Privacy Statement for ViewRay®, Inc.
Updated: 1 July 2020
ViewRay will only process your personal data if it is necessary in order for us to:
- Fulfill a contract with you or a relevant party;
- Share with our affiliates for the purposes described in this Privacy Notice;
- Share with our third-party service providers and/or distributors;
- Share with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
- Pursue our legitimate business interests; or
- Comply with our legal obligations
This Privacy Notice applies to the personal data we obtain through ViewRay’s online properties, including websites, web portals, mobile applications, social media pages, and email programs that reference this Privacy Notice (“Online Channels”). This Privacy Notice also references offline data collection in connection with sales, marketing, partner, and supplier engagement (“Offline Channels”) and third-party sources, including ad networks (collectively, the “Channels”).
This Privacy Notice describes the types of personal data we obtain through the Channels, how we may use that personal data, with whom we may share it, and how you may exercise your rights regarding our processing of the data. The Privacy Notice also describes the measures we take to safeguard the personal data we obtain and how you can contact us about this Privacy Notice.
The Online Channels may provide links to other third-party websites and features, or contain third-party cookies, that are not owned or controlled by ViewRay.
You can use the ViewRay websites without disclosing your identity. Details of the data that we gather as standard when you access one of our websites is described below. If you register for any of our services or contact us via forms, there will be detailed information about how your data is processed in connection to your registration.
Like most website operators, ViewRay collects non-personally-identifying data of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. ViewRay’s purpose in collecting non-personally identifying data is to better understand how our visitors use our websites.
Our websites also collect potentially personally-identifying data including Internet Protocol (IP) addresses and geographic locations. ViewRay does not use such data to identify its visitors, however, and does not disclose such data, other than under the same circumstances described in this Privacy Notice.
- Google Analytics (website analytics) and Google AdWords (digital advertising): https:/google.com
- Pardot (email and marketing automation): https://www.pardot.com/
- Salesforce.com (customer relationship management system): https://www.salesforce.com
Links to Other Websites
Our websites may contain links to other websites. We have no influence on the compliance or non-compliance of the operators of these sites with the data protection provisions.
Please note that providing personal data to ViewRay is voluntary on your part. If you choose not to provide us certain data, we may however not be able to offer you certain products and services, and you may not be able to access certain features of our Online Channels.
Personal Data Obtained by ViewRay
Though ViewRay’s Channels are primarily intended to capture information at the Customer (Company/Institution/Account) level, we may obtain personal data of individuals who work at those companies in the process. The types of personal data we may obtain include:
- Contact information (such as name, title, position, phone, fax number, email, and postal address) for you or for others (e.g., principals in your business) – note that this contact information is typically tied to your employer, meaning ViewRay is primarily obtaining work email and postal addresses, not personal;
- Information used to create your online account for one of our web portals that requires a dedicated user login (such as username, password and security question and answer);
- Role-based information (such as job title/position and/or expressed products/solutions or events/trainings of interest);
- Customer service history (such as information about support/services cases you may have filed on behalf of your employer);
- Location data (such as data derived from your IP address, country, and zip code);
- Other personal data contained in content you submit to us through completing web forms, filling out online surveys, and/or registering for virtual and/or live events or training
How ViewRay Uses Personal data Provided by You
We may use this information to:
- Provide and administer our products and services;
- Process and fulfill orders and keep you informed about the status of your order;
- Communicate about and administer our products, services, events, programs, and promotions (such as by sending email alerts, promotional materials, newsletters and other marketing communications);
- Conduct and facilitate surveys, focus groups, and market research initiatives;
- Perform data analytics (such as market research, trend analysis, financial analysis, and customer segmentation);
- Engage in ad retargeting and evaluate the effectiveness of our marketing efforts (including through our participation in ad networks);
- Provide customer support;
- Process, evaluate and respond to requests, inquiries, and applications;
- Create, administer and communicate with you about your account
- Administer and register participants in our learning courses;
- Provide investor services;
- Conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand);
- Operate, evaluate and improve our business (such as by administering, enhancing and improving our products and services; developing new products, services, and Online Channels; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
- Maintain and enhance the safety and security of our products, services, Online Channels, network services, information resources, and employees.
We may combine personal data we obtain through Online Channels with information we obtain through Offline Channels, as well as other information, for the purposes described above. We may anonymize or aggregate personal data and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use personal data for additional purposes that we identify at the time of collection. We will obtain your consent for these additional uses to the extent required by applicable law.
Where required by applicable law, we will obtain your consent for the processing of your personal data for direct marketing purposes.
How We Share Your Personal Data
As a global organization, data we collect may be transferred internationally throughout ViewRay’s worldwide organization for the purposes described in this Privacy Notice. ViewRay will not sell or otherwise disclose personal data about you except as described here or at the time of collection.
There will be other times when we need to share data, for example, in the case of an event where we need to provide our caterer with meal preference information. However, before you submit any data, we will notify you as to why we are asking for specific data and it is completely up to you whether or not you want to provide it.
We may share personal data with service providers we have retained to perform services on our behalf (such as payment processing, order fulfillment, customer support, and data analytics). These service providers are contractually required to safeguard the data provided to them and are restricted from using or disclosing such data except as necessary to perform services on our behalf or to comply with legal requirements.
ViewRay may transfer the personal data we collect through the Channels to and store such data in, other countries, including the U.S., which may have different data protection laws than the country in which the information was provided. If we do so, we will transfer the personal data only for the purposes described in this Privacy Notice. To the extent required by applicable law, when we transfer your personal data to recipients in other countries, we will take measures to protect that information.
How We Protect Your Personal Data
ViewRay retains personal data we obtain about you as long as (1) it is needed for the purposes for which we obtained it, in accordance with this Privacy Notice or (2) we have another lawful basis, stated in this Privacy Notice or at the point of collection, for retaining that data for a longer time period. As a general rule, we obtain personal data about customer contacts for the duration of the product/service agreement in place with ViewRay (i.e. over the entire lifecycle of the Customer/Account).
ViewRay takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally-identifying and personally-identifying data.
Your Email Communication Preferences
ViewRay uses email as a primary communications channel to keep our customers, prospective customers, and other stakeholders informed of product and service enhancements, upcoming events, educational opportunities, and general company/investor news.
To update your preferences, and/or further specify the types of communications you wish to receive from ViewRay, please email firstname.lastname@example.org.
ViewRay contacts who choose to unsubscribe from ViewRay emails will immediately be placed on a “do not email” list. However, if that contact is part of an active ViewRay Customer/Account, their data will be retained throughout the life of the customer agreement/services. Additionally, while that contact will no longer receive marketing communications, they will receive any product/service lifecycle announcements and/or customer communications required to be distributed as part of the contractual agreement in place.
You have the right to know whether ViewRay holds data about you and, if we do, to have access to that data and require it to be corrected if it is inaccurate. You also have the right to have your personal data erased or blocked if any of the processing of it is in violation of the applicable privacy legislation. You also have the right to lodge any complaints you may have regarding ViewRay’s processing of your personal data to a supervisory authority.
Right to Access. If you are a California consumer, you have the right to ask us to send you the following information up to two times in a twelve-month period:
- The categories of personal data we have collected about you.
- The categories of sources from which we collected the personal data.
- Our business or commercial purpose for collecting personal data.
- The categories of third parties with whom we share personal data.
- What categories of personal data we disclose about you for business purposes.
- What categories of personal data we sell or exchange for consideration about you.
- The specific pieces of personal information we have collected about you.
Right to Delete. If you are a California consumer, you have the right to ask us to delete the personal data about you we have collected. We may deny the request if the information is necessary to:
- complete a transaction, including providing a requested or reasonably anticipated good or service, or fulfill a contract between the consumer and ViewRay;
- detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity, or take against those responsible for such activity;
- debug to identify and repair errors impairing intended functionality;
- exercise free speech or another right provided for by law;
- comply with the California Electronic Communications Privacy Act;
- engage in research in the public interest adhering to applicable ethics and privacy laws where the consumer has provided informed consent;
- enable solely internal uses reasonably aligned with the consumer’s expectations based on the consumer’s relationship with ViewRay;
- comply with a legal obligation; or
- otherwise use the information internally in a lawful manner compatible with the context in which the consumer provided the information.
Right to Opt-out. If a business sells personal information to third parties, California consumers have the right, at any time, to opt-out of the sale or disclosure of their personal information to third parties. ViewRay does not sell personal information to third parties.
Right to non-discrimination. The CCPA grants California consumers the right not to be discriminated against for exercising your privacy rights. If you exercise your privacy rights, we will not discriminate against you, for example, by denying you access to our online services or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.
Submitting a Request or Inquiry
If you are a California resident and you want to submit a request or inquiry to us regarding your California rights, you or your authorized agent can contact us at email@example.com. You do not have to create an account with us to submit a request.
Your request will be confirmed within ten days of receipt and we will respond within 45 days. If we need more than 45 days, we will notify you that your request is being delayed.
We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. We may ask for additional information that will help us do so. We will only use that additional information in the verification process, and not for any other purpose.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to Our Privacy Notice
This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our information practices. We will indicate at the top of this Privacy Notice when it was most recently updated.
ViewRay Data Protection Officer Contact Details
If you have any questions or comments about this Privacy Notice, or if you would like us to update the data we have about you or your preferences, please email firstname.lastname@example.org.