Effective as of May 17, 2019
Collection of Personal Data
Personal data is data that, directly or indirectly, identifies you as an individual or relates to an identifiable individual. We collect personal data about you through our Services in the following ways:
Data you choose to provide
Personal data that you may provide through our Sites or otherwise share to us includes:
- Personal and business contact information, such as your first name, last name, postal address, email address, telephone number, job title and employer name;
- Professional credentials, such as educational and work history, institutional affiliations and other types of information that would be included on a resume or curriculum vitae;
- Profile information, such as your username and password, industry, interests and preferences;
- Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Services, receive customer support or otherwise correspond with us;
- Transaction information, such as details about programs, events or other activities you register for or attend;
- Usage information, such as information about how you use the Sites and interact with us; and
- Marketing information, such as your preferences for receiving marketing communications.
It is very important to us that all the information we hold about you remains accurate and up-to-date. If incorrect information about you is included in any statements or other communications you receive from us, please let us know. If you have any online account with us, please ensure that the information you provide through that account remains accurate and up-to-date.
Information from social networking sites
Information we get from others
We may also get information about you from other sources, such as publicly available databases, and we may add this to information we get from our Services. We may combine other publicly available information, such as information related to the organization for which you work, with the personal data that you provide to us through the Services.
Information Automatically Collected
We may automatically log information about you and your computer or mobile device when you access our Online Services. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Sites, pages you viewed, how long you spent on a page, and access times and information about your use of, and actions on, our Sites. We collect this information about you using cookies. Please refer to the section below for more details.
Our Sites also receive IP addresses of the computers used to access our Sites. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Sites, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Sites. We may also derive your approximate location from your IP address.
Cookies and Similar Technologies
What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.
Cookies we use
We use two broad categories of cookies: (1) first-party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third-party cookies, which are served by service providers on our Sites, and can be used by such service providers to recognize your computer or mobile device when visiting other websites.
Our Sites use the following types of cookies for the purposes set out below:
|Type of Cookie||Purpose|
|Essential Cookies||These cookies are essential to provide you with services available through our Sites and to enable you to use some of their features. Without these cookies, the services that you request may not be possible to provide. We only use these cookies to provide you with those services.|
|Functionality Cookies||These cookies allow our Sites to remember choices you make when you use our Sites. The purpose of these cookies is to provide you with a more personalized experience and to avoid you from having to re-select your preferences every time you visit our Sites.|
|Analytics and Performance Cookies||These cookies are used to collect information about traffic to our Sites and how users use our Sites. The information gathered may include the number of visitors to our Sites, the websites that referred them to our Sites, the pages they visited on our Sites, what time of day they visited our Sites, whether they have visited our Sites before, and other similar information. We use this information to help operate our Sites more efficiently, to gather demographic information and to monitor the level of activity on our Sites.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics, cookies, and about how Google protects your data on the Google website at www.google.com/policies/privacy/partners/. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a Google browser plugin available at https://tools.google.com/dlpage/gaoptout
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided in your browser (usually located within the “settings,” “help,” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our Sites to collect and store information about your use of our Sites. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel on the Adobe Flash Player website. You can also control Flash LSOs by going to the Global Storage
Settings Panel at the Adobe Flash Player website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Sites
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users on our Sites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Sites, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
Uses and disclosure of cookies and similar technologies
How We Use Your Personal Data
Providing the services
We use personal data to provide the Services to you and fulfill your requests, including to:
- Operate and administer the Services, such as by arranging access to your online account and providing you with customer service;
- Respond to your inquiries and fulfil your requests, such as processing and managing registrations you make through the Services and responding to any Medical Information Request Forms;
- Communicate with you regarding our programs, events, or activities for which you may have registered, including by sending you technical notices, updates, security alerts, and support and administrative messages;
- Provide support and maintenance for our Services;
- Complete your transactions; and
- Send administrative information to you, such as changes to our terms, conditions and policies.
To communicate with you
If you request information from us, register through the Services, or participate in our surveys, programs, or events, we may send you Rakuten Medical-related marketing communications as permitted by law. You will have the ability to opt in or opt out of such communications as described below.
To comply with law
We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal processes, such as to respond to requests from government authorities.
With your consent
We may use or share your personal data with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal data, or you opt into third party marketing communications.
For compliance, fraud prevention and safety
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern use of our Services; (b) protect our rights, privacy, safety or property; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Other business purposes
We use your personal data to accomplish our legitimate business purposes, including:
- For data analysis, for example, to improve the efficiency of our Services;
- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- For developing new products and services;
- For enhancing, improving, or modifying our current products and services;
- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
- For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
Change of purposes
We will only use your personal data for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and, if required under applicable law, will explain the legal basis which allows us to do so.
Legal Bases for Processing
For purposes of European Union (“EU”) law, where applicable, we provide additional information below about the legal bases of our processing of your personal data through our Services. Each category corresponds to those listed and described above.
|Processing Purpose||Legal Basis|
|Providing the services||Processing is necessary to provide services to you or to take steps that you request prior to providing those services.|
|To communicate with you||Except where applicable law requires consent for marketing communications, these processing activities are based on our legitimate interests. We consider and balance potential impact on your rights and do not process your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Our legitimate interests include providing our customers with high quality services, efficiently fulfilling our legal and contractual duties, keeping our services updated and relevant, and to develop our services and grow our business. Where we rely on consent for marketing communications, you have the right to withdraw it at any time.|
|To comply with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on consent, you have the right to withdraw it at any time.|
|For compliance, fraud prevention and safety purposes||We engage in these activities to comply with a legal obligation, and/or because we have a legitimate interest. Our legitimate interests include efficiently fulfilling our legal and contractual duties, complying with regulations that apply to us, ensuring the safety and security of our services, and to prevent fraud.|
|Other business purposes||Processing is necessary to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.|
How We Share Your Personal Data
We disclose personal data to third parties under the following circumstances:
- Service providers. We may engage third party companies and individuals to administer and provide services on our behalf (such as training, customer support, website hosting, email delivery and database management services).
- Professional advisors. We may disclose your personal data to professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Compliance with laws and law enforcement; protection and safety. We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests, such as to respond to requests from government authorities; (b) enforce the terms and conditions that govern use of the Services; (c) protect the rights, privacy, safety or property of users of our Services and
- Business transfers. We may sell, transfer or otherwise share with third parties some or all of your personal data in connection with a business deal (or potential business deal), including in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
If you submit personal data in connection with job opportunities at Rakuten Medical via our Services, we will use and disclose the data to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help with our recruitment activities. We will process this information based on our legitimate interest in evaluating job candidates or, when you provide us with sensitive information, based on your consent.
Your Choices and Rights
In relation to marketing communications, we may provide you with an “opt in” or “opt-out” mechanism depending on where in the world you are located. An “opt-in” mechanism will provide you the opportunity to positively indicate that you would like or do not object to us sending you marketing communications. If you are based in a location that requires us to provide you with an “opt-in”, then we will not send you any marketing communications unless you have “opted-in”.
You may opt out of marketing-related emails by clicking on a link at the bottom of each such email, or by contacting us at email@example.com. You may continue to receive service-related and other non-marketing emails for which you have not opted out.
If you have specified that you do not wish to receive marketing communications from us, we may still send you information which you specifically request to receive, or which relates to the provision of our Services to you including, for example, information about your online account and/or security alerts.
Data subject requests
You may request that we take the following actions in relation to your personal data, to the extent these rights are provided to you by applicable law:
- Access. Provide you with information about our processing of your personal data and give you access to your personal data.
- Correct. Update or correct inaccuracies in your personal data.
- Delete. Delete your personal data.
- Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict. Restrict the processing of your personal data.
- Object. Object to our legitimate interests as the basis of our processing of your personal data.
Please submit any such inquiries and requests by email to firstname.lastname@example.org or to our postal address provided below. We will respond to your request consistent with applicable law.
We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
The security of your personal data is important to us. We implement appropriate organizational, technical and physical measures designed to protect the personal data we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.
Our Services are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.
Sensitive Personal Data
Unless we specifically request it, we ask that you do not send or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) to us when you use the Services.
Additional information regarding the EEA: If we specifically request your sensitive personal data, we will ask for your explicit consent and/or explain to you our reason for requesting the information and the legal basis for our processing.
Additional information regarding the EEA: Some of the non-EEA countries to which we transfer your personal data are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available online at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal data. You may obtain a copy of these measures by contacting us in accordance with the “Contact Us” section below.
Other Sites and Services
The Services may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with those third parties. We do not exercise control over third-party websites and are not responsible for these websites. Other websites follow different rules regarding the use or disclosure of the personal data you submit to them. We encourage you to read the privacy policies of the other websites you visit.
Your California Privacy Rights
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to request and obtain once a year, free of charge, information about the personal information (if any) that Rakuten Medical disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please email your request to: email@example.com.
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. To determine the appropriate retention period for the personal data we collect from you, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Rakuten Medical, Inc
Legal Affairs Department
900 Concar Dr
San Mateo, CA 94402
Additional Information Regarding the EEA
If you reside in the European Economic Area or Switzerland and you seek to exercise any of your statutory rights, you may also contact our Data Protection Officer by sending an email to firstname.lastname@example.org with the subject line DATA PROTECTION OFFICER.
If you are exercising any of your rights, you will not have to pay a fee, unless your request is clearly unfounded, repetitive or excessive, in which case we reserve our right to charge you a reasonably fee. Alternatively, we may refuse to comply with your request in such circumstances.
You may also lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.