Last Update: 16 February, 2023
4845 Pearl East Circle
Boulder, CO 80303
What information do we collect?
We use your personal information to carry out the obligations arising from providing and improving the Site and Services. This section describes the types and categories of personal information we may collect, and how we may use that information.
Information you provide us directly
We collect personal information that you provide when you request a product demo, enter your information into online forms, create an account on and access, or otherwise use the Site and the Services. We use this personal information in a variety of ways, and this personal information includes the following:
- If you are an epiqar user, we collect certain information such as user names and passwords, and your mobile phone number when you create an account on the Service;
- If you sign up for a product demo, contact us with questions about our Services, or otherwise communicate with us, we may collect contact and business information from you, such as your first and last name, e-mail address, and one or more phone numbers;
- We also collect other types of personal information that you provide to us voluntarily, such as if you contact us via the Site or Service via email, or via chat.
Automatically collected information
When you use our Services, some information is collected automatically and is not provided directly by you. For example, when you access our Services, we automatically collect your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Services (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, the web site that you visited immediately prior to accessing our Services, the actions you take on our Services, and the content, features, and activities that you access and participate in on our Services. We also may collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message.
Cookies and Similar Technologies
How do we use personal information?
We collect personal information when you create an account on, and use our Services, and when also you correspond with us. We use your personal information for the following purposes:
- If you are an epiqar user, we use account information to enable authentication and authorization to ensure the security and protection of surgical, and other data. We use your phone number only for the purposes of enabling multi-factor authentication to further protect your account;
- We may also use the personal information you provide to contact you for sales and other communications, or to solicit feedback;
- We link this personal information to data about the way you use our Service and the pages you visit to help enhance, improve, operate, and maintain our Services, our platforms, websites, and other systems, and also to develop new products and services;
- To prevent fraudulent use of our Services and other systems;
- To prevent or take action against activities that are, or may be, in violation of our Master Services Agreement, or applicable law;
- To respond to your inquiries related to employment opportunities with us, or other general inquiries.
Legal basis for processing in the EU and the United Kingdom
If you are resident in the EEA, Switzerland or the United Kingdom, we need to inform you about the legal basis on which we collect and use your personal information. In the EEA, Switzerland, and the United Kingdom, the purposes for which we process your personal information are:
- Where we need to perform the contract we are about to enter into or have entered into with you for the Services;
- For the purposes of legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation in the EEA, Switzerland, and the United Kingdom.
The legal basis depends on the category of personal information being processed, and the purpose for that processing. The following table indicates each category of personal information we process, and the legal bases we rely on to do so. Where legitimate interest has been used as the legal basis for processing, the specific legitimate interest we use has been described.
Please contact us if you need details about the specific legal basis we are relying on to process your personal information where one or more legal bases has been indicated.
|Category of personal information
|Legal Basis for Processing
|Contact and account information
|The performance of a contract and to take steps prior to entering into a contract;
Our legitimate interests, namely, administering the Service, for marketing purposes and communicating with users.
|Usage and activity data when using the Site or Services
|Our legitimate interests, namely to understand the use of our Site and Services, and for product improvement purposes.
|Online Inquiries and Correspondence
|Legitimate interest, namely for marketing purposes and to respond to inquiries.
|Employee candidate information
|Legitimate interest, namely for considering your application for employment with us.
When do we share personal information?
- Our customers. If you are participating in surgical training provided by a medical device company or healthcare institution, that entity may use your information to formally document the training experience, or for their other educational or business purposes;
- Service Providers. We may disclose personal information to third-party service providers (e.g., web hosting providers and other SaaS providers) that assist us in our work. We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such personal information.
- Business Transfers. Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.
- To Protect our Interests. We also disclose personal information if we believe that doing so is legally required, or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of our Services and other users of the Services.
- To Comply with the Law: We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Please be aware that if you opt-out of receiving marketing email from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing email from us during that period. Additionally, even after you opt-out from receiving marketing messages from us, you will continue to receive administrative and transactional messages from us regarding your use of the Services.
Rights to access
If you wish to access or amend any other personal information we hold about you, you may contact us at firstname.lastname@example.org. If you request that we delete your personal information, we will do so within a reasonable period of time, but we may need to retain some of your personal information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
Links to external sites
The Services may contain links to other websites, products, or services that we do not own or operate. The Services also may contain links to Third-Party Sites such as social networking services. If you choose to visit or use any Third-Party Sites or products or services available on or through such Third-Party Sites, please be aware that this Policy will not apply to your activities or any information you disclose while using those Third-Party Sites or any products or services available on or through such Third-Party Sites. We are not responsible for the privacy practices of these Third-Party Sites or any products or services on or through them. Additionally, please be aware that the Services may contain links to websites and services that we operate but that are governed by different privacy policies. We encourage you to carefully review the privacy policies applicable to any website or service you visit other than the Services before providing any personal information on them.
How long do we keep your personal information for?
Aggregated and anonymized data that no longer identifies the user of the Services is maintained for the purposes necessary to provide the Services.
EEA, Swiss and UK privacy rights
If you are located in the EEA, Switzerland or the UK, you have the following Data Subject Access Rights with respect to your personal information that we hold:
● Right of access. You have the right to access the personal information that we hold about you;
● Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information we hold about you;
● Right to erasure. In certain circumstances, you may have the right to the erasure of your personal information we hold about you (for example where it is no longer necessary in relation to the purposes for which it was collected or processed);
● Right to restriction. You may have the right to request that we restrict processing of your personal information in certain circumstances (for example where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information);
● Right to portability. In some limited circumstances, you may have the right to portability which allows you to move, copy or transfer personal information from one organization to another;
● Right to object. You have a right to object to us processing your personal information when the processing is based on legitimate interests and also to stop us from sending you direct marketing;
● Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision that affects you based solely on automated processing. We do not perform any automated decision making and profiling.
If you wish to exercise one of these rights, please contact us using the information in the
What is our policy on children?
Children’s safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to users under the age of 18, and we do not knowingly collect personal information from children under the age of 18 without obtaining parental consent. If we learn that we have collected personal information from a child under the age of 18 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Services, please notify us at email@example.com.
Where do we store and process your personal information?
- International Transfers: Our servers and data centers are located in the United States (US), the European Union (EU), and the United Kingdom (UK). If you choose to use the Services from outside the US, then you should know that you may be transferring your personal information outside of your region and into the U.S. for storage and processing. We may also transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region. If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), then the countries we may transfer your data to, including the US, may not have data protection laws as comprehensive as those in the EEA, Switzerland, and the UK. To ensure your data is protected, and that we comply with the applicable data protection laws, we have implemented the following measures:
- Standard Contractual Clauses. We use the Standard Contractual Clauses (SCCs) for transfers of personal information to us, and also for transfer of personal information to third-party service providers. These clauses require the recipients to protect the personal information they receive in accordance with European data protection laws and regulations. Details of our use of SCCs can be provided upon request.
- Derogations. In certain circumstances we may transfer personal information based on the decorations contained in Article 49 of the General Data Protection Regulation (GDPR).
- Supplementary Messages. In addition to the SCCs, we may use contractual, technical and organizational measures to further protect your personal information.
- Adequacy Decisions. Where applicable, we may rely on adequacy decisions provided by the European Commission under Article 45 of the GDPR to transfer your personal information outside of the EU or UK.
Jurisdiction and Enforcement
For EEA, Swiss, and UK residents, you also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
California privacy disclosures
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California Customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes, subject to certain exceptions, as defined in California Civil Code Sec. 1798.83. In general, subject to certain exceptions, if the business has made such a disclosure of personal information, upon receipt of a request by a California Customer, the business is required to provide, free of charge, a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. California Customers may request further information about our compliance with this law by sending an email to
How do we secure your personal information?
To help protect your data, we use commercially reasonable steps to protect the data that we collect, including your personal information. The reasonable steps include protecting this data against accidental loss, unauthorized use, disclosure, and restricting access to personal information by our staff. The Services are hosted by a third-party hosting company that we have determined maintains adequate security controls and utilizes TLS encryption for all internet communication with the Services. We also require all staff that administer and develop the Services follow industry-standard controls, including strong passwords, the use of anti-virus and anti-malware software, disk encryption and other best practices.
We use various 3rd party processors to enable us to provide the Services, and as part of our vendor due-diligence, we review the security controls these processors have in place and ensure they meet industry standards appropriate for the type of data we collect.
You should keep in mind, however, that the Services utilizes software, hardware, and networks, which from time to time require maintenance and experience problems beyond our control. Note that no data transmission over the public internet or encryption method can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
Updates to this Policy