Our Promise of Privacy

We at NxStage Medical, Inc., including our affiliates and subsidiaries ("NxStage"), are committed to protecting the privacy of our users, and we treat any information we hold about you with discretion, care, and respect. This notice describes NxStage’s Privacy Policy for information we collect from individuals through the NxStage websites, without limitation, which include NxStage.com and NxStage.co.uk (the "Sites") and does not apply to any information collected by NxStage through other means. Please do not use our Sites or submit any personal information to us if you are not happy with how we use that personal information, as described below.

1. INFORMATION WE COLLECT

1.1 Information you voluntarily provide to us

We collect personal information about you – that is, information that relates to you and which either on its own or in combination with other pieces of information can be used to uniquely identify you. This includes your name, address, phone number, e-mail address, and responses to specific questions (e.g., reasons for visiting our Site). We collect this information when you voluntarily provide it to us, such as when you fill out a job application through our Careers page, fill out requests for information, register for an event, or listen to webcasts through our Sites. We may also record the types of product information you have requested on our Sites.

We do not request, solicit, or require you to disclose information about your or another person’s health or medical status through our Sites. Health care providers should be careful not to provide confidential health or medical information about their practice or patients. Please note that we also offer web access to NxRx and NxSTEPs which may be subject to different and/or additional terms of use and privacy policies as indicated and located on their respective sites.

1.2 Job applicant data

If you fill out a job application through our Careers page, you may be given the opportunity to provide your gender, race, ethnicity, and veteran status. Provision of this sensitive information is voluntary and is not a requirement of employment. We only collect this information in order to monitor compliance with employment and equalities legislation, and providing this information will in no way affect the decision regarding your application for employment. This information will be kept confidential.

You will also be prompted for relevant personal information including, but not limited to, address, phone number, e-mail address and employment history. This information is necessary for us to process your application, and if you do not provide it, it may not be possible for us to process or accept your application.

1.3 Information collected automatically

We collect certain types of non-personal information from you automatically through the use of "cookies" and 1-pixel gifs, and also extract other information about your device and browsing information. Cookies are small text files that your web browser places on your computer’s hard drive. 1-pixel gifs are tiny graphic image files embedded on certain pages of our Sites that send certain information from your web browser back to our servers. The other information we collect includes your IP address (a unique number that identifies your access account on the Internet), domain, and web browser information.

We may use cookies and 1-pixel gifs to collect certain information about your use of the Sites, such as to track what pages you view within our Sites, to tell us whether you have visited our Sites previously, and to help us determine if you came from a particular link or banner advertisement. The information we collect through cookies and 1-pixel gifs is not personal information.

We combine the personal information collected from you with the information collected automatically for the purposes set out below.

2. HOW DO WE USE THE INFORMATION THAT WE COLLECT?

We use your personal information primarily to:

  • respond to questions or requests submitted by you, in order to meet our business interests in providing an efficient and helpful service to visitors to our Sites;
  • send you requested product or service information, to meet our business interests in providing our services to visitors to our sites;
  • process applications submitted by you (including job applications) and create employment records for applicants we hire. We do this to take the steps required before entering into a contract with you, and if we do enter into a contract, to meet our obligations under that contract;
  • conduct market research, including surveys and analysis, which is necessary to meet our business interests in understanding the market and adjusting our business accordingly;
  • improve our products, services and Sites, and personalize your experience on our Sites, in order to meet our business interests in providing you the best service possible;
  • contact you about changes affecting our Sites, or the information collected about you, where necessary to inform you about changes, to meet our business interests in ensuring that you understand the ways we use your information and how our Sites operate.

When you have provided your consent, or when we are otherwise legally entitled to do so, we use your personal information for direct marketing. You can opt out at any time using the mechanisms described below. Where we use your personal information to meet our business interests, you can object to those uses of personal information by contacting us using the details below.

Additionally, if at any time you wish us to stop using your personal information for any or all of the above purposes, please contact us as set out below. Where required by law, we will stop the use of your personal information for such purposes as soon as it is reasonably possible to do so.

3. HOW WE SHARE INFORMATION WITH THIRD PARTIES, AND WHY

We share your personal information with our subsidiaries and affiliates, who use your personal information in the ways described in this notice.

We also share certain personal information with third parties, including current or potential business partners, for a number of reasons, including, but not limited to, direct marketing and market research. These service providers generally act solely on our instructions and on our behalf for the purposes described above.

Notwithstanding anything else in this policy, we may also disclose to third parties personal information: (a) to respond to a request that you have made as described above; (b) to comply with legal obligations, such as when required by a valid legal mechanism such as a search warrant, subpoena, or court, governmental, or administrative order, or when required to report information regarding use of our products; (c) when necessary to protect our interests in ensuring the integrity of our Sites or the safety of Site users, our employees, or property; or (d) if we sell some or all of our assets or there is another transfer of our business. In such event, we may retain a copy of the transferred information.

4. USE OF PERSONAL INFORMATION OUTSIDE YOUR HOME COUNTRY

NxStage uses and stores the personal information it collects on servers located primarily in the United States, but also in other countries and territories. The third parties with which we share personal information are also located in the United States and other countries, and these countries may not be considered to provide the same level of protection as the country in which you live.

When we transfer your personal information to these countries and territories, we put in place safeguards, including contractual commitments, to ensure your personal data is subject to a level of protection which has been approved by law. In particular, NxStage Medical, Inc. is certified to the EU-U.S. Privacy Shield Framework. Accordingly, our privacy practices for all personal information received in the U.S. from the EU are subject to this framework and are consistent with the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and enforcement. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our U.S.-based third party dispute resolution provider (free of charge), the BBB EU Privacy Shield Dispute Resolution Procedure, (contact information is available at http://www.bbb.org/EU-privacy-shield/for-eu-consumers).

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

5. YOUR RIGHTS AND CHOICES OVER YOUR PERSONAL INFORMATION

We strive to give you ways to update your personal information or to delete it unless we have to keep that information for legitimate business or legal purposes. Subject to local law, you also have certain rights over your personal information. These include the following rights to, in certain circumstances:

  • Access and receive a copy of your personal information;
  • Restrict our use of your personal information;
  • Object to our use of your personal information; and
  • Receive your personal information in a usable electronic format and transmit it to a third party (the right of ‘data portability’).

If you would like to discuss or exercise these rights, please contact us using the details below. We will contact you if we need additional information from you in order to honour your requests.

6. STORAGE OF YOUR INFORMATION

We will keep your personal information for as long as we have a relationship with you and until you opt out of receiving communications from us (see Section 9), for example for as long as your job application is ongoing or for as long as we are responding to your question or request for information. We will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes
  • Comply with record retention requirements under the law
  • Defend or bring any existing or potential legal claims
  • Deal with any complaints regarding the services

We will delete or anonymize (such that you cannot reasonably be reidentified using any means available to us) your personal information when it is no longer required for these purposes.

7. CHILDREN’S ONLINE PRIVACY PROTECTION

Our Sites are not targeted to children, and we do not knowingly collect personal information from children under the age of 16 on our Sites. Our Sites are entirely aimed at adults. We do not filter advertisements or other content that children may view through the public portions of our Sites.

8. HOW E-MAIL LINKS ARE TREATED

We use e-mail links located on the “Contact Us” page or on other pages on our Sites to allow you to contact us directly with any questions or comments you may have. We attempt to read every message we receive and try to reply promptly to each one. The information you provide when you contact us is used to respond directly to your questions or comments and may be shared within the Company. We may also file your comments to improve the Sites and learning programs, or review and discard the information.

9. HOW TO OPT OUT OF RECEIVING COMMUNICATIONS FROM NXSTAGE

At any time, you may request that we stop sending you communications. We will process your request as promptly as possible, though you may receive another contact before the removal takes effect. Our Sites give you the following options:

If you do not wish to receive further e-mail communications, further direct mail, telephone, or other communications send an e-mail to unsubscribe@nxstage.com with the word UNSUBSCRIBE in the subject line. Please include your first name, last name, address, city, state, zip code, and phone number to ensure we can process your request.

If you do not wish to receive further e-mail communications from Investor Relations, send an e-mail to: ir@nxstage.com with the word UNSUBSCRIBE in the subject line. Please include your first name, last name, firm affiliation (if any) and phone number to ensure we can process your request.

If you prefer, you can send us a letter describing your opt-out request at the following address. Please include your first name, last name, address, city, state, zip code, and phone number to ensure we can process your request:

NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843 USA
Attn: Colleen Moore, Marketing Communications

10. PRIVACY CHOICES

You can control the use of information collected about you through our Sites.

If you do not want our Sites to collect information about you through the use of cookies, you may set your web browser to reject cookies from our Sites. If you reject these cookies, however, it may limit some functionality of our Sites.

11. LINKS

Our Sites may contain links to other websites. NxStage is not responsible for the privacy practices or the content of such websites. Additionally, the existence of any external link does not suggest that we endorse the linked company or its products or services. We recommend that you read the privacy policies of each website that you visit.

12. OTHER TERMS AND CONDITIONS

Your access to and use of our Sites is subject to our Terms of Use. We also offer web access to NxRx and NxSTEPs which may be subject to different and/or additional terms of use and privacy policies as indicated and located on their respective sites.

13. CHANGES TO THIS POLICY

We may change the terms of this Privacy Policy by posting revisions to this page. If you are concerned about how your information is used, please check our website periodically to review our current Privacy Policy. In the event we make any change to this policy that materially alters the use of personal information already collected from you, we will notify you of such change, and if changes will have a fundamental impact on the nature of the processing or on your rights, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).

14. NOTICE TO US RESIDENTS OF THE STATE OF CALIFORNIA ABOUT YOUR CALIFORNIA PRIVACY RIGHTS

In addition to other rights described in this Privacy Policy, if you are a resident of the State of California within the US, and a NxStage customer, you have the right to request information from NxStage regarding the manner in which NxStage shares certain categories of your personal information with third parties, for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to NxStage at its designated address and receive the following information within thirty (30) days of our receipt of the request: (1) the categories of personal information disclosed to third parties during the immediately preceding calendar year, (2) the names and addresses of third parties that received the personal information during the preceding calendar year, and (3) if the nature of a third party’s business cannot be reasonably determined from the third party’s name, examples of their products or services. You are entitled to receive a copy of this information in a standardized format, and the information will not be specific to you individually.

All requests for such information must be in writing and sent to NxStage’s designated address:

NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843 USA
Attn: Legal Department

15. QUESTIONS REGARDING PRIVACY

If you have any questions about this privacy statement or our practices, you may contact:

NxStage Medical, Inc.
350 Merrimack Street
Lawrence MA, 01843 USA
Attn: Privacy Officer

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority of the country in which you live using their website.

 

Revised May 20, 2018