OUR PRIVACY OBLIGATIONS
THE TYPES OF PERSONAL INFORMATION WE COLLECT AND HOLD
We collect personal information about our users in order to provide our products, services, and customer support. Our products, services, and customer support are provided through many platforms including, but not limited to: websites, phone apps, email, and telephone. The specific platform and product, service, or support you interact with may affect the personal data we collect.
HOW WE COLLECT PERSONAL INFORMATION
Information that you specifically give us
While you use our products and services you may be asked to provide certain types of personal information. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings.
We may request, collect, or process the following information:
- Account Details - password
- Contact Details - email address, phone number
- Location Details - physical address, billing address, time zone
- Identity Details - full name, proof of identity (e.g., drivers license, passport), proof of address (e.g., utility bill)
- Financial Information - credit card details, wire transfer details, payment processor details (e.g., Stripe, Skrill, PayPal), tax numbers
- User Generated Content - transaction descriptions, transaction attachments
Information we collect as you use our website
We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform, such as when a user has viewed a page or clicked a button.
When we are contacted, we may collect personal information that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used.
We may collect or process the following (mostly non-PII) information:
- Metadata - IP address, computer and connection information, referring web page, standard web log information, language settings, time zone, etc.
- Device Information - device identifier, device type, device plugins, hardware capabilities, etc.
- Actions - pages viewed, buttons clicked, time spent viewing, search keywords, etc.
Links to other sites
We may share your Personal Data with payment processors and other third-party service providers that assist us in the operation of our services as needed to fulfill your orders, conduct quality assurance testing, facilitate creation of accounts, provide technical support; and/or provide other services to SAM Medical. For example, SAM Medical has implemented Shopify’s ecommerce platform within the site. Your use of the site is subject to, and SAM Medical hereby incorporates by reference, Shopify’s Terms of Service, located at https://www.shopify.com/legal/terms, as such policy may be amended by Shopify from time to time.
HOW WE USE PERSONAL INFORMATION
The information we request, collect, and process is primarily used to provide users with the product or service they have requested. More specifically, we may use your personal information for the following purposes:
- to provide the service or product you have requested;
- to facilitate the creation of SAM Medical Agreements;
- to provide technical or other product support to you;
- to answer inquiries about our services, or to respond to a complaint;
- to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications);
- to allow for debugging, testing and otherwise operate our platforms;
- to conduct data analysis, research and otherwise build and improve our platforms;
- to comply with legal and regulatory obligations;
- if otherwise permitted or required by law; or
- for other purposes with your consent, unless you withdraw your consent for these purposes.
The lawful processing grounds on which we will use personal information about our users are, but are not limited to:
- when a user has given consent;
- when necessary for the performance of a contract to which the user is party;
- processing is necessary for compliance with our legal obligations;
- processing is necessary to protect the vital interests of our users or of another natural person;
- processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users.
WHEN WE DISCLOSE PERSONAL INFORMATION
To other parties in your transactions
We may disclose your personal information to third parties that participate in a transaction with you, including, but not limited to:
- counter parties,
- distributors; and,
- affiliates involved in origination of the transaction.
Our third-party service providers
The personal information of users may be held or processed on our behalf outside Australia, including in the cloud, by our third-party service providers. Our third-party service providers are bound by contract to only use your personal information on our behalf, under our instructions.
Our third-party service providers include:
- Cloud hosting, storage, networking and related providers
- SMS providers
- Payment and banking providers
- Marketing and analytics providers
- Security providers
- Chat providers
- Email providers
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
- If necessary to provide the service or product you have requested;
- If we receive court orders, subpoenas or other requests for information by law enforcement;
- If otherwise permitted or required by law; or
- For other purposes with your consent.
As we are a global company, with representatives around the world, your personal information may be processed by staff in any of our offices. SAM Medical currently has representatives in The United States of America, Germany, and Canada.
ACCESSING OR CORRECTING YOUR PERSONAL INFORMATION
You have the right to request access to the personal information SAM Medical holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time, and without unreasonable expense or for no charge. Most personal information can be accessed by logging into your account. If you wish to access information that is not accessible through the platform or wish to download all personal information we hold about you in a portable data format, please contact our Privacy Officer.
You also have the right to request the correction of the personal information we hold about you. If you require assistance, please contact our customer support at firstname.lastname@example.org.
EXERCISING YOUR OTHER RIGHTS
You have other rights in relation to the personal data SAM Medical holds about you, however, there may be restrictions on how you may exercise the rights. This is largely due to the nature of the products and services we provide. Much of the data we collect is to facilitate contracts between users, facilitate payments, provide protection for the legitimate users, and meet our legal obligations. These data uses are protected against the rights below.
You have the right to:
- opt-out of direct marketing, and profiling for marketing;
- erasure; and
- temporary restriction of processing.
Direct marketing and profiling - users can unsubscribe by following the link included at the bottom of each email.
Erasure - In the case of non-personal data that can be linked with personal data, it will either be erased or otherwise anonymized from the personal data.
Temporary restriction to processing - under certain circumstances you may exercise this right, in particular if you believe the personal data we have is not accurate, or you believe that we do not have legitimate grounds for processing your information. In either case, you may exercise this right by contacting our Privacy Officer.
Unless stated above, users may exercise any of the above rights by contacting our Privacy Officer.
DATA STORAGE CONTROLS
SAM Medical and its third-party cloud storage providers store customer personal information in secure and protected networks. Data is encrypted in storage and in transit to ensure complete protection of data being stored.
YOUR DATA PROTECTION RIGHTS (EUROPEAN ECONOMIC AREA)
If you are located in the EEA, you may have the following additional rights to:
- Request access to and receive information about the personal information we maintain about you, to update and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place. Please click here for contact information for such authorities.
- Withdraw any consent you previously provided to us regarding the processing of your personal information, at any time and free of charge. We will apply your preferences going forward, and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as described under “To Contact Our Privacy Officer” below.
TO CONTACT OUR PRIVACY OFFICER
If you have an inquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:
Attn: Privacy Officer
27350 SW 95th Ave, Suite 3038
Wilsonville, OR 97070
For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).
While we endeavor to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above.
We will acknowledge your formal complaint within 10 working days.