×

Privacy Statement

Natus Medical Incorporated Privacy Policy

 

Who is collecting the data?

Natus Medical Incorporated and its affiliated and subsidiary companies (collectively, “Natus,” “we,” “us” or “our”) are committed to responsibly handling personal information that we collect or otherwise process regarding individuals who purchase our products or services, visit our Website, or otherwise interact with us (“you” or “your”). This Privacy Policy (“Policy”) is intended to inform you about our practices regarding the collection, use, disclosure, and other processing of your personal information, including personal information that you may provide through your use of the Website or through your other interactions with us, and certain rights you may have relating to such use and other processing.

Please read this Policy in its entirety before using our Website or otherwise submitting personal information to us through the Website or otherwise. By providing personal information to us or by utilizing the Website, you agree to comply with the terms and conditions of this Policy, and you hereby consent to our collection, use, disclosure, and other processing of your personal information in accordance with this Policy. We reserve the right to modify this Policy at any time, as circumstances or requirements change. All updates are effective immediately when we post them here and apply on a go-forward basis. For this reason, we encourage you to review this Policy whenever you visit the Website so you are aware of any updates, as they will be applicable to you and your personal information.

We may provide you with products or services that have additional privacy terms, policies or notices that apply in connection with your use of such products or services. In the event of any conflict between this Policy and any such additional terms, policies or notices, such additional terms, policies or notices will govern in relation to your use of such products or services.

For purposes of this Policy, the term “personal information” has the meaning given to such term (or to terms of similar intent, such as “personal data”) under applicable law, as and to the extent applicable to your rights and our obligations with respect to such information, including (as and to the extent applicable):

(i)    “personal information” as defined under the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020, and/or

(ii)    “personal data” as defined under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the UK General Data Protection Regulation (i.e., the GDPR as implemented into the laws of the United Kingdom).

 

What personal information is being collected?

The types of personal information collected by or on behalf of Natus about you varies based on our interactions with you (for example, whether you are a Website visitor or a customer).

This Website gathers certain information from its visitors by asking specific questions and permitting communication directly with Natus via forms. Some of the information that is submitted to Natus on these forms may be personal information. The personal information collected by or on behalf of Natus about you through the Website includes, but is not limited to, the following:

  • IP address, internet service provider and other online identifiers or web beacons;
  • Details of your online browsing activities on the Website, including, but not limited to:
    • the full Uniform Resource Locators (URL);
    • clickstream to, through and from the Website (including, but not limited to, date and time);
    • products or services you viewed or searched for, including page response times;
    • download errors;
    • length of visits to certain pages;
    • page interaction information (such as scrolling, clicks, and mouse-overs) and
    • methods used to browse away from the page;
  • Your browser type and version, relevant plug-ins, operating system and platform;
  • Your time zone settings; and
  • In relation to any personal account you create on the Website:
    • User names, passwords and other log-in information;
    • Your account settings, including, but not limited to, any default preferences;
    • A log of your browsing activities during your visit to the Website; and
    • Any preferences we have observed, such as the types of products or services that interest you, or the areas of the Website that you visit.

Certain sections of this Website may require you to submit such personal information in order to benefit from specified features of this Website (such as newsletter subscriptions, tips/pointers, order processing, or submitting a resume) or to participate in a particular activity (such as a webinar, an event, or a sales promotion). You will be informed at each information collection point what information is considered required or optional.

Your personal information also may be collected by Natus in connection with your purchase or use of products or services or other interactions with us. The personal information collected by or on behalf of Natus about you in connection with the purchase or use of products or services, or other interactions with us, may include, but is not limited to:

  • basic personal details, including, but not limited to, your name, billing address, shipping address, email address, telephone number, and any other contact details you may supply;
  • information about the products or services you purchased from us, how you used them, and the details of your customer service requests; and
  • payment information.

Personal information is also collected via cookies placed on your PC, mobile or tablet. You can disable cookies in your browser. The exact procedure depends on which browser you are using.

This Policy, and the practices described herein, applies equally to our collection, use, disclosure and other processing of such “sensitive” personal information.

The Website is not intended for children and we do not knowingly collect personal information relating to children (including any minors under the age of 16) through the Website or similar interactions with individuals. Where an individual (including any minor under the age of 16) is using one of our products or services, the additional terms, policies, or notices associated with that product or service will apply to such use.

 

How will the information be used?

In addition to the uses identified elsewhere in this Policy, we may use your Personal Information to operate our business including:

  • To communicate with you;
  • To provide you with products or services you have requested;
  • To process payments, fulfill your orders and requests and facilitate delivery if you purchase a product or service;
  • To operate the Website and our other IT systems, and to safeguard their security;
  • To protect or defend against fraud, lawsuits, claims or other liabilities;
  • To improve your browsing experience;
  • To fulfill our contractual obligations to you or to third parties to whom you have provided your personal information;
  • For our internal business administration and recordkeeping purposes;
  • To enhance, modify, personalize or otherwise improve our products, services or communications for the benefit of Natus and the users of the Website;
  • To better understand how people interact with the Website;
  • To manage and administer customer services, including administration of customer accounts;
  • To provide postal and/or email marketing communication which we think will be of interest to you if you request such information be provided to you;
  • To determine the effectiveness of promotional campaigns and advertising;
  • To send you information about medical devices and services (and any other products or services we provide) by post, email, or other means;
  • For recruiting purposes, when you apply for a position with us;
  • To provide information to counterparties in connection with a proposed or actual sale, merger, restructuring or transfer of all or a portion of Natus or its business, or to provide information as may be necessary in connection with other corporate transactions, such as financings or restructurings; and
  • To comply with federal, state, or local laws, rules, regulations, and other applicable legal and regulatory requirements, including, for example, as necessary to respond to governmental, regulatory or law enforcement agency requests.

 

How long will the data be stored for?

We will normally only keep your data for as long as necessary to provide you the services you are using or have otherwise required by to comply with federal, state, or local laws, rules, regulations, and other applicable legal and regulatory requirements.

 

Will the data be shared with any third parties?

By providing your consent to provide Natus with information via this Website, you also consent, and Natus reserves the right, to disclose your personally identifiable information to affiliates of Natus that agree to treat it in accordance with this Policy.

In connection with the purposes listed below, we may share your personal information among our affiliates and subsidiaries and/or certain applicable third parties (such as governmental authorities and regulators; courts and law enforcement agencies; vendors, contractors and service providers, including those supporting the Website or providing us with other services needed to maintain our business (such as fulfillment or delivery services, IT and technical support, or financial services), as well as lawyers, accountants, auditors, and other professional advisors; and counterparties, or potential counterparties, in connection with certain types of corporate transactions):

  • To comply with federal, state, or local laws, rules, regulations and other applicable legal and regulatory requirements;
  • To comply with a civil, criminal, or regulatory investigation or a subpoena, court order or summons by federal, state, or local authorities;
  • In connection with a proposed or actual sale, merger, or transfer of all or a portion of Natus or its business, or other corporate transactions, such as financings or restructurings;
  • To protect or defend against fraud, unauthorized transactions, lawsuits, claims or other liabilities;
  • To administer and operate our business; and
  • To maintain your accounts and process or complete transactions requested by you.

Natus does not sell your personal information to third parties or share your personal information with third parties for purposes of cross-context behavioral advertising.

In addition, we will make full use of all information acquired through this site that is not in personally identifiable form.

 

Links to Other Websites

Links or references to other websites may be found on this site. Please be advised that we do not have power over other websites and that this Policy does not apply to any other website.  The information handling practices of the linked or referenced websites may not be the same as ours. We encourage you to examine the privacy policy of every linked or referenced website you visit. We are not responsible for any linked or referenced websites.

 

Other Terms

Any use of this Website is subject to the terms of our Legal Notice. We reserve the right to change this Policy at any time. For this reason, we encourage you to review this Policy whenever you visit the Website so you are aware of any updates, as they will be applicable to you and your personal information. The examples contained within this notice are illustrations and are not intended to be exhaustive. You may have additional rights under other applicable foreign or domestic laws.

 

Additional Information for Individuals Whose Personal Data is Subject to the GDPR or the UK GDPR

Residents of the European Economic Area (“EEA”) and the United Kingdom (“UK” and such residents of either, “EEA/UK Residents”) have certain rights with respect to their personal data pursuant to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the UK General Data Protection Regulation (i.e., the GDPR as implemented into UK law, the “UK GDPR”), as applicable and as further described in this section. If you are an EEA/UK Resident and do not agree with our use of your personal data as set forth in this Policy, you should not submit your personal data to Natus. However, if you do not submit certain personal data to Natus, or if you exercise your rights to prevent us from using such personal data, you should be aware that we may not be able to do business with you. This section supplements this Policy and applies solely to EEA/UK Residents. For the purposes of applicable data privacy legislation, Natus Medical Incorporated is the “controller” of EEA/UK Residents’ personal data under this Policy.

Our legal bases for collecting and using personal data:

We are entitled to use your personal data in the ways set out in this Policy on the following legal bases:

  • the use of personal data is necessary for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
  • we have legal obligations that we must discharge;
  • the use of your personal data is necessary for our legitimate interests;
  • you have consented to such use; and/or
  • to establish, exercise or defend our legal rights for the purposes of legal proceedings.

We do not expect to process “sensitive” or “special” categories of personal data under the GDPR or UK GDPR, however, if we were to process such personal data, we would do so only where we have asked for your explicit consent or where such processing is necessary for the establishment, exercise or defense of legal claims or is otherwise permitted under applicable laws.

International transfers: Our processing of your personal information may involve transferring your personal information outside of the EEA or the UK, including to countries such as the United States which may not offer the same standard of protection for personal information as countries within the EEA or the UK. Whenever we transfer your personal information outside of the EEA or the UK to countries that have not been deemed to provide an adequate level of protection for personal information by the European Commission and/or the relevant public authority in the UK, as applicable, we seek to ensure a similar degree of protection is afforded to it by, where required by the GDPR or the UK GDPR, using specific contracts approved by the European Commission or the relevant public authority in the UK. You may be entitled, in accordance with the GDPR or the UK GDPR, as applicable, to request further information regarding such safeguards, which you can do by contacting us using the details set forth at the end of this Policy.

Your rights in connection with personal data:

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully;
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected;
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also may have the right to object where we are processing your personal data for direct marketing purposes;
  • Request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see above);
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and/or
  • Request the transfer of your personal data to another party in a machine-readable, commonly used and structured format.

If you want to exercise any of these rights, then please contact us using the details set forth at the end of this Policy. The various rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you wish to withdraw your consent or object to processing, we may need to discuss with you whether our use of your personal data needs to continue for other lawful purposes, such as fulfilment of a legal or contractual requirement.

We will respond to your request within one month of receipt of your request. In some cases, we may not be able to fulfil your request to exercise the right before this date and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about our inability to do so in our initial reply to your request.

Your duty to inform us of changes: It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

Fees: You will not have to pay a fee to access your personal data (or to exercise any of the other above-listed rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you: To access your personal data (or to exercise any of the other above-listed rights), we may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other above-listed rights). This is another appropriate security measure designed to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to complain: If you wish to request further information about any of the above-listed rights, or if you are unhappy with how we have handled your personal data, please contact us using the details set forth at the end of this Policy. If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with the GDPR, UK GDPR or other applicable data privacy legislation, you can make a complaint to the supervisory authority in your country. For example, in the UK you should contact the Information Commissioner’s Office at: http://ico.org.uk/global/contact-us/ or 0303 123 1113.

 

Additional Information for Individuals Whose Personal Information is Subject to CCPA and CRPA

California residents have certain rights with respect to their personal information pursuant to the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020, collectively, the “CCPA”), as applicable and as further described in this section. If you are a California resident and do not agree with our use of your personal information as set forth in this Policy, you should not submit your personal information to Natus. This section supplements this Policy and applies solely to California residents.

You may have certain rights regarding our use and disclosure of your personal information under the CCPA, as described below. These rights are not absolute and each is subject to certain exceptions or qualifications:

  • Access: You may have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months, the categories of third parties with which such information has been disclosed or sold, the sources from which such information was collected, and the business purpose for such collection, use, disclosure or sales.
  • Correction and Deletion: You may have the right to request that we correct or delete certain personal information we have collected about you.
  • Opt-Out of Sale or Certain Sharing: The CCPA gives California residents the right to opt-out of the sale of their personal information, as well as the sharing of their personal information for purposes of cross-context behavioral advertising. However, Natus does not sell personal information or share it for purposes of cross-context behavioral advertising.

To submit an access or deletion request, please contact us using the details set forth at the end of this Policy. To help protect your privacy and maintain the security of your personal information, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an email address or other direct contact information on file with us, and request access to or deletion of your personal information, we may require you to provide your name, email address and company name, if previously provided.

You have the right to appoint an authorized agent to exercise these rights on your behalf. If you designate an authorized agent to make a request on your behalf (1) we may require you to provide the authorized agent written permission to do so and (2) for access and deletion requests, we may require you to verify your own identity directly (as described above).

If you choose to exercise rights you may have under the CCPA, you have the right to not receive discriminatory treatment from us for doing so. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. This notice may be made available in alternative formats upon request. Please contact us using the details set forth at the end of this Policy to request this notice in an alternative format or with any other questions or concerns about our privacy policies and practices.

 

How can you raise a request about the data we collect or otherwise process?

Should you have any questions or requests (including copy, correction, or deletion) regarding the processing of personal information, you may contact us at the following contact information:

Revised January 2023