcement date. The GDPR provides a set of standardized data protection laws across all EU member countries, and is applicable to any organization collecting information from an individual residing in the EU regardless of where the organization is located. The European Commission does not currently offer GDPR certification. Please visit the European Commission website to learn more about GDPR.
Individuals have personal data rights to the following:
PERSONAL INFORMATION VOLUNTARILY SUBMITTED
This statement of privacy applies to the ABM website and governs data collection and usage. If you choose to provide ABM with personal information by completing a “Contact Us” form, we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.
Occasionally, ABM will reach out to B2B contacts through a targeted marketing campaign to inform contacts regarding items such as new products or services, scientific findings, or press releases for FDA clearance.
THIRD PARTY LINKS AND FEATURES
ABM is committed to ensuring that personal information is secure. We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.
For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.
ABM does not sell, distribute, or lease personal information to third parties, ever.
ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.
RETENTION AND STORAGE
ABM retains personal information for no longer than necessary for the purpose for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it.
All information is stored on secured servers owned and operated by ABM. We use third party vendors to support our services, which includes an IT Security Consultant. We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe. All IT services are governed by a written contract.
If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity. By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.
Advanced Brain Monitoring Inc. ("Company") has adopted this Data Privacy Framework Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that the Company obtains from Customers located in the European Union and Switzerland.
The Federal Trade Commission (FTC) has jurisdiction over the Company’s compliance with the Data Privacy Framework.
“Personal Information” or “Information” means information that (1) is transferred from the EU or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected. To exercise any of these rights, contact us via the information provided in the product-specific policies linked in Appendix A.
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. To exercise any of these choices (opt-out or opt-in), contact us via the information provided in the product-specific policies linked in Appendix A.
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company may store such Personal Data in the facilities operated by Third Parties. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. Company is liable for appropriate onward transfers of personal data to third parties. See Appendix A for links to product-specific policies including information about the identity of third parties and/or the purposes for which we disclose information.
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. See Appendix A for links to product-specific policies.
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. See Appendix A for links to product-specific policies.
Company acknowledges the right of individuals to access their personal information. Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons than the individual would be violated. See Appendix A for links to product-specific policies.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB National Programs Data Privacy Framework Services, operated by the Council of Better Business as a third party resolution provider.
Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information within the scope of the Data Privacy Framework Agreement. The Company may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Collection and Use of Personal Data
This policy describes the principles we follow with respect to transfers of personal information belonging to personal information hosted on the Company’s Sleep Profiler and Night Shift Portal Systems, and personal information gathered on our website between countries in the European Union (EU), Switzerland and the United States. See Appendix A for links to product-specific policies.
In compliance with the EU-US Data Privacy Framework Principles, Advanced Brain Monitoring, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact:
Advanced Brain Monitoring Inc.
2237 Faraday Avenue, Suite 100 Carlsbad CA, 92008, USA
Advanced Brain Monitoring, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
Appendix A – Product-Specific Privacy Policies