EU and UK Privacy Policy

The Effective Date of this Privacy Policy is November 1, 2018. If we decide to change our Privacy Policy, we will post the changes on this page so that you are always informed of our policies.

SUMMARY AND GENERAL CONTACT INFORMATION

This Privacy Policy describes how we handle information we learn about you from our web site. The information we collect depends on what you do when you visit our site.

This website is not intended for children and we do not knowingly collect data relating to children.

Controller

The Pulmonx group is made up of different legal entities, being Pulmonx Corporation and PulmonX International Sarl. This privacy notice is issued on behalf of the Pulmonx Group so when we mention “Pulmonx”, “we”, “us”, or “our” in this privacy notice, we are referring to the relevant company in the Pulmonx Group responsible for processing your data.

Pulmonx Corporation is ultimately responsible for the processing of your personal data and will be the joint controller, together with the relevant company in the Pulmonx Group with which you have directly engaged with.

Contact Details

If you have questions about this policy or wish to contact us (including if you wish to exercise your legal rights), our contact details  are as follows:

Pulmonx Corporation
700 Chesapeake Drive
Redwood City, CA 94063

Email: privacy@pulmonx.com

Telephone: +1 650-364-0400

PulmonX International Sàrl
Rue de la Treille 4
2000 Neuchâtel
Switzerland

Email: privacy@pulmonx.com

Telephone: +41 32 475 2076

In addition, you have the right to make a complaint at any time to the supervisory authority for data protection issues.  A list of the EU data protection authorities can be found at: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. We would however appreciate the opportunity to deal with any concerns before you approach the supervisory authority so please contact us in the first instance.

COLLECTION OF INFORMATION

  • Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (Anonymized Data)

We may collect, use, store and transfer different kinds of personal information which includes:

  • Your name, title, date of birth and gender (Identity Data).
  • Your address, email address and telephone number (Contact Data).
  • Medical/health data that you have voluntarily supplied to us when contacting us (Voluntary Health Data)
  • Your pseudonymized medical information shared by a physician asking for guidance for treatment planning or health data reported through a device use questionnaire or post-market user evaluation (Pseudonymized Health Data)
  • Your IP address, login data, browser type and version, and operating system and platform (Technical Data).

We also collect, use and share Aggregated Data such as statistical and demographic information for any purpose. Aggregated Data may be derived from your personal information but does not directly or indirectly reveal your identity.

We do not collect any Special Categories of Personal Data about you which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, such as genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal information

Where we need to collect personal information by law, or under terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

HOW WE COLLECT YOUR INFORMATION

We do not collect personally-identifying information about you, including your email address, telephone number or postal address, when you visit our site, unless you choose to provide such information to us. If at any time you do provide us with such information, we will collect it. We use different methods to collect personal information from and about you including through:

Direct Interactions

You may give us your personal information (for example Identity, Contact and Voluntary Health Data) by completing forms on our website, or by corresponding with us by email, phone or post. This includes personal information you provide when you:

  • Enquire about product and/or services;
  • Request information;
  • Purchase products and/or services;
  • Subscribe to our marketing newsletters;
  • Contact us to provide feedback.

Automated Technologies

For each visitor to our web site, we collect and store the following information about your computer hardware and software: your IP address, your browser software, your operating system, and the Internet address of the web site from which you linked directly to our site. We collect and store this information on an individual basis and in aggregate, or combined, form. We also collect both user-specific and aggregate information on what pages visitors access or visit. This information allows us to deliver any information you request from us, such as product information or training materials. We also use the information to measure the number of visitors to our site, to understand which service providers our visitors use, to improve the content of our web pages, and to customize the content and layout of our pages. All of this is done with the intention of making our site more useful to visitors.

Cookies

Our web site uses session cookies to record session information, such as which web pages a user has visited, and to track user activity on the site. We do not collect any personal data through the use of cookies, and all cookies expire when you leave our site. Our web site does not use persistent cookies.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Third Parties

We may receive personal data about you from third parties as set out below:

Pseudonymized Health Data from physician asking for guidance for treatment planning or in connection with clinical studies.

USE OF INFORMATION

We will only use your personal information when we have a lawful basis for doing so. We have explained below each lawful basis for using your personal information, and the purposes for which we use your personal data.

Performance of a contract: we need to use your personal information, such as Identity Data and Contact Data for the purposes of performing a contract you have entered into with us.

Necessary for our legitimate interests: we use your personal information for ongoing business purposes, for example we may use your Identity and Contact, to understand our customers, develop our products and services and recommend appropriate services.

Necessary for the purposes of preventive or occupational medicine or treatment: we use your Pseudonymized Health Data and Voluntary Health Data to provide guidance on treatment, to improve our products and services, to recommend appropriate services and to fulfill our obligations in respect of clinical studies.

Compliance with a legal obligation: we use your Identity, Contact and Marketing and Communications Data to comply with various legal obligations including ensuring that you do not receive marketing communications from us in circumstances where you have advised us that you do not wish to receive those communications.

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us using the details set above.

In addition, if you would like further information about the specific lawful basis we rely on when using your personal information please contact us using the details set out above.

We will use personally-identifying information in connection with the purpose for which you provided it (e.g., to contact you with a response to a request for information), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Additional ways in which we may use this information are as follows:

Marketing

If you provide us with your email address, you may receive periodic promotional emails from us with information regarding special offers or new products or services. You may also receive informational emails from us related to any user accounts you have set up with us, as well as administrative notices regarding the operation of the web site.

If you supply us with your postal address online, you may receive periodic mailings from us with information on new products and services.

If you provide us with your telephone number, you may receive telephone contact from us with information regarding new products and services.

We will always get your express opt-in consent before we share your personal information with any company outside the Pulmonx Group for marketing purposes.

OPT OUT PROCEDURES

If you do not wish to receive promotional emails from us, please let us know by using the opt-out response device that can be found at the bottom of every email we deliver or by calling Pulmonx at the telephone number indicated in the email. You may also let us know by sending your request to the attention of Pulmonx Customer Service at: Pulmonx Corporation, 700 Chesapeake Drive, Redwood City, CA 94363 or PulmonX International Sàrl, Rue de la Treille 4, 2000 Neuchâtel, Switzerland (please include sufficient information to allow us to identify you in our records). Please allow a reasonable time for us to process your request.

Note that although you can opt not to receive promotional emails, Pulmonx retains the right to send registered users of its web sites informational email messages about the user’s account or administrative notices regarding the site, as permitted under the CAN-SPAM Act (15 U.S.C. §7701 et seq.).

DISCLOSURE OF INFORMATION

We do not rent or sell email addresses, postal addresses or telephone contact information to third parties or otherwise share any personally-identifying information we collect with any third parties, except that Pulmonx reserves the right to share personally-identifying information with third party service providers such as an agent, contractor or partner working on behalf of Pulmonx to serve our customers; to transfer personally-identifying information to a third party in conjunction with the sale or similar transfer of the company or a business unit; and to disclose personally-identifying information to a third party in connection with legal proceedings and investigations of crimes or other wrongdoing.

If Pulmonx does share personally-identifying information with an agent working on behalf of Pulmonx, we will employ commercially appropriate procedures to help ensure that the disclosed information is used only for authorized purposes by authorized persons, and that safeguards are in place to help maintain the security, integrity and privacy of the information.

INTERNATIONAL TRANSFERS OF INFORMATION

We share your information, including personally-identifying information, within the Pulmonx Group. This will involve transferring your data outside the European Economic Area (EEA).

We also engage with external third parties who are outside the EEA so their processing of your personally-identifying information will involve a transfer of your data outside the EEA.

Wherever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection by the European Commission.
  • We require our third party service providers to use contracts incorporating the European Commission’s pre-approved contractual terms.
  • For US providers, we may transfer information to them if they are part of Privacy Shield which requires them to provide a similar level of protection to information shared between the US and EU.

THIRD PARTY SITES

From time to time, this website may link you to other sites on the Internet (“Linked Sites”). The Linked Sites are not under Pulmonx’s control, and Pulmonx does not control the collection or use of any information, including personally-identifying information, that occurs during your visit to the Linked Sites. Further, Pulmonx makes no representations about the privacy policies or practices of the Linked Sites. When you leave our website, we encourage you to read the privacy policy of every website you visit.

SECURITY

We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site, and we employ security features generally accepted in the industry to protect the security of transactions made on our site. Commercial transactions are protected via Secure Sockets Layer (SSL) technology.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only have access to your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

CHANGES TO THIS POLICY AND CHANGE OF USE

From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change materially at some time in the future, we will post the policy changes to our web site. If we have collected personally-identifying contact information from you, we will notify you about the changes prior to making use of your information in new ways and will provide you with a reasonable opportunity to opt out of the new procedures before they are implemented. We will also honor opt out requests made following implementation of the new procedures, as discussed above.

If you believe that this site is not following its stated information policy, you may contact us at the above address, or contact state or local chapters of the Better Business Bureau.

EU and UK Legal Rights

Under EU and UK data protection laws, you have the following rights in relation to your personal data:

  • Right to request access to your personal data: Upon request we provide site visitors with access to their own personally-identifying contact information (e.g., name, address, phone number) that we maintain about them. You can access this information by sending your request to: Pulmonx Corporation, Attention: Customer Service, 700 Chesapeake Drive, Redwood City, CA 94063 or PulmonX International Sàrl, Rue de la Treille 4, 2000 Neuchâtel, Switzerland. To help us process your request, please provide sufficient information to allow us to identify you in our records. If you have a user account with us, we ask that you provide your user name and password in your request.
  • Right to request correction or personal data that we hold about you: We also offer visitors the opportunity to have inaccuracies corrected in all information we maintain about them. You can have your information corrected by sending your request to: Pulmonx Corporation, Attention: Customer Service, 700 Chesapeake Drive, Redwood City, CA 94063 or PulmonX International Sàrl, Rue de la Treille 4, 2000 Neuchâtel, Switzerland. To help us process your request, please provide sufficient information to allow us to identify you in our records.
  • Right to request erasure of your personal data: this enables you to ask us to delete personal data where there is no good reason for us continuing to process it. This may also apply where you have successfully exercised your right to object to processing (see below), where we may have processed your data unlawfully or where we are required to delete your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to object to processing based on certain grounds: this enables you to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your personal situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process our information which override your rights and freedoms.
  • Right to withdraw consent: this enables you to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Right to transfer data: this enables you to request the transfer of your personal data to you or a third party. We will transfer the data in a structured, commonly used, machine readable format. This right applies only in respect of automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We reserve the right to ask for information verifying your identity prior to disclosing any information to you. Should we ask for verification, the information you provide to verify your identity will be used only for that purpose, and all copies of this information in our possession will be destroyed when the process is complete. In addition, we may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month but it may take longer if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

If you wish to exercise any of the above rights, please contact us using the details provided in the Contact Us section above.