EU-US and Swiss-US Privacy Shield Policy

Advanced Brain Monitoring Inc. (“Company”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that the Company obtains from Customers located in the European Union and Switzerland.

The Company complies with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. The Company has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

The Federal Trade Commission (FTC) has jurisdiction over the Company’s compliance with the Privacy Shield.

Definitions

“Personal Information” or “Information” means information that (1) is transferred from the EU or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

Principles

Notice
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.

Choice
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. See Appendix A, B and C.

Onward Transfers
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company may store such Personal Data in the facilities operated by Third Parties. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. Company is liable for appropriate onward transfers of personal data to third parties. See Appendix A, B and C.

Data Security
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

Access
Company acknowledges the right of individuals to access their personal information.  Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons than the individual would be violated.

Enforcement
Company uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB EU Privacy Shield, operated by the Council of Better Business as a third party resolution provider.

Amendments
This privacy policy may be amended from time to time consistent with the requirements of Privacy Shield. We will post any revised policy on this website.

Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information within the scope of the Privacy Shield Agreement. The Company may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Collection and Use of Personal Data

This policy describes the principles we follow with respect to transfers of personal information belonging to personal information hosted on the Company’s Sleep Profiler and Night Shift Portal Systems, and personal information gathered on our website between countries in the European Union (EU), Switzerland and the United States.

Types of personal information collected by the Company:

1. Sleep Profiler Product Portal: Please refer to Appendix A: Privacy Disclosure for Sleep Profiler Portal.
2. Night Shift Product Portal: Please refer to Appendix B: Privacy Disclosure for Night Shift Portal.
3. Website:  Please refer to Appendix C: Privacy Disclosure for Company Website.

Privacy Complaints

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Advanced Brain Monitoring, Inc. commits to resolve complaints about your privacy and our collection or use of personal information. European Union or Swiss Individuals with inquires or complaints regarding this privacy policy should first contact:

Privacy Officer Advanced Brain Monitoring Inc.
2237 Faraday Avenue, Suite 100 Carlsbad CA, 92008
Privacy-Group@b-alert.com

Advanced Brain Monitoring, Inc. has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Please note that if your complaint if not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Appendix A: Privacy Disclosure for Sleep Profiler Portal

(Entire Sleep Profiler Privacy Notice may be found here.)

The Sleep Profile software, which is accessed by the Sleep Profiler Portal (SP Portal), analyzes previously recorded physiological signals obtained during sleep with ABM’s proprietary data acquisition systems. The software performs analyses of the acquired signals, presents the signals for editing, and delivers reports for the clinician.  The software is fully compliant with regulatory guidelines (e.g., HIPAA, 21 CFR Part 11, etc.).

Collecting Information

There are several categories of information that ABM collects via the SP Portal:

1. Required information the user provides to utilize services
2. Other information the user provides to utilize services
3. Information we obtain to perform services
4. Technical support request
5. SP Portal access logs

The following provides detailed information regarding what type of data is collected and how long it is retained.

1. Required information the user provides
2. SP Portal Setup Form
   Each Commercial Customer designates SP Portal users who will have access to its SP Portal account. Personal information (i.e., name, credentials, username, email address, and phone number) for each user is provided to ABM as part of the SP Portal setup process. This information is associated with the Commercial Customer account.
3. Patient Information
   Information must be entered in the following fields to utilize the SP Portal services; however, the information may be pseudonymized, meaning the information entered can be coded by the user and does not have to identify a natural person. To keep an individual’s health information anonymous to ABM, we recommend that users do not enter factual data.
4. Name (first and last; middle name is optional
5. Date of Birth
6. Gender
7. Personal information provided to ABM is saved to the SP Portal database, which is used primarily to provide technical assistance should any problems with a device, editing data, or generating a report be encountered.
8. Other information the user providesOther information that may be provided for the purpose of enhancing our services. This information, which may be personally identifiable, includes:
9. Patient Medical History Questionnaire
10. Patient Sleep Diary
11. Customer Profile (name, email, credentials, location data)
12. Other information may be provided to assist with the interpretation and analyzing of raw data obtained during sleep via ABM’s proprietary data acquisition systems. This information, which is not personally identifiable, includes:
13. Patient Information (patient ID, physician name and credentials, limited study information)
14. Device Setup (settings and configurations)
15. User Settings (download file location, device troubleshooting assistance, patient info location)
16. All information obtained is saved to the SP Portal database, which is primarily used to provide technical assistance should any problems with a device, editing data, or generating a report be encountered.
17. Information we obtainWhen our services are utilized via the SP Portal, we obtain raw data from a ABM proprietary device. Once a sleep study has been recorded on a device, it is uploaded to the SP Portal. The user plugs the device into a USB port on their computer and the raw data is saved to a local drive to ensure that the upload, if interrupted, does not affect the integrity of the data. Upon being saved to a local drive, the user then transmits the raw data via the SP Portal for editing data and/or generating a report. Once the raw data file has been successfully uploaded to SP Portal, the user wipes the data on the device clean.The Sleep Profiler software converts the raw data it received into a proprietary “.edf” file, which is identified only by a unique ID number assigned by the software and holds no patient-indentifying information. Throughout the editing process only the unique ID number is associated with the .edf file. When the final report is being assembled, the software re-associates patient information with the final data, encrypts the report, and saves it on the SP Portal server. Reports are saved to the SP Portal server primarily to provide technical assistance should any problems with a device, editing data, or generating a report be encountered.
18. Technical support requestA user may request technical support by creating a ticket on the SP Portal. While no information is required, our Customer Representatives will be limited in assisting the requestor if personal data (i.e., name and either a phone number or email address) is not provided. All information included in a technical support ticket is initiated from support@advanced-sleep.com and is forwarded to ABM’s Sleep Profiler’s customer support team, who reaches out to the individual requesting assistance. The information is logged in a technical call spreadsheet to assist with customer follow-up and providing technical assistance.
19. Access LogsABM may automatically collect certain information and store it in log files when our services are utilized, including internet protocol (IP) addresses and a date/time stamp. This information is recorded in the database to administer services, analyze trends for service enhancements, and help protect ourselves from abusive users of our services.

Using Information

We use the information that you provide and we obtain to ensure that the SP Portal is providing value to our customers.  Here are some of the ways that we do that:

• Provide technical assistance should any problems with a device, editing data, or generating a report be encountered
• Validate warranty coverage
• Communicate with customers, via email, regarding important improvements and enhancements to our devices and services
• Monitor types and trends of issues that are experienced when using the SP Portal for use in developing product and service enhancements
• Analyze usage and trends to publish de-identified findings for product marketing purposes and scientific journals
• Verify user identity and prevent fraud or other unauthorized or illegal activity.

Sharing Information

We do not sell, distribute, or lease personal information to third parties, ever.

COOKIES

The SP Portal only utilizes web server session cookies to identify the user once he/she has logged in, for the duration of the session.  No personal data is saved.  Cookies are small text files that can be used by websites to personalize a user’s online experience and make the experience more efficient.  Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.  Cookies cannot be used to run programs or deliver viruses to your computer.

SECURITY

ABM is committed to ensuring that personal information is secure.  We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.

It is important for users to protect against unauthorized access to their device, computer, or SP Portal login information. It is the user’s responsibility to sign off when finished using a shared computer or device.  ABM will automatically log users off after 40 minutes of non-use.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.

SECURITY

ABM does not sell, distribute, or lease personal information to third parties, ever.

ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.

RETENTION AND STORAGE

ABM retains personal information for no longer than necessary for the purpose for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it.

All information is stored on secured servers owned and operated by ABM. We use third party vendors to support our services, which includes an IT Security Consultant. We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe. All IT services are governed by a written contract.

ASSIGNMENT

If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity. By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.

CONTACT US

In addition to understanding what information we collect, how we use information, with whom we share it, and how long we retain it, as detailed above, individuals have other rights as identified in the “Individual Rights” section.  Should an individual desire to exercise one of these rights, or have any questions regarding our privacy policy, please contact ABM by email at privacy-group@b-alert.com

‍

APPENDIX B: Privacy Disclosure for Night Shift Portal

(Entire Night Shift Privacy Notice may be found here.)

NIGHT SHIFT WEBSITE PRIVACY INFORMATION

The Night Shift website contains several areas where information is obtained.  The following provides detailed information regarding what type of data is collected, how we use the information, and with whom we share the information.

1.           Night Shift Portal

The Night Shift software, which is accessed by the Night Shift Portal (NS Portal), produces graphical reports of previously recorded physiological signals obtained during sleep with ABM’s proprietary Night Shift medical device. The software is fully compliant with regulatory guidelines (e.g., HIPAA, 21 CFR Part 11, etc.).

Collecting Information

When an individual utilizes the NS Portal, information is shared with ABM.  There are two categories of information that ABM collects:

1. Information the user provides to utilize services
2. Information we obtain to perform services

The following provides detailed information regarding what type of data is collected and how it is used.

1. Information the user provides
2. Device Registration

Registration of a Night Shift device is not required to use the NS Portal. However, if a user chooses to register a device we will have the ability to notify him/her of important improvements that could benefit the use of a device (e.g., firmware upgrades or NS Portal enhancements).

In order to register a device on the NS Portal the user must disclose:

1. Device serial number
2. Email address

Registering a “Customer Name” is optional. To keep health information anonymous to ABM, we recommend that a name is not entered.

Personal data that an individual chooses to provide ABM when registering a device is only used to provide technical assistance or communicating product improvements.

1. Report Generation

The generation of reports is not required to use a device; however, it is the primary purpose for using the NS Portal. No personal data is required to generate a report, but when a report is generated, the Customer Name, if provided, will appear on the report. As an alternative, if no Customer Name is registered but you wish to personalize a report, a “User Name” may be entered at the time the report is generated and the User Name will appear on the report.

The report, which may include personal data should it have been provided, is saved to the NS Portal database as an unreadable byte array field. The NS Portal database is used to provide technical assistance should any problems with a device or generating a report be encountered.

2. Information we obtain

When our services are utilized via the NS Portal, we obtain raw data from an ABM proprietary device via an “.acq” file. The information obtained is used for the sole purpose of generating a report for personal use. The information obtained is identified by the device serial number, which can only be linked to personal data if a device was registered.

The information ABM gathers from a device includes:

1. Usage information

The Night Shift device has been designed to obtain and store various categories of information. The following types of information is obtained by the device:

1. Use (e.g., how many nights the device was used)
2. Sleep (e.g., how many hours a user was asleep)
3. Awake (e.g., how many hours a user was awake)
4. Position (e.g., how much time a user slept on his/her back and how quickly he/she responded to the position avoidance feedback)
5. Snoring (e.g., did the user snore, and if so, how loudly)

Some of the information recorded on a device is in very small increments (e.g., milliseconds and seconds). The NS Portal simply converts the data obtained by a device into usable increments and presents the information in graphic format as a report.

The information that resides on a device is stored in an .acq file. Each time ABM’s NS Portal services are used, we save a copy of the .acq file to the NS Portal database as an unreadable byte array field. The NS Portal database is used to provide technical assistance should any problems with a device or generation of a report be encountered.

1. Connection information

ABM may automatically collect certain information and store it in log files when our services are utilized, including internet protocol (IP) addresses, referring/exit pages, operating system, browser type, date/time stamp, and clickstream data. We use non-personal information to administer services and analyze trends for service enhancements. We use personal information to provide technical assistance should any problems with a device or generating a report be encountered, and to help protect ourselves from abusive users of our services.

Using Information

We use the information that users provide and we obtain to ensure that the NS Portal is providing value to our customers. Here are some of the ways that we do that:

• Provide technical assistance should any problems with a device, registering or managing a device, or generating a report be encountered
• Validate warranty coverage
• Communicate with customers, via email, regarding important improvements and enhancements to our devices and services
• Monitor types and trends of issues that are experienced when using the NS Portal for use in developing product and service enhancements
• Analyze usage and trends to publish de-identified findings for product marketing purposes and scientific journals
• Verify your identity and prevent fraud or other unauthorized or illegal activity.

Sharing Information

We do not sell, distribute, or lease personal information to third parties, ever.  However, we may transfer a report or raw data via .acq file to a third party for the following reason(s):

1. Healthcare provider

With your permission, we may share your .acq file or report with a healthcare provider in order to qualify your device for insurance reimbursement, or so that your health care provider can monitor therapy compliance.

1. Distributor

When devices are sold through a distributor, we may share an .acq file with the distributor in order to provide technical assistance should any problems with a device, registering or managing a device, or generating a report be encountered.

2.           Electronic Prescription (eRx)

Night Shift devices are only available by prescription in the U.S. For the convenience of our U.S. customers, health care providers may register a provider account in order to generate an eRx, which allows patients to purchase a Night Shift device directly via the ABM web store. To generate an eRX, Providers are required to enter into a Business Associate Agreement (BAA) in recognition of obligations required under HIPAA and HITECH. All information obtained from the provider, including patient prescription information, is stored in ABM’s secure database. We use the information to verify that a customer has a prescription for purchasing a device and refer to prescriptions should a customer desire to purchase an additional device in the future. The eRx services, which are compliant with U.S. rules and regulations, is only available to U.S. customers.

3.           Web store

For the convenience of our customers, ABM utilizes a third-party payment gateway via Authorize.Net to facilitate the secure transfer of transactions on out web store.  If you use our web store, we do not receive or store any credit card information; however, we store all other data on our secure database.  We use the information to verify warranty information and track prescriptions that are uploaded by the customer at the time of the purchase (when an eRx is not used) should the customer desire to purchase an additional device in the future.  ABM encourages you to visit Authorize.Net’s website to learn more about its privacy policy so that you can understand how Authorize.Net uses and shares your information.  Web store services, which are compliant with U.S. rules and regulations, are only available to U.S. customers.

4.           Contact Page

A user may submit personal information via one of three contact pages:

1. Sales/product inquiries
2. Technical support
3. Privacy request

Collecting Information

To submit a request, the user is required to provide the following information:

• Type of request (technical support and privacy request only)
• Name
• Email address
• Country (technical support only)
• Message (sales/product inquiries only)

In addition to the required information, other information may be provided that will help us to better respond to your request.

Using Information

We use the information that a user provides to respond to a request for assistance.

1. Sale/product requests

All information included on a sales/product inquiry request is maintained by Zoho, AMB’s third party customer relationship management (CRM) provider. Zoho initiates an email to ABM’s business development group, who reaches out to the individual requesting information. Once patient requests have been satisfied, personal data is deleted from Zoho. Business contacts are saved in Zoho for further business development.

1. Technical support

All information included in a technical support inquiry request is forwarded via nightshift@advanced-sleep.com to ABM’s Night Shift’s customer support group, who reaches out to the individual requesting assistance. The information is logged in a technical call spreadsheet to assist with customer follow-up and providing technical assistance should any problems with a device, registering or managing a device, or generating a report be encountered.

1. Privacy request

All information included on a privacy contact request is forwarded via privacy-group@b-alert.com to ABM’s IT privacy team, who reaches out to the individual requesting assistance. The information is logged in a privacy request spreadsheet.

Sharing Information

We do not sell, distribute, or lease personal information to third parties, ever.

5.           Access Logs

ABM may automatically collect certain information and store it in log files when our services are utilized, including internet protocol (IP) addresses and a date/time stamp. This information is recorded in the database to administer services, analyze trends for service enhancements, and help protect ourselves from abusive users of our services.

COOKIES

ABM’s website uses cookies. Cookies are small text files that can be used by websites to personalize a user’s online experience and make the experience more efficient. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer.

GDPR regulations state that we can store cookies on a user’s device if they are strictly necessary for the operation of our site. However, for all other types of cookies we need your permission. ABM employs Cookiebot service to help facilitate obtaining consent for the use of cookies. Cookiebot itself automatically sets up cookies in the user’s web browser when the user visits our website: The first-party cookie, “CookieConsent” which stores the user’s consent, expire automatically for renewal after 12 months from the date of the user’s consent. A user may withdraw a consent at any time by deleting the “CookieConsent” cookie. A user consent is logged and documented by registration of the user’s anonymized IP number, browser user agent, website URL, date and time of consent and a unique, encrypted key that is stored in a data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd in Dublin, Ireland.

THIRD PARTY LINKS AND FEATURES

The ABM website may contain links to third-party websites (such as social media sites) and may contain third-party plug-ins (such as the YouTube videos) and functionalities. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. ABM is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not ABM’s privacy policy. We urge you to read the privacy and security policies of these third parties.

SECURITY

ABM is committed to ensuring that personal information is secure. We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.

DISCLOSURE

ABM does not sell, distribute, or lease personal information to third parties, ever.

ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.

RETENTION AND STORAGE

ABM retains personal information for no longer than necessary for the purpose for which it is processed.  The length of time for which we retain information depends on the purposes for which we collected and use it.

All information is stored on secured servers owned and operated by ABM.  We use third party vendors to support our services, which includes an IT Security Consultant.  We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe.  All IT services are governed by a written contract.

ASSIGNMENT

If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity. By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.

CONTACT US

In addition to understanding what information we collect, how we use it, with whom we share it, and how long we retain it, as detailed above, individuals have other rights as identified in the “Individual Rights” section. Should you desire to exercise one of these rights, or have any questions regarding our privacy policy, please use the Privacy Contact page to submit a request.

Please note: ABM does not have the right to copy, correct, delete, limit, or transmit any personal data without first obtaining identity verification. Should you submit a data request via the Privacy Contact page, an ABM representative will contact you to begin the process of identity verification before any action can be taken.

Appendix C: Privacy Disclosure Company Website

(Entire Company Website Privacy Notice may be found here.)

PERSONAL INFORMATION VOLUNTARILY SUBMITTED

This statement of privacy applies to the ABM website and governs data collection and usage.  If you choose to provide ABM with personal information by completing a “Contact Us” form, we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.

All information included on the Contact Form is sent to Zoho, ABM’s’s third party customer relationship management (CRM) provider.  Zoho initiates an email to ABM and an ABM representative reaches out to the individual requesting information.  Once patient inquiries/requests have been satisfied, personal data is deleted from Zoho.  ABM considers medical and research providers business to business (B2B) contacts.  B2B contact information is saved in Zoho for further business development.  For more information, please review Zoho’s Privacy Policy.

Occasionally, ABM will reach out to B2B contacts through a targeted marketing campaign to inform contacts regarding items such as new products or services, scientific findings, or press releases for FDA clearance.

1 Google AdWords

ABM occasionally uses Google AdWords to provide online advertisement delivery and tracking.  This data is used to deliver customized content and advertising to customers whose behavior indicates that they are interest in a particular subject area.  To implement these tools, ABM and third-party vendors, including Google, use first-party cookies and third- party cookies together to inform, optimize, and serve ads based on past visits to ABM’s website.  For more information, please review Google’s Privacy Policy.

2 Google Analytics

ABM may employ tools provided by Google Analytics to keep track of the website and pages our customers visit in order to determine what ABM services are the most popular.  To implement these tools, ABM and third-party vendors, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on past visits to ABM’s website. For more information, please review Google’s Privacy Policy.

COOKIES

ABM’s website uses cookies. Cookies are small text files that can be used by websites to personalize a user’s online experience and make the experience more efficient.  Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.  Cookies cannot be used to run programs or deliver viruses to your computer.

GDPR regulations state that we can store cookies on a user’s device if they are strictly necessary for the operation of our site. However, for all other types of cookies we need your permission.  ABM employs Cookiebot service to help facilitate obtaining consent for the use of cookies.  Cookiebot itself automatically sets up cookies in the user’s web browser when the user visits our website: The first-party cookie, “CookieConsent” which stores the user’s consent, expire automatically for renewal after 12 months from the date of the user’s consent.  A user may withdraw a consent at any time by deleting the “CookieConsent” cookie. A user consent is logged and documented by registration of the user’s anonymized IP number, browser user agent, website URL, date and time of consent and a unique, encrypted key that is stored in a data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd in Dublin, Ireland.

THIRD PARTY LINKS AND FEATURES

The ABM website may contain links to third-party websites (such as social media sites) and may contain third-party plug-ins (such as the YouTube videos) and functionalities. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. ABM is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not ABM’s privacy policy. We urge you to read the privacy and security policies of these third parties.

SECURITY

ABM is committed to ensuring that personal information is secure.  We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.

DISCLOSURE

ABM does not sell, distribute, or lease personal information to third parties, ever.

ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.

DISCLOSURE

ABM retains personal information for no longer than necessary for the purpose for which it is processed.

All information is stored on secured servers owned and operated by ABM.  We use third party vendors to support our services, which includes an IT Security Consultant.  We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe.  All IT services are governed by a written contract.

ASSIGNMENT

If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity.  By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.

CONTACT US

In addition to understanding what information we collect, how we use it, with whom we share it, and how long we retain it, as detailed above, individuals have other rights as identified in the “Individual Rights” section.  Should you desire to exercise one of these rights, or have any questions regarding our privacy policy, please use the Privacy Contact page to submit a request.

PLEASE NOTE: ABM DOES NOT HAVE THE RIGHT TO COPY, CORRECT, DELETE, LIMIT, OR TRANSMIT ANY PERSONAL DATA WITHOUT FIRST OBTAINING IDENTITY VERIFICATION. SHOULD YOU SUBMIT A DATA REQUEST VIA THE PRIVACY CONTACT PAGE, AN ABM REPRESENTATIVE WILL CONTACT YOU TO BEGIN THE PROCESS OF IDENTITY VERIFICATION BEFORE ANY ACTION CAN BE TAKEN

‍