PRIVACY POLICY

Effective Date: May 17, 2021

INTRODUCTION

NovApproach Spine, LLC respects your concerns about privacy. For purposes of this Privacy Policy (“Privacy Policy”), the terms “we,” “us,” “our” and “NovApproach” refer to NovApproach Spine, LLC, and “you” and “your” refers to you, as an Individual. We will use our best efforts to ensure that the information you submit to us is used only in accordance with the terms of this Privacy Policy. This Privacy Policy applies only to all information collected or submitted to us from Individuals or originating from the EU.

For purposes of this Privacy Policy:

Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

EU” means the European Union and Iceland, Liechtenstein and Norway.

Individual” means any natural person who is located in the EU.

Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable Individual, (ii) received by NovApproach in the U.S. from the EU, and (iii) recorded in any form.

Privacy Shield” means the EU-US Privacy Shield Framework.

Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.

Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the Individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

WHAT TYPES OF PERSONAL DATA WE COLLECT

We collect and process the following types of Personal Data:

  • Information we receive from our customers, vendors and consultants, such as account numbers and information relating to billing and payments;
  • Information we receive when you participate as a patient in a study we are sponsoring, such as your name, email address, phone number, physical address and any Sensitive Data you provide to us;
  • Information we receive from our clinical investigators and their staff as well as medical and healthcare professionals, such as contact information, occupation and employer, qualifications and debarment status;
  • Information we receive when you communicate with us through email, such as your name and e-mail address;
  • Information we receive from your use of any of our Internet portals, such as the Internet address (IP address) of the computer or device you use to access our portal, the type of browser you use and the times you access our Website; and
  • We may also collect information by using “Cookies.” “Cookies” are small files that your web browser places on your computer’s hard drive.

HOW WE USE PERSONAL DATA

We use Personal Data:

  • To fulfill orders for products or services we provide, conduct product and service surveys, and to handle customer complaints and inquiries;
  • In order to carry out the applicable research studies and other study-related services we are conducting;
  • To respond to your requests, and contact you regarding our products or services; and
  • To make disclosure under the requirements of any applicable law and to comply with legal process or in response to lawful requests from public authorities, including meeting national security, public interest or law enforcement requirements.

WITH WHOM AND WHY WE SHARE PERSONAL DATA

We will not sell your Personal Data to anyone, for any purpose. We share your Personal Data:

  • With Processors acting as our agents who are performing study-related tasks, such as study data management and clinical research monitoring, but only if such Processors meet the requirements described under the Section below titled OUR LIABILITY FOR ONWARD TRANSFERS;
  • In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other regulatory or public authorities in response to lawful requests, including, meeting national security or law enforcement requirements; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion; and
  • If NovApproach (or substantially all of our assets) is acquired, your Personal Data would be transferred along with the other business assets as permitted by law, which remain subject to this Privacy Policy and the Privacy Shield Principles.

YOUR CHOICES TO LIMIT USE AND DISCLOSURE OF YOUR PERSONAL DATA

When NovApproach directly collects your Personal Data, we generally offer you the opportunity to choose whether your Personal Data may be (i) disclosed to third-party Controllers, or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by you.

To the extent required by the Privacy Shield Principles, we will obtain opt-in consent for certain uses and disclosures of Sensitive Data. You may contact us as indicated below regarding our use or disclosure of your Personal Data. Unless NovApproach offers you an appropriate choice regarding the use of your Personal Data, NovApproach will only use your Personal Data for purposes that are materially the same as those indicated in this Privacy Policy except (i) as otherwise required by applicable law or legal process, or (ii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.,

YOUR RIGHTS TO ACCESS YOUR DATA

You have the right to access your Personal Data that we collect as a Controller by contacting us at the address provided below. We will provide you with copies of your Personal Data once we verify your identity. In addition, you can request us to correct, amend, or delete your Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of other persons would be violated. To access your Personal Data, you can contact us electronically at dataprotection@tuilfspine.com or by writing via postal mail at the following address:

NovApproach Spine, LLC
13900 Tech City Circle, Suite 300,
Alachua, FL 32615

PARTICIPATION IN PRIVACY SHIELD

NovApproach adheres to the EU – US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data from European Union member countries to the United States. NovApproach has certified to the Department of Commerce that it adheres to and will abide by the Privacy Shield Principles and will subject to the Privacy Shield Principles all Personal Data received from the EU in reliance on the EU-US Privacy Shield Framework. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-US Privacy Shield Framework and the Privacy Shield Principles please visit http://www.privacyshield.gov and to view NovApproach certification, please visit https://www.privacyshield.gov/list.

ENFORCEMENT BY THE FTC

By participating in the Privacy Shield, NovApproach is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regards to our compliance with the Privacy Shield and the Privacy Shield Principles.

OUR LIABILITY FOR ONWARD TRANSFERS

We require third-party Controllers to whom we disclose your Personal Data to contractually agree to (i) only process such Personal Data for the limited and specified purposes consistent with the consent you provide; and (ii) provide the same level of protection to your Personal Data as required under this Privacy Policy and the Privacy Shield Principles; and (iii) notify us if the third-party Controller makes a determination that it can no longer meet the foregoing obligations.

In addition, when we transfer your Personal Data to a third party Processor acting as our agent, we will:

  • transfer such Personal Data only for the limited and specified purposes consistent with the request or consent you provide;
  • contractually require the Processor to provide at least the same level of privacy protection as is required by this Privacy Policy and the Privacy Shield Principles;
  • take reasonable and appropriate steps to ensure that the Processor effectively processes your Personal Data in a manner consistent with our obligations under the Privacy Shield Principles;
  • require the Processor to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the this Privacy Policy and the Privacy Shield Principles. Should we receive any such notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

We shall remain liable should our Processors process Personal Data in a manner inconsistent with the Privacy Shield Principles and this Policy, unless we can prove we are not responsible for the event giving rise to the damage. We acknowledge our liability for such data transfers to third parties in violation of this Privacy Policy.

SECURITY

NovApproach takes reasonable and appropriate measures to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We restrict access to your Personal Data to our employees who need to have access to the information to as necessary to enable us to use it as permitted above. We use physical, electronic, and procedural safeguards that comply with applicable federal regulations to protect your Personal Data.

CHILDREN

We do not knowingly collect any Personal Data from children. We ask that minors (under the age of 18) do not submit any personal information to us, order any products or services from us, or attempt to use any of our Internet portals under any circumstance. We do not knowingly collect information from children under 13 years of age or have any reasonable grounds for believing that children under the age of 13 are accessing our Internet portals or using our products or services. If we learn that we have inadvertently collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under age 13, please contact us.

DATA INTEGRITY AND PURPOSE LIMITATION

The Personal Data that we collect is limited to the specific information that is relevant for the purposes of processing consistent with the request or consent you provide and for which we are collecting. We will not process any Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current and will adhere to the Privacy Shield Principles for as long as we retain such information.

Your Personal Data will generally be retained in a form identifying you or making you identifiable only for as long as it is required for the processing consistent with the request or consent you provide. Notwithstanding the foregoing, we may process your Personal Data for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing shall be subject to the other Privacy Shield Principles.

DISPUTE RESOLUTION

In compliance with the Privacy Shield we commit to resolve complaints about our collection or use of your personal information. Residents of the EU who believe that their Personal Data has not been processed in compliance with the Privacy Shield Principles may raise their complaints by employing the following procedures:

First contact us directly using the contact details provided below and we will respond to your complaint within 45 days of receipt.

NovApproach Spine, LLC
13900 Tech City Circle, Suite 300,
Alachua, FL 32615

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus (“BBB“). The BBB is a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through the above methods, as a last resort and under limited circumstances, a binding arbitration process option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield’s binding arbitration scheme please see http://www.privacyshield.gov/article?id=My-Rights-under-Privacy-Shield.

Compliance

NovApproach Spine’s culture embraces a commitment to serving patients. NovApproach Spine is committed to the highest standards of conduct in all our operations. This includes complying with all relevant US laws and regulations, and promoting ethical behavior on the part of all our employees. Our Corporate Compliance program is integral to ensuring we conduct all business activities with integrity and in accordance with applicable guidelines, rules and regulations.

Every NovApproach Spine team member is responsible for ensuring that our reputation remains strong. Together we foster a culture in which compliance with our policies and adherence to our core values drives our everyday business activities.

NovApproach Spine consistently strives to deal with stakeholders in the most fair and ethical manner possible. We provide multiple channels for reporting concerns regarding ethical interactions with health care professionals and suspected instances of violations of law or improper conduct in the company. The company has implemented non-retaliation and confidentiality policies to encourage and protect colleagues who raise a valid concern.

Should you have questions or concerns about an ethics and/or compliance issue, or have questions about our compliance program, please send an email to christopher.gingras@medcompli.com.

California Compliance Program Declaration

As part of our continued efforts in the area of compliance, we have developed a Comprehensive compliance Program (CCP) that is reasonably designed to prevent and detect violations of our business principles. To the best of our knowledge, and based on our good faith understanding of the statutory requirements, we have established a CCP compliant with requirements of Chapter 8 to Part 15 of Division 105 of California’s Health and Safety Code. We have developed a CCP tailored to the size, organizational structure and resources of the company, and implemented our CCP to meet the compliance goals set forth by the State of California. We regularly reassess the program to improve it, and it is possible that we will make further adjustments aimed at improving the effectiveness of our CCP in the coming year.

While California Health and Safety Code §§ 119400‐119402 makes reference to compliance with the Pharmaceutical Research and Manufacturers of America’s Code on Interactions with Healthcare Professionals (“PhRMA Code”), NovApproach Spine manufactures medical devices rather than pharmaceutical products. Therefore, NovApproach Spine determined that it was more appropriate for the company instead to adopt policies and procedures consistent with the AdvaMed Code of Ethics on Interactions with Healthcare Professionals (“AdvaMed Code”).

Elements of the NovApproach Spine Compliance Program

  • Written Standards
  • Annual Aggregate Promotional Spending Limit of $2,500 that excludes permissible items specified in statute such as educational materials that benefit patients.
  • Compliance Program Infrastructure with a Designated Compliance Professional
  • Education & Training
  • Open, Internal Lines of Communication for the Reporting of Issues
  • Auditing & Monitoring
  • Corrective Action Procedures

HOW TO CONTACT US

We welcome comments and questions on this Privacy Policy. As stated above, we are dedicated to protecting your privacy, and we will make every reasonable effort to keep your information secure. If you have any questions or comments about this Privacy Policy you can contact us electronically at inquiry@novapproachspine.com. Additionally you may contact us by writing via postal mail at the following address:

NovApproach Spine, LLC
13900 Tech City Circle, Suite 300,
Alachua, FL 32615