ARCEX System for Home Use
Consumer Health Privacy Policy
ONWARD Medical N.V.’s (“ONWARD,” “we” or “us”) ARCEX System for Home Use (the “System”) provides patients with targeted stimulation delivered to the spinal cord by external technology (the “Device”).
This Privacy Policy describes how we collect, use, and share your personal information in connection with your use of the System. This Privacy Policy also describes the choices and rights you may have to control your personal information. We may provide additional privacy notices to individuals at the time we collect their personal information. For example, we may provide a specific privacy notice to participants that describes our privacy practices in connection with conducting clinical trials or related to uses of protected health information that requires an explicit authorization. These additional privacy notices may supplement this Privacy Policy or may apply in lieu of this Privacy Policy.
Personal Information We Collect
You or your healthcare provider may provide certain personal information to us in connection with your use of the System, including:
• Identification and contact data. This includes all information that would allow us to identify you, deliver a Device to you, and communicate with you regarding your Device, such as your name, telephone number, e-mail address and postal address.
• Health and medical data. This includes your patient identification number; information about your health and medical history, such as your type of injury, year of injury, severity, age, stimulator serial number, stimulation program name, AIS Score, Patient ID, and other information about your condition, which may be shared by you or your clinician under limited circumstances.
The System also generates information about you and the operation of the Device, which is stored locally on the Device. In certain circumstances, we may collect such information from your Device, including by downloading data from your Device when you visit a clinic or your healthcare provider’s office. This information includes:
• Device and System data. This is information about your stimulation program, such as the stimulation parameters of the program, and information about the operation and performance of the Device, including usage and access times, technical Device operation data and stimulation events.
How We Use Personal Information
We use personal information for the following purposes:
• To provide the System to you. This includes delivering, maintaining, and supporting the Device and communicating with you for System-related matters. During your use and any evaluation, we may contact you to confirm compliance, answer questions, assess progress, or address issues. Where permitted, we may share relevant interim insights with your health care provider to support safe and appropriate use.
• To coordinate care with your healthcare provider. We may use personal information to report on the efficacy of our System, to assist your health care provider with implementing and monitoring your care plan, and to help your provider review usage and patient outcomes.
• For research and product development. We may use your personal information to better understand the impacts of spinal cord injuries on daily life and how therapies can be more effectively integrated into everyday routines, to help us identify areas for future research and to further our clinical development programs. We may use personal information to analyze and improve the System, develop new products and services, identify and report usage trends, and operate and expand our business activities. In connection with these activities, we may deidentify or aggregate personal information and use it for our lawful business purposes, including for benchmarking purposes. This information may be used at the individual patient level when relevant, or in aggregated or de-identified form to analyze and improve the System, develop new products and services, and generate and share broader insights while protecting your privacy.
• For legal and compliance purposes. We may use personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by monitoring the safety, efficacy, and integrity of the System; to audit our internal processes for compliance with legal and contractual requirements and internal policies; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks, identity theft, and fraud.
How We Disclose Personal Information
We do not sell personal information or share personal information for targeted advertising purposes.
We will keep your personal information confidential. Except as described here, we will not disclose information that identifies you to third parties. To administer the System, comply with applicable laws, and manage our business, we may disclose personal information as follows:
• Service providers. We may disclose your personal information to companies and individuals that provide services on our behalf or help us provide the System (such as hosting, information technology, participant support, and email delivery), and to professional advisors, such as lawyers, auditors, and insurers, as necessary to support our business.
• Your healthcare provider. We may share usage reports and device performance data with your healthcare provider who have contracted with us to provide the System to you, including so they can monitor your treatment progress and assess the effectiveness of therapy.
• For research purposes. Where permitted by applicable laws, we may also share personal information or aggregated or deidentified data with researchers and other collaborators to study spinal cord injuries, evaluate treatments, and contribute to scientific or medical research, publications or generalizable knowledge.
• Legal and compliance purposes. We may disclose personal information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the legal and compliance purposes described above.
• Affiliates and business reorganizations. Where necessary, we may disclose personal information with our affiliated companies and in connection with the sale, merger or reorganization or our business, including to acquirers and other relevant participants in such transactions.
• Safety Reporting. Certain circumstances, such as meeting regulatory safety-reporting obligations, may require us by law to share specific information with regulatory authorities. This does not require your consent, as we rely on our legal and compliance obligations for such disclosures.
• Reimbursement purposes: When allowed by applicable law, we may share aggregated or de-identified information with insurance payors and other stakeholders involved in medical device reimbursement processes to support reimbursement, payment, and coding determinations.
Your Privacy Rights and Choices
Withdraw from the System. You can withdraw your consent for the processing of the data described herein at any time by contacting us at privacy@onwd.com.
Privacy Rights. Residents of certain states may have additional rights under privacy laws in relation to their personal information, including to:
• Access a copy of the personal information that we have collected about you and confirm whether we have collected or shared your personal information.
• Correct personal information that is inaccurate or out of date.
• Delete personal information that we no longer need for lawful purposes.
• Withdraw consent for any use or disclosure of personal information for which you granted your explicit consent.
• Limit our use of sensitive personal information, including your health and medical data, for purposes other than providing the System to you, complying with applicable laws, and other legally authorized purposes.
You may submit these requests by contacting us as provided in the Contact Us section below. We may request specific information from you to help us confirm your identity and process your request. Where required by applicable laws, you may designate an authorized agent to make requests on your behalf. We may require the authorized agent to provide proof of your written permission and may require you to verify your identity directly with us.
Applicable law may require or permit us to decline your request in whole or in part. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or appeal our response to your requests regarding your personal information, you may contact us or submit a complaint or appeal.
Notice to California Residents
We collect the following categories of personal information as defined by California law: identifiers, personal information categories listed in the California Customer Records Statute, commercial information, internet or other electronic network activity information, sensitive personal information including health data, and inferences drawn from the foregoing. We use this information for the purposes described in the “How We Use Personal Information” section above and share it with the third parties described in the “How We Disclose Personal Information” section above.
European Union General Data Protection Regulation (“GDPR”)
To the extent the GDPR applies to our processing of personal information, please see our Website Privacy Policy https://www.onwd.com/privacy-policy/ to learn more about your rights under the GDPR, our legal basis for processing personal information, and how we transfer personal information in compliance with the GDPR.
Children
The System is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without appropriate consent, we will delete it.
Data Retention
We will keep your personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for regulatory reporting including to government entities who may oversee the safety and efficacy of research, legal, tax, accounting or other purposes), whichever is the longer. To determine the appropriate retention period for your personal information, we will consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data Security
We employ commercially reasonable safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information if we experience a cyberattack or other security incident or data breach.
Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you in a clear and prominent manner, including a summary of the changes, and we will update the date of this Privacy Policy. We will also notify you by email if we have your email address. If the changes involve new processing activities or a change in the legal basis for processing, we may request your renewed consent. Your continued use of the System after any changes indicates your acceptance of the updated Privacy Policy, provided that the changes do not require fresh consent under applicable law.
Contact Us
Please feel free to contact us if you have any questions about this Privacy Policy or our privacy practices when you use the System.
You may contact us as follows: You may send an email to privacy@onwd.com or send a letter to: ONWARD Medical N.V., Attention: Data Protection Officer, Schimmelt 2, 5611 ZX Eindhoven, the Netherlands