Privacy Statement for ViewRay®, Inc.
This privacy statement was last revised May 22, 2018. We may change this privacy statement at any time and for any reason.
This statement is organized as follows:
II. PERSONAL DATA USED BY VIEWRAY
III. EUROPEAN GDPR (GENERAL DATA PROTECTION REGULATION) COMPLIANCE STATEMENT
IV. NON-PERSONAL DATA USED BY VIEWRAY
V. OTHER INFORMATION
ViewRay is committed to protecting the personal data that individuals have provided to ViewRay.
This privacy statement is written to explain View Ray’s privacy practices.
For personal data of individuals in the EU, ViewRay considers itself to be a controller under European regulations, such as the GDPR. ViewRay is the controller of personal data submitted by individuals to ViewRay for those individuals, either as employees of businesses or as personal individuals, to learn more about ViewRay or its products or services or share information or report a complaint. Accordingly ViewRay will provide requested information as appropriate. ViewRay may use this information for marketing purposes and will clearly state how the submitted individual’s data will be used. ViewRay offers’ consent options to the individual on the use of the individual’s personal data.
II. PERSONAL DATA USED BY VIEWRAY
The submission of personal data to ViewRay occurs by the individual’s use of this website or by submission of information to ViewRay in other venues, such as a tradeshow, seminar, business meeting, share with governments or other regulators or for creation or fulfilment of a contract.
As a general principle, ViewRay intends to safeguard the information of individuals from any global region by applying principles contained in European regulations, whether the GDPR or country laws. Requirements of additional global regions are discussed in this privacy statement.
This privacy statement tells how we use personal data that we gather through the ViewRay website based in the U.S. and for other personal data provided to ViewRay. This privacy statement does not apply to websites outside the United States that are operated by entities that are authorized by ViewRay to market ViewRay products or services in various territories.
The personal data that ViewRay collects on the website or by other means includes: name, company (institutional) affiliation, position title, medical specialty, country, email address, telephone number(s), and IP address. No credit card or financial data is collected by ViewRay.
In some places on this website you have the opportunity to send us personal information about yourself, to elect to receive particular information, or to participate in an activity. For example, you may fill out a registration form, a survey, enter a secured area, or fill out an e-mail opt-in form and you may elect to receive educational material about our products and therapies.
OUR POLICY TOWARDS CHILDREN
Our website and communications are not directed to children. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, without your consent, then please contact us at firstname.lastname@example.org so that we can take steps to remove such information and terminate any account inappropriately created.
DOES VIEWRAY EVER COMMUNICATE DIRECTLY WITH VISITORS TO THIS WEBSITE?
We may contact you periodically by e-mail, mail or telephone if you agree to that contact for us to provide information regarding programs, products, services and content that may be of interest to you or to fulfill government or regulatory requirements. In addition, some of the features on this website allow you to communicate with us using an online form. If your communication requests a response from us, we will send you a response via e-mail. The e-mail response or confirmation may include your personal information, including personal information about your health, your name, address, etc. We cannot guarantee that our e-mails to you will be secure from unauthorized interception.
III. EUROPEAN GDPR (GENERAL DATA PROTECTION REGULATION) COMPLIANCE STATEMENT:
Information required to be provided when personal data are collected from European data subjects, as required by Article 13 of the EU General Data Protection Regulation
1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
a) the identity and the contact details of the controller and, where applicable, of the controller’s representative;
ViewRay is a controller of data submitted by individuals to ViewRay so that an individual may learn more about ViewRay’s product or services. ViewRay’s privacy officer may be reached at email@example.com or by mailing Privacy Officer, ViewRay, Inc., 815 E. Middlefield Road, Mountain View, CA 94043.
b) the contact details of the data protection officer, where applicable;
ViewRay is not required to have a data protection officer as its core activities are to not process personal data on a large scale.
c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
When an individual (“data subject”) contacts us by submitting personal data on the website, such as in a data request form, or otherwise provides data to us, such as at a trade show, we usually collect data such as individual’s name, company or medical institution, position title, email address, and country.
We use the data you submit for the following purposes
a) To provide information to individuals requesting to learn more about ViewRay’s product or business, potential clinical use, or institutions who treat patients with ViewRay’s product and to comply with legal and regulatory requirements.
b) to fulfill an individual’s request to receive a ViewRay newsletter, press release, or investor news by email
c) for marketing or sales contact by ViewRay to an individual at an institution who may have an interest in ViewRay’s product or service
d) to register for an event that ViewRay is publicizing
e) for introduction to a hospital treating patients with MRIdian or to learn more about a clinical trial involving MRIdian
f) to support a potential or existing contract between ViewRay and an institution which has purchase product or service from ViewRay.
The legal basis for processing include the following:
• consent provided by the individual who has requested information from ViewRay
• by email to an individual where that individual’s name and contact information is held by ViewRay in a contact management database (SalesForce) and ongoing consent is requested
• Contractual legal obligation
• To create a future contract
• To meet legal or regulatory requirements
• The legitimate interest of processing an individual’s information for direct marketing and other business activity of ViewRay and its customers or suppliers
d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(Point (f) of Article 6(1) is: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.)
ViewRay’s legitimate interests for processing are that of marketing its product or service to potential customers or to provide service or support to contracted or potential customers or suppliers.
e) the recipients or categories of recipients of the personal data, if any;
ViewRay does not share personal data with additional processors for their use; however, ViewRay utilizes a contracted third-party contact manager database to manage personal data provided to ViewRay. If other third-party services are utilized, such as for event registration, they will be identified to the individual at the time of the individual’s option to use that service.
f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
All personal data is stored in our internal systems hosted in the United States or in subcontracted systems such as the contact manager or event registration manager. Security safeguards are provided consistent with Article 47.
2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
ViewRay intends to hold personal data acquired for 10 years for marketing purposes or longer if required for legal or regulatory compliance. Upon request ViewRay will honor individual rights to the extent possible. You may adjust your contact preferences, including removal, by visiting ViewRay’s Email Preferences Center at https://go.viewray.wpengine.com/email-preferences.
b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
ViewRay has enabled these individual rights. They may be accessing the email preference center on viewray.wpengine.com or by contacting firstname.lastname@example.org.
c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
Where consent is the basis for processing personal data, the individual has the right to withdraw consent and ViewRay will restrict further processing, subject to legal bases for processing.
d) the right to lodge a complaint with a supervisory authority;
The individual has a right to lodge a complaint with a supervisory authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
Where an individual’s personal data, including an institutional affiliation, is required for contractual, legal, or regulatory purposes, the personal data shall be processed according to contractual, legal or regulatory requirements.
f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
ViewRay’s use of personal data does not include automated decision making or profiling.
3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
ViewRay does not intend to process other than for the intended purpose but we will notify the individual if additional processing is desire by ViewRay.
4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.
IV. NON PERSONAL DATA USED BY VIEWRAY
WHAT EXAMPLES OF NON-PERSONAL INFORMATION ARE COLLECTED?
Non-personal information is information we collect through this website that does not identify you as an individual person.
It may include information such as the following:
• the type of web browser software you use (for example, Internet Explorer)
• the name of the domain from which you access the Internet
• the Internet address of the website from which you linked directly to our website. Some authorities regard this as personal information.
• the date and time you access our website
• which pages you have visited on our website
• the search terms you use
• the links on which you click
If you visit our website to read or download information, such as information about a health condition or about one of our products, we may collect certain non-personal information about you from your computer. This information is collected from your computer’s web browser: If you only read information on our website, we do not collect or learn your name, e-mail address, physical address, or other personal information about you.
The information collected on ViewRay’s behalf by these third parties does not contain your name, address, email address, or any other personally identifiable information.
WHAT DOES VIEWRAY DO WITH THE NON-PERSONAL INFORMATION COLLECTED?
Because non-personal information cannot identify any specific person or any individual’s computer activity, there are no restrictions on the ways that we can use or share non-personal information. We are always looking for ways to better serve you and improve this website. We will use non-personal information from you to help us make this website more useful to visitors. We also will use non-personal information for other business purposes. For example, we may use non-personal information or aggregate non-personal information to:
• create reports for internal use to develop programs, products, services or content
• customize the information or services that are of interest to you
• provide it to third parties
• provide aggregated information on how visitors use our site, such as “traffic statistics” and “response rates,” to third parties.
V. ADDITIONAL TOPICS
CALIFORNIA “DO NOT TRACK” DISCLOSURES
California law (CalOPPA) requires ViewRay, Inc. to let you know how we respond to web browser “Do Not Track (DNT) signals”. Because there is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.
We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting website visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).
We may disclose your personal information to third parties if we feel that the disclosure is necessary to:
• enforce this Privacy Statement and the other rules about your use of this website
• protect our rights or property
• protect someone’s health, safety or welfare
• comply with a law or regulation, court order or other legal process
WHAT ABOUT PRIVACY ON OTHER WEBSITES?
This website may contain links to other websites. Some of those websites may be operated by ViewRay, and some may be operated by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. This Privacy Statement does not apply to any other website, even the other ViewRay websites. We are not responsible for the performance of websites operated by third parties or for your business dealings with them. Therefore, whenever you leave this website we recommend that you review each website’s privacy practices and make your own conclusions regarding the adequacy of these practices.
WHAT ABOUT WEBSITE SECURITY?
Security is very important to us. We also understand that security is important to you. We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from this site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail
You may adjust your contact preferences, including removal, by visiting ViewRay’s Email Preferences Center at https://go.viewray.wpengine.com/email-preferences.
If you have questions or comments about this privacy Statement, please email us at email@example.com.