Effective Date: January 1, 2023
This Privacy Notice explains how Penumbra Inc. (“Penumbra,” “we,” “us,” “our”) collects, uses, shares, and protects information gathered through the www.realsystem.com website (the “Website”), the REAL System, REAL Connect, and through our offline interactions with you related to the REAL System. In some cases, Penumbra may issue more specific privacy notices for some products or services.
If you do not want your information handled as described in this Privacy Notice, please do not provide us with your information or interact with the Website, REAL System or REAL Connect.
For information about how Penumbra collects and uses information on the www.penumbrainc.com website, other information gathering platforms Penumbra uses, and offline interactions with you that are not related to the REAL System, please see the Penumbra Privacy Notice here.
Types of Personal Information Penumbra Collects
Penumbra may collect the following categories of personal information from and about you depending on the circumstances of your relationship with us:
- Identifiers such as your name, session or REAL System user identification numbers.
- Contact Information such as postal addresses, email addresses, social networking website user account names, telephone numbers, or other addresses at which you are able to receive communications or shipments.
- Commercial information such as payment or billing information and information related to your purchasing habits.
- Internet or other similar network and device activity such as information about your browsing behavior, IP addresses, search history and interactions with our websites, emails, and advertisements, including data from cookies, pixel tags, and web beacons.
- Inferences regarding preferences and other characteristics such as our assessment of the types of products or services you may have an interest in.
- Audio, video, and pictures such as recordings you may be included in when participating in our events or interacting with us.
- Training and events attendance records.
- Session data such as the type of device being used, interaction with content and usage data. This information may also be connected to deidentified, coded or identifiable user information, including patient information. Penumbra’s access to such information is governed by certain restrictions as explained in the “REAL System Data Hosting Services” section below.
How We Collect Personal Information
Penumbra may collect personal information about you from a variety of sources, including:
- From you: Information may be collected when you submit it to the Website or interact with us. For example, Penumbra collects the information you provide when you make a purchase or register for a subscription, when you submit a request for information, or submit a request for Penumbra to contact you. Penumbra may also request optional information from you to support your use of the products and services.
- From REAL System devices: Penumbra provides cloud data hosting for the REAL System at the direction of the controlling organization providing services using the Real System. Penumbra’s collection of such information is governed by certain restrictions as explained in the “REAL System Data Hosting Services” section below.
- From third parties: Our vendors and service providers, such as our web hosting providers, analytics providers, and advertisers, may provide us information about you or your use of the Website. You may also give us permission to access your information from services offered by third parties, including social media networks. The information we obtain from third parties depends on your relationship with those third parties and the third parties’ privacy policies.
How We Use Personal Information
Penumbra may use the personal information we collect:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question, we will use that personal information to respond to your inquiry.
- To enter into and fulfill business agreements with you.
- To complete online or offline transactions at your direction.
- To connect you to remote sessions through REAL Connect.
- To fulfill our agreements with healthcare providers or other controlling organizations providing services using the REAL System.
- To understand your expertise or experience with our products.
- To provide and personalize your access and use of the Website and REAL System products and services.
- To provide you with educational information, marketing, communications, and offers for products and services from Penumbra and third parties.
- To plan and coordinate events, including to assist with the travel logistics arrangements associated with attending our events.
- To protect someone’s health, security, or welfare.
- To monitor the safety and efficacy of REAL System products.
- For research, analysis, and product development, including to develop and improve our Website, REAL System and REAL Connect products.
- To operate, maintain, and improve the Website.
- To maintain the rights, safety, and security of Penumbra, the Website, the REAL System, REAL Connect, products, databases, and other technology assets.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations, including our transparency reporting obligations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
- As otherwise described to you at the time your personal information is collected, or with your consent, if not listed here.
- As otherwise required or permitted by law.
How We Share Personal Information
Penumbra may share your personal information for the following purposes:
- With service providers who perform a variety of services and functions for Penumbra, such as data storage, order fulfillment, system access verification, payment processing, and marketing services. Your information will only be shared on the condition that the service providers use your information only to fulfill the agreed services on our behalf.
- Researchers and academics who may use your information in accordance with this Privacy Notice.
- With our affiliates and subsidiaries who may use the personal information for the purposes described in this Privacy Notice.
- In the event we go through a business transition such as a merger, acquisition by another company, bankruptcy, reorganization, or sale of all or a portion of Penumbra’s assets.
- With law enforcement or governmental agencies to comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Penumbra, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Penumbra may also reveal your personal information to unrelated third parties for their independent use if: (1) you request or authorize it; (2) the information is provided to comply with the law; or (3) the information is provided to protect Penumbra’s rights or safety, or the rights or safety of Penumbra employees or others.
REAL System Data Hosting Services
Penumbra provides cloud data hosting services for the REAL System. This hosting is governed by contracts with the controlling organization that provides services using the REAL System. Penumbra does not use this information for purposes other than to fulfill its contracts with the controlling organization.
The controlling organization is responsible for determining which data will be hosted and how that data may be used. Please refer to the privacy notices and disclosures of the controlling organization providing services via the REAL System for additional information about the personal information that may be collected and hosted on Penumbra systems.
In some cases, this information directly identifies the individual using the device. In other cases, this information may be “coded” which means that it relates to but does not directly identify individuals. In such cases, while Penumbra is unable to determine the identity of the individuals whose data we host, the controlling organization may be able to do so using additional data that is in their possession. Finally, Penumbra may also host data that is deidentified and cannot be used to reveal the identity of any individuals.
Where Penumbra hosts data from REAL System models used for healthcare, the user information may be considered patient information subject to HIPAA. In such cases, Penumbra will enter into a Business Associate Agreement with the controlling organization (Covered Entity). In non-healthcare cases, Penumbra will enter service agreement with the controlling organization regarding the uses and protection of this information.
Links to External Websites
The Website may contain links to external websites. The Website interfaces with social media sites such as Facebook, LinkedIn, Twitter, and others. A link to such sites does not imply endorsement by Penumbra of such sites. This Privacy Notice does not apply to those external websites, and you should review the privacy policies of these external sites.
Cookies are text files stored on the Website’s server and your web browser and are used by this Website to remember you for various purposes. To learn more about the cookies used on our Website, or to change or withdraw your consent at any time, please click the Cookie Settings link in the cookie notice banner or in the footer of our Website.
In order to provide your consent for non-essential cookies, please click on the button on the pop-up cookie banner message or adjust your preferences in Cookie Settings. Some cookies are essential for the functioning of the Website and may not be deactivated using the Cookie Settings controls.
You may also alter your browser settings to block cookies. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. For more information on cookies and how to disable them, you can consult the information provided by visiting the Networking Advertising Initiative site at optout.networkadvertising.org and the Digital Advertising Alliance site at youradchoices.com.
You can prevent Google from collecting and processing cookie-generated data relating to your use of a website by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.
We use the “reCAPTCHA” service from Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043) to protect the information that you provide on our Website. With this service, we can differentiate between information entered into a form by a human and information entered by an automated machine (“bot”).
The information obtained via the reCAPTCHA service is used in accordance with Google’s Usage Terms and Conditions: https://policies.google.com/privacy?hl=en.
Do Not Track
Currently, Penumbra does not respond to Do Not Track (“DNT”) signals. All About Do Not Track, a Future of Privacy Forum website, has more information about DNT signals and is located at: https://allaboutdnt.com.
Your Marketing Choices
You may choose not to receive marketing emails from us by following the instructions contained in any of the marketing emails we send. Please note that even if you unsubscribe from marketing email messages, we may still email you non-marketing emails.
Legal Basis for Processing
Penumbra will only process your personal data when allowed by law; that is, when we have a legal basis for processing. We use personal data when one of the following legal bases applies:
- Performance of a Contract: Where necessary to perform a contract with you or to take steps at your request before entering into such a contract.
- Legal or Regulatory Obligation: Where necessary for compliance with a legal or regulatory obligation that we are subject to.
- Legitimate Interests: Where necessary for our interests, provided that your fundamental rights do not override such interests. We consider and balance the potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests.
- Public Interest: Where the processing is necessary for ensuring high standards of quality and safety of healthcare and medical devices.
- Consent: Where you have provided your consent for processing your personal data.
- As Directed: At the direction of a controlling organization when Penumbra is acting as a Business Associate or service provider. Where Penumbra relies on your consent as the legal basis for processing, you have the right to withdraw your consent at any time.
Penumbra will only process personal information in a way that is compatible with and relevant to the purpose for which it was collected or authorized by you or the controlling organization, or as we notify you if the purposes change. You have the right to object to or request that we restrict processing of your personal data for such additional purposes.
Penumbra will take reasonable steps to ensure that personal information is accurate, complete, current, secure, and reliable for its intended uses. We employ procedural and technological security measures that are designed to protect your personal information from loss, unauthorized access, disclosure, alteration, or destruction.
Penumbra will retain your personal information for as long as reasonably necessary for legitimate business purposes or as required by law. Personal information will be kept until it is no longer necessary to provide our products and services, to fulfill our contractual agreements with you or the controlling organization, to comply with applicable law, to protect Penumbra’s rights and interests (e.g., where the retention is necessary for the establishment, exercise, or defense of legal claims), or as otherwise needed for the purposes for which it was collected or processed.
At times, personal data may be transferred to other Penumbra affiliates, service providers, or systems in countries that may not offer a level of data protection equivalent to that in your country, including the United States. Where such transfers occur, Penumbra complies with the cross-border data transfer and export control laws of the countries in which it operates.
For personal data exports out of the European Union (“EU”) or European Economic Area (“EEA”), Penumbra enters into the European Commission’s Standard Contractual Clauses with the recipient to ensure compliance with the special requirements on transfers of personal data out of such countries. Where necessary, Penumbra will take appropriate supplementary measures to ensure an essentially equivalent level of data protection to that guaranteed in the EEA, in accordance with European Data Protection Board (“EDPB”) recommendations.
Privacy Statement for Children
The Website is not intended to be directed to children that are younger than thirteen (13). Penumbra does not knowingly collect or intend to collect personal information from children that are younger than thirteen (13) via the Website. If you believe we might have any information from or about a child under thirteen (13) via the Website, please contact us at firstname.lastname@example.org.
Some privacy laws, including the EU General Data Protection Regulation (“GDPR”) and the California Privacy Rights Act (“CPRA”), provide certain rights for individuals. You may have the following rights, in accordance with applicable laws and subject to necessary validation of your identity:
- Request to access or obtain a copy of your personal data being processed.
- Request correction of inaccurate personal data relating to you.
- Object to Penumbra’s processing of your personal data for direct marketing.
- Oppose processing based on our legitimate interest for reasons relating to your particular situation. Please note that we may continue to process your personal data, even if you have opposed the processing, if we have compelling legitimate grounds for the processing which overrides your privacy interests.
- Request (under certain circumstances) the deletion or restriction of the processing of your personal data, including sensitive personal data.
- Lodge a complaint with a Data Protection Authority if you have concerns about our practices regarding the processing of personal data.
Only you or someone legally authorized to act on your behalf may make requests regarding your personal data and data protection rights.
To exercise these rights, please send an email to email@example.com with the details of your request or call us at +1-877-577-4829. To exercise these rights related to personal data that Penumbra may host on behalf of the organization providing services to you using the REAL System, you may also contact that organization directly.
Penumbra does not “sell” or “share” consumer personal information as those terms are defined under California Civil Code Sections 1798.140(ad) and 1798.140(ah), respectively.
Privacy Notice Changes and Updates
This Privacy Notice may be amended at any time. If material changes are made in how personal information is collected, used, disclosed, or otherwise processed, this Privacy Notice will be updated, including the “Effective Date” at the top of this Privacy Notice. We recommend that you review the Privacy Notice each time you visit the Website to stay informed of our privacy practices. Any changes will be effective when we post the updated Privacy Notice.
All questions, complaints, or comments about this Privacy Notice or Penumbra’s data protection practices can be emailed to Penumbra at firstname.lastname@example.org. We will use reasonable efforts to respond to you as soon as possible. You may also contact our Data Protection Officer at email@example.com.