NXSTAGE MEDICAL INC.
PRIVACY STATEMENT (CANADA)
Last Modified: May 2013
At NxStage Medical Inc. ("NxStage"), we are committed to protecting your privacy and safeguarding your personal information.
The purpose of this Privacy Statement is to inform you about the types of Personal Information NxStage (as follows, "we" or "us") collects, uses and discloses. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information.
We are proud to demonstrate our commitment to your privacy, by complying with the laws and regulations under applicable privacy laws in Canada. As we are a national organization, this Privacy Statement is designed to meet the standards prescribed by the Personal Information Protection and Electronic Documents Act and the regulations thereunder as well as applicable provincial privacy legislation and regulations, including, the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), the Personal Health Information Protection Act, 2004 (Ontario), and An Act respecting the protection of personal information in the private sector (Quebec).
From time to time, we may make changes to this Privacy Statement. The Privacy Statement is current as of the "last revised" date which appears at the top of this page. We will treat Personal Information in a manner consistent with the Privacy Statement under which it was collected, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you, from any source.
The following topics will be covered in this Privacy Statement:
- What is Personal Information?
- How do we collect your Personal Information?
- Where do we store your Personal Information?
- How do we use your Personal Information?
- To whom do we provide your Personal Information?
- When and how do we obtain your consent?
- How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
- How long will we utilize, disclose or retain your Personal Information?
- How can you review your Personal Information that we have collected, utilized or disclosed?
- How do you know that the Personal Information we have on you is accurate?
- What if the Personal Information we have on you is inaccurate?
- How fast will we respond to your written requests?
- Are there any costs to you for requesting information about your Personal Information or our privacy practices?
- How do we know that it is really you requesting your Personal Information?
- What safeguards have we implemented to protect your Personal Information?
- How do you contact us regarding access to your Personal Information or our privacy practices?
1. What is Personal Information?
"Personal Information" is any information that is identifiable with you, as an individual. This information may include but is not limited to your name, contact information, and NxStage usernames and passwords. Personal Information, however, does not include your name, business title or business address and business telephone number in your capacity as an employee of an organization.
2. How do we collect your Personal Information?
We will always collect your Personal Information by fair and lawful means. We may collect Personal Information from you directly and/or from third parties, where we have obtained your consent to do so or as otherwise required or permitted by law.
3. Where do we store your Personal Information?
We will keep the Personal Information that we collect either at the NxStage offices in the United States of America, or at the offices of a service provider in the United States of America or in Canada.
You should note that any Personal Information that is stored or used in the United States of America is subject to the laws of United States of America, and pursuant to such laws, may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of the United States of America.
4. How do we use your Personal Information?
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. We generally use your Personal Information for the following purposes (the "Purposes"):
- to facilitate the delivery of current and future NxStage products and services, including technical support for your NxStage products;
- to coordinate, manage and ship supplies to you;
- to advise you about new programs, products and services that may be of interest to you, with your consent;
- to respond to your inquiries, complaints or requests;
- to collect opinions and comments in regard to NxStage’s operations;
- to conduct statistical research and demographic analysis, with your consent;
- to administer our web site;
- to investigate legal claims;
- such purposes for which NxStage may obtain consent from time to time; and
- such other uses as may be permitted or required by applicable law.
5. To whom do we provide your Personal Information?
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
For example, we may disclose your Personal Information to your health care provider. We may also transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes – such as service providers that provide delivery services, logistical support, telephone support or data storage or processing, whether in the United States or in Canada.
Generally, we will only make disclosures of Personal Information to such persons for which you provide your consent. Notwithstanding the foregoing, we may also make disclosures of Personal Information to a potential acquiror in connection with a transaction involving the sale of some or all of the business of NxStage (in which case the use of your personal information by the new entity would continue to be limited by applicable law), or as otherwise permitted or required by law.
6. When and how do we obtain your consent?
We generally obtain your consent (or require your health care provider to obtain your consent) prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. That consent may be obtained through your health care provider or may be provided to us directly (either orally, electronically or in writing). The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the personal information and the reasonable expectations you might have in the circumstances.
7. How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
We ensure that all affiliates and other third parties that are engaged to perform services on our behalf and are provided with Personal Information are contractually required to observe the intent of this Privacy Statement and our privacy practices.
8. How long will we utilize, disclose or retain your Personal Information?
We may keep a record of your Personal Information, correspondence or comments, in a file specific to you. We will utilize, disclose or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
9. How can you review your Personal Information that we have collected, utilized or disclosed?
If you make a written request to review any Personal Information about you that we have collected, utilized or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable, and will explain any abbreviations or codes.
10. How do you know that the Personal Information we have on you is accurate?
We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required.
11. What if the Personal Information we have on you is inaccurate?
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
12. How fast will we respond to your written requests?
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the federal Privacy Commissioner in respect of this time limit.
13. Are there any costs to you for requesting information about your Personal Information or our privacy practices?
We will not charge any costs for you to access your Personal Information in our records or to access our privacy practices without first providing you with an estimate of the approximate costs, if any.
14. How do we know that it is really you requesting your Personal Information?
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
15. What safeguards have we implemented to protect your Personal Information?
We have implemented physical, organizational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees, who are granted access to your Personal Information, are those with a business ‘need-to-know’ or whose duties reasonably require such information.
16. How do you contact us regarding access to your Personal Information or our privacy practices?
All comments, questions, concerns or complaints regarding your Personal Information, this Privacy Statement or our privacy practices, should be forwarded to our Privacy Officer as follows.