Privacy Policy
SI-BONE Privacy Policy
Last Modified: December 27, 2022
SI-BONE, Inc. together with its affiliates and subsidiaries (collectively, “SI-BONE”, “we” or “us”) is committed to protecting and respecting your privacy.
This Privacy Policy (the “Privacy Policy”) describes (i) how SI-BONE collects, handles, processes, uses and discloses Personal Information that you provide to us through your use of SI-BONE.com, or any other SI-BONE owned websites that link directly to this Privacy Policy (“Website” or “Websites”) or that you provide to us by other business processes or web-based applications in connection with the provision of our products and services that link directly to this Privacy Policy (collectively “Services”), (ii) the purposes for which it is used, and (iii) the choices you have with respect to how we use your Personal Information.
Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it.
This Privacy Policy explains:
- Personal Information we collect
- How we use Personal Information
- How we share Personal Information
- How we store and secure Personal Information
- Your choices and rights
- How we transfer Personal Information we collect internationally
- How to contact us
- Other important privacy information
Personal Information We Collect
In this Privacy Policy, “Personal Information” means any information relating to any identified or identifiable individual that is sufficient to identify such person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. This Website is not intended for children and we do not knowingly collect Personal Information relating to children.
The types of Personal Information we collect are as follows:
Information You Provide Directly to Us
- Information you provide through the use of our Websites: When you take advantage of certain functionality on our Websites, such as the “Find a Doctor” or “SI-Joint Pain Quiz”, “Ask a Nurse” or SI-BONE’s Patient Insurance Coverage Support, we collect limited Personal Information that you voluntarily provide to SI-BONE (such as name, email address, phone number, address (city, state and zip code), gender and other health-related information). Similarly, you may provide Personal Information when you contact us for information on our Services, sign up for our newsletter or if you report a problem with our Website.
- Information you provide through a job application: We collect Personal Information that you choose to provide to us (or our service provider) to apply for a job. Personal Information provided through a job application may include, for example, your educational and employment background, your contact information, and immigration status.
- Information you provide at events: When you attend SI-BONE-hosted professional education events we collect your name, email address, and phone number during the registration process. We also collect contact information to coordinate travel for attendees of SI-BONE-hosted professional education events and trainings. When you engage with us at trade shows and conferences, we collect contact information you provide to us, such as your name, email address, and phone number.
- Information you provide to publish your testimonial: With your consent, we collect information such as your name, city, state, email address, health information, implant date, photographs and videos of you to publish your testimonial. Your testimonial may be featured on a variety of platforms, including on our Websites, social media, television, print, audio, marketing emails, and promotional materials.
- Device and browsing information: We collect other Personal Information to help us understand how you use our Website. For example, each time you visit our Website, we automatically collect your IP address, browser type, browser, browser language and computer type, access time and date, the web page from which you came, and the web page(s) you access during your visit as well as other web server log files. This data is collected, in particular, to protect and enhance the operation of our Website and Services.
- Cookies information: We collect cookies from your web browser when you navigate through our Websites. For more information about how we use cookies and to learn how to manage cookies, please see our Cookie Notice.
Information We Receive From Other Sources
We may receive information about you if you use any of the other Websites we operate or other Services we provide. We also work closely with third parties (including, for example, business partners, customers, health care professionals, sub-contractors for technical services, analytics providers, or search information providers) and may receive information about you from them.
We may combine this information with information you give to us and information we otherwise collect about you. See “How we share Personal Information” for a description of how we share information and who we share it with.
How we use Personal Information
We use Personal Information about you for reasonable business purposes, including:
- to communicate with you, including notifying you about changes to our terms of Privacy Policy;
- to provide you with the information about products and services that you request from us or that are similar to those that you have enquired about;
- to manage accounts and our relationship with you;
- to evaluate your employment history and qualifications in order to determine if they fit to our organization;
- to improve our Website and to ensure that content is presented in the most effective manner for you and for your device;
- to administer our Website, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in interactive features of our Website, when you choose to do so;
- to advertise to you either directly or through marketing, research and/or advertising agencies on our behalf;
- to send you promotional and/or marketing communications;
- to contact you via email or by telephone in the future to follow up regarding the outcome of the Service or information that we provided to you;
- as part of our efforts to keep our Website safe and secure;
- to comply with applicable laws and regulations; and
- to protect or exercise our legal rights or defend against legal claims.
Legal Basis for Processing (For EU, EEA, and UK)
If you are in the European Union (EU)/European Economic Area (EEA), or United Kingdom (UK) we collect, handle, process, use and disclose your Personal Information only where we have a legal basis for doing so under applicable EU/EEA/UK laws. Where the personal information that we collect through or in connection with the Website is transferred to and processed in the United States or anywhere else outside the EU/EEA/UK for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EU/EEA/UK, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, and by any other means required or suggested by the EU or UK GDPR. The legal basis we determine depends on how you use our Services and how we use your Personal Information. Our “legal bases” for processing your Personal Information in relation to the uses described in this Privacy Policy are as follows:
- Performance of a contract with you;
- Necessity to comply with a legal or regulatory obligation; and
- Necessity for our legitimate interests (for instance, to grow our business, to keep our records updated, to evaluate job candidates, for running and protecting our business; for provision of administration and IT services; for network security and to prevent cybercrime and fraud; in the context of a business reorganisation or group restructuring exercise; to study how people use our website, to develop it, to keep our website updated and relevant, to grow our business and to inform our communications strategy).
We will only use your Personal Information for the purposes for which we collected it, unless, we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, we have your consent, or are otherwise required or permitted by law.
If we need to use your Personal Information for an unrelated purpose, we will endeavour to notify you and explain the legal basis which allows us to do so and update our Privacy Policy accordingly.
How we share Personal Information
We share your Personal Information for the business purposes described in this Privacy Policy under “How we use Personal Information”, with any member of our corporate group and with selected third parties including: business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. We also share your Personal Information with marketing analytics providers (e.g. Google Analytics) to manage our marketing and advertising activities; advertising service providers to provide you with targeted advertisements; and analytics and search engine providers that assist us in the improvement and optimization of our Website.
We also may disclose your Personal Information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets;
- if we, or substantially all of our assets, are acquired by a third party, in which case Personal Information held by us about you may be one of the transferred assets;
- if we have reasonable cause to believe that we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements, or to protect the rights, property, or safety of SI-BONE, our customers, or others.
Links to Other Websites
Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of other Websites that you visit.
How we store and secure Personal Information
Depending on where you live, we may store, collect, transfer and process your Personal Information in a country other than your country of residence. These countries are the United States, Italy, Germany and United Kingdom. The data protection and other laws of countries to which your information may be transferred might not be as comprehensive as those in your country. SI-BONE has signed EU Standard Contractual Clauses adopted by the European Commission with non-EEA affiliates, subsidiaries and service providers in order to ensure that an adequate level of data protection is provided according to local standards. By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
We take precautions to protect your information from loss, misuse or unauthorized access or disclosure. However, no data transmission over the Internet is certain to be secure and we cannot guarantee its security.
We also take measures to protect your information offline. For example, only employees who need the information to perform a specific job are granted access to personally identifiable information.
Data Retention
We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can ask us to delete your data. If you want to exercise this right you may do so by submitting this Data Subject Request Form. In some circumstances, we may have a lawful right to retain your data and be unable to fulfill your request for deletion.
In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Choices and Rights
At any time, you may revoke your consent for the receipt of communications that we send to you by using the “unsubscribe” functionality included in our emails to you. Please note that this will not affect all communications from us, for instance, transactional communications to manage accounts or an existing relationship with you or those we are legally required to provide such as notification of a data breach in which case you should expect to receive a notification through the email address SI-BONE has on file for you. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes.
If you would like to make a request to access, correct, or delete your Personal Information or otherwise object to our processing of such Personal Information, you may do so by submitting this Data Subject Request Form. We will respond to reasonable requests in accordance with applicable law and subject to legal and contractual restrictions and we may not discriminate against you for exercising these rights. There may be instances where we cannot grant you access to the Personal Information we hold. For example, where required or permitted by applicable law, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal. We may also need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to, or modified at the request of, any person who has no right to do so. We may also contact you to ask you for further information in relation to your request to speed up our response.
If provided for by applicable law, you have the right to make a complaint at any time to the supervisory authorities for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us in the first instance. If you are unsure who your relevant supervisory authority is, you should also contact us.
California Consumer Privacy Policy - California Consumers
If you are a California resident, the following provisions apply to our processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you or your household (“California Personal Information”) and your rights as a California Consumer, in accordance with the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA and CPRA have the same meaning when used in this section of this Privacy Policy.
We have collected the following categories of California Personal Information within the last twelve (12) months:
Identifiers, such as a real name, alias, postal address, Internet Protocol address, email address, or other similar identifiers;
Personal information described in subdivision (e) of Section 1798.80 (California customer records statute), such as a name, address, telephone number;
Characteristics of protected classifications under California or federal law such as age, sex (including gender, pregnancy, childbirth, and related medical conditions), or medical condition;
Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Professional or employment-related information;
Inferences, such as a profile about a consumer’s preferences, characteristics, and behavior, drawn from information we collect and insights we receive from third parties such as our marketing and advertising partners and data analytics providers.
Personal information does not include:
- Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s or CPRA’s scope, like:
Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete on our website or job application portal.
- Indirectly from you. For example, from observing your actions on our website or job application portal, our partners, advertisers and other third parties.
Please see How we use Personal Information to learn more about the specific business or commercial purposes for collecting personal information from consumers. Please see How we share Personal Information to learn more about the third parties to whom we disclose Personal Information and the specific business or commercial purposes for sharing Personal Information.
We share, and in the past twelve (12) months have shared California Personal Information such as California residents’ use of our Websites described under categories (a) and (e) with our marketing and advertising partners for cross-contextual advertising purposes. Otherwise, we do not sell, and in the past twelve (12) months we have not sold, California Personal Information. Additionally, we do not sell or share, and in the past 12 months we have not sold or shared, California Personal Information of individuals we know to be under 16 years of age.
We do not collect or process sensitive personal information about you for the purpose of inferring characteristics about you.
Your California Privacy Rights
If you are a California resident, you are entitled to certain rights related to your California Personal Information, including:
- The right to know, you may make a verifiable request that SI-BONE disclose certain information about our collection and use of your California Personal Information including our information practices and specific pieces of Personal Information we have collected about you.
- The right to correct, you can correct inaccurate California Personal Information that we have collected about you.
- The right to delete, you may submit a verifiable request that we delete Personal Information we have collected from you, subject to certain exceptions.
- The right to opt-out of sales/sharing, you have the right to opt out of “sharing” or “sales” of your California Personal Information. We do not sell California Personal Information, but if you wish to opt out of sharing, please visit the Cookie Preference Center link found in our Cookie Notice to control your cookie settings and submit this form Do Not Sell or Share My Personal Info.
- We do not use or disclose sensitive personal information for purposes that, under applicable law, require us to support the right to limit the use or disclosure of sensitive personal information.
- The right not to receive discriminatory treatment for the exercise of privacy rights conferred by applicable law, including the right not to be retaliated against for the exercise of your rights.
You may exercise these rights by:
- Calling our toll-free hotline at (877) 379-6764; or
- Completing our California Privacy Rights Request Form linked here CPRA Privacy Rights privacy rights request form directly.
If you clear your browser settings or access our website from an unrecognized browser, you may need to exercise your right to opt-out again to ensure that we do not furnish your information to third parties. As required under applicable law, we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide your first name, last name, and email address, to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. To the extent permitted by law, we may require you to verify your own identity in response to a request, even if you choose to use an agent. We will only use Personal Information provided in a request to exercise your rights to review and comply with the request.
How to contact us
If you have any questions about this Privacy Policy, or any other aspects of your privacy, please contact us via email to privacy@si-bone.com, and we will endeavor to respond to your inquiry promptly.
For the purposes of EEA data protection law, we (SI-BONE, Inc.) are the “controllers” in respect of the handling of Personal Information as described in this Privacy Policy. SI-BONE, Inc.’s headquarter offices are at 471 El Camino Real, Suite 101, Santa Clara, CA 95050, USA. This privacy policy applies to data processing by: SI-BONE Deutschland GmbH Soldnerstraße 11 68219 Mannheim Germany; Phone: +49 (0) 621 976860 00; Fax: +49 (0) 621 976860 99; E-Mail: infodeutschland@si-bone.com; Website: www.si-bone.de; Responsible Managing Director: Neville Lorimer, Via Postcastello 6, 21013 Gallarate (VA), Italy. The data protection officer of the responsible person is: Klaus Malzahn E-Mail: datenschutz@si-bone.com. If you are a German resident and would like to exercise your rights, you may do so by filling out this Data Subject Request Form or you may email datenschutz@si-bone.com.
Other important privacy information
Revisions, Updates and Changes
SI-BONE reserves the right to modify, amend and update this Privacy Policy at any time and for any reason without notice. When changes are made to this Privacy Policy, the updated document will be posted to the Website and the “Last Modified” date at the top of the document will be revised. Your continued use of our Website means that you accept such updates. We suggest that you periodically review this Privacy Policy to see if any changes have been made to it that may affect you.
NEXT