Vestibular Technologies, LLC's
Privacy Policy

Please read this Privacy Policy carefully.

Privacy is very important to us. We also understand that privacy is very important to you. This Privacy Policy tells you how we protect and use information that we gather from you.

1. Summary

1.1 Vestibular Technologies, LLC needs to collect and process personal data in order to

1.2 This document sets out:

1.3 A summary of this policy is available.

1.4 This document will be updated from time to time in order to ensure compliance with data protection legislation.

2. Scope

2.1 This document applies to you if you have ever any interaction with Vestibular Technologies, LLC, its information, its products, its services, or any of its websites.

3. Related Documentation

3.1 A summary of this policy is available.

3.2 For more information regarding websites interactions and related privacy notices, see our Cookies Policy.

4. Glossary

4.1 Personal Data

4.1.1 According to the European Union General Data Protection Regulation (GDPR), "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2 Non-Personal Data

4.2.1 Non-personal data is information that does not identify you as an individual person. It may include information such as the following:

4.3 Cookie

4.3.1 A cookie is a small amount of data, which often includes a unique identifier, that is sent to your computer or mobile phone browser from a website's server and is stored on your computer's or mobile phone's hard drive. Each website can send its own cookie to your browser if your browser's preferences allow it, which the site can then access when you visit it again, for example to track online traffic flows. A website cannot access cookies sent by other websites.

4.4 Data Controller

4.4.1 A data controller determines the purposes for which and the manner in which any personal data are processed. In essence, this means that the data controller decides how and why personal data are processed.

4.5 Privacy Shield

4.5.1 EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union or Switzerland to the United States. US based organizations self-certify to the Department of Commerce and publicly commit to comply with the Frameworks' requirements, which is then enforceable under US law.

4.6 Protected Characteristics

4.6.1 Discrimination based on race, color, religion, sex, or national origin have been outlawed by the US Civil Rights Act of 1964 (Pub.L. 88-352, 78 Stat. 241, enacted July 2, 1964).

4.6.2 There are nine characteristics protected for example under the UK Equality Act 2010. They are: Age, Race, Sex, Gender reassignment, Disability, Religion or belief, Sexual orientation, Marriage or civil partnership, Pregnancy and maternity.

4.7 Special Categories of Data

4.7.1 The GDPR sets out "special categories" of data which have to be given additional protection. These comprise your racial or ethnic origin, religious beliefs, political opinions, trade union membership, genetics, biometrics (where used for ID purposes) physical or mental health, sex life and sexual orientation. Information about criminal offenses or criminal proceedings are treated similarly.

5. Policy

5.1 Who we are

5.1.1 Vestibular Technologies, LLC is the data controller in relation to the processing activities described below. This means that Vestibular Technologies, LLC decides why and how your personal information is processed.

5.1.2 Where this policy refers to "we", "our" or "us" below, unless it mentions otherwise, it is referring to Vestibular Technologies, LLC.

5.3.3 Where this policy refers to "The Information", unless it mentions otherwise, it is referring to any information provided to you by Vestibular Technologies, LLC.

5.1.4 Where this policy refers to "The Products", unless it mentions otherwise, it is referring to any products offered by Vestibular Technologies, LLC.

5.1.5 Where this policy refers to "The Services", unless it mentions otherwise, it is referring to any services offered by Vestibular Technologies, LLC.

5.1.6 Where this policy refers to "The Site", unless it mentions otherwise, it is referring to any of the following websites maintained by Vestibular Technologies, LLC:

5.2 What information do we collect about you and how do we collect it?

5.2.1 Information that you give to us

5.2.1.1 Whenever you contact us inquiring about The Information, The Products and/or The Services, whether by direct contact at trade shows, seminars or conferences, by phone, by email, by website or any other acceptable form of communication, we create a record in your name.

5.2.1.2 To this record, we add additional information that you give us. This information depends on the reason for contacting us and the method you use. They may include any or all of the following:

5.2.1.3 You may give us information about "special categories" of data, including your racial or ethnic origin, religious beliefs, physical or mental health, or sexual orientation. You might also give us information about your criminal convictions.

5.2.1.4 It is likely that you will give us further personal information when you start to use some of The Products and/or The Services. You will be given more information about what we do with your personal data when you start to use The Products and/or The Services.

5.2.1.5 We may also use a wide variety of sources either directly or via internet search engines, some on a subscription basis, to augment, update and validate the data we hold on you, as well as to help us identify individuals likely to have an interest in us, our products and services. These may include:

5.2.1.6 We do not obtain or buy lists of people from other organizations and we do not share or sell your information to other organizations.

5.2.1.7 We care about protecting the online privacy of children. We do not knowingly collect information from children or minors as defined by the US Children's Online Privacy Protection Act (16 CFR Part 312) or Article 8 of the GDPR. If you think that we have collected personal information from a child who, in its jurisdiction, is under the digital age of consent, please contact us using the information in Section 5.14.

5.2.2 Information that we automatically collect

5.2.2.1 We will store any written communication we send to or receive by you, independently on the mean by which such written communication was delivered.

5.2.2.2 We may record and monitor telephone or VOIP calls and/or other communications between you and us to make sure that we have carried out your instructions correctly and to help us improve our services to you.

5.2.2.3 We will automatically collect information about your interaction with The Site.

5.2.2.4 We will also add to your record any activities that you carry out on The Site.

5.2.2.5 We automatically collect technical information when you browse The Sites, including the details of your IP address, browser type, page last visited and other such information. For more information regarding websites interactions and related privacy notices, see our Cookies Policy.

5.2.2.6 We may also track emails we send to you to see which messages have the highest response rate and whether there are messages that "resonate" with particular groups of people. We do this by logging whether emails we send have been opened, deleted and interacted with (for example, by clicking on links within the emails). Although we only use this information to look at general patterns, it is still personal information because it is linked to your email address.

5.2.3 Information we receive from third parties

5.2.3.1 We may receive some information about you from third parties.

5.2.3.2 If you contact us or log in to The Site using your credentials from other websites, such as your Google or Facebook account, we will receive your information from that website. Refer to their privacy policy for what information they collect from you and how they treat it.

5.2.3.3 If you pay your invoices using third parties services, such as PayPal, we will receive your information from that website. Refer to their privacy policy for what information they collect from you and how they treat it.

5.3 How do we use your personal information?

5.3.1 We collect and process a broad range of personal data about you in order to deliver The Information, The Products and/or The Services to you, to manage our operations effectively, and to meet our legal requirements.

5.3.2 Because our products are classified as Medical Devices, they fall under legal obligations set forth by the appropriate regulatory agency in every jurisdiction. One common requirement is the fact that the manufacturer of any medical device (such as us) must know at all times who to contact in case the regulatory agency for the specific jurisdiction determines the medical device poses a safety and/or health risk.

5.3.3 Beside the aforementioned regulatory compliance, our legal basis for processing your personal data is that it is in our legitimate interests of maintaining a relationship with you. If you do not provide some of the information we need, then we may not be able to effectively provide you The Information, The Products and/or The Services you need or want from us.

5.3.4 Log files obtained from your interaction with The Site are used to analyze usage of The Site. We use the analysis to improve the content of The Site.

5.3.5 We will use your personal data to enforce this Privacy Policy.

5.3.6 We will use your personal data to protect our rights or property.

5.3.7 Detailed information on the purposes we use your information for in our educational portal (education.vestibtech.com) is provided in Appendix 1.

5.3.8 We will only transfer data within us on a "need-to-know" basis so that we can best provide you The Information, The Products and/or The Services you need or want from us.

5.3.9 We will contact you in connection with your interaction with us, The Information, The Products and/or The Services. We may also send you marketing information, or invite you to take part in research to improve The Information, The Products and/or The Services. If you do not wish to receive these communications, you can change your communications preferences by using the information in Section 5.14.

5.3.10 We use your data to communicate with you in person or via post, email, SMS, phone, digital channels or any other accepted form of communication about us, The Information, The Products and/or The Services. These can include:

5.3.11 We may use your details for the purposes of telephone campaigns. Our telephone campaigns are managed in-house, and we do not use external agencies. Our callers are our current employees and are paid for their work. If you would like to opt-out of receiving telephone calls, please use the information in Section 5.14.

5.3.12 If you contact us with a question, comment, compliment or complaint then we will keep a record of this correspondence and any associated documents so that we have the information available in the event of a follow-up, dispute or investigation.

5.3.13 If we make significant changes to our policies which may affect you, we will use your contact details to inform you of the changes.

5.3.14 When you make a payment to us, we will use your payment and contact details, payment amount and date of payment, to process that payment and take any follow-up administrative action needed (for example, sending a receipt).

5.4 How do we use your non-personal data?

5.4.1 Because non-personal information cannot identify you or be tied to you in anyway, there are no restrictions on the ways that we can use or share non-personal information. We are always looking for ways to better serve you and improve The Sites. We will use non-personal information from you to help us make The Site more useful to visitors. We also will use non-personal information for other business purposes. For example, we may use non-personal information or aggregate non-personal information to:

5.4.2 For more information regarding websites interactions and related privacy notices, see our Cookies Policy.

5.5 "Do Not Track" disclosures

5.5.1 Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track (DNT) signals, we do not honor DNT requests at this time.

5.6 Who do we share your information with?

5.6.1 We take very seriously data protection and safety.

5.6.2 We may share some of your personal data within our personnel in order to provide you with The Information, The Products and/or The Services you need or want from us. This sharing is done on a need-to-know basis only.

5.6.3 We might share some of your personal data with other people using The Information, The Products and/or The Services, for example when you participate in group activities on-line or on-site.

5.6.4 We may disclose your personal data to our third-party service providers and agents for the purposes of providing services to us, or directly to you on our behalf. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service. We will have a contract in place with such third party that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

5.6.5 If you are using The Information, The Products and/or The Services towards a qualification that leads to professional recognition we may share some personal data with the relevant professional body.

5.6.6 If we get acquired by another entity, your data will be transferred to the new entity. Their Privacy Policy will then supersede this policy and it will be the responsibility of the new entity to provide you with a copy of such Privacy Policy.

5.6.7 We may transfer your data to a third party if we ceases to exist and another organization offers to continue provide you with The Information, The Products and/or The Services you need or want from us.

5.6.8 We may also transfer your personal data if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our users. However, we will always aim to ensure that your privacy rights continue to be protected.

5.6.9 We do not share your personal data with any other organization for commercial purposes or profit.

5.6.10 More detailed information on who we share your personal information with in our educational portal (education.vestibtech.com) is available in Appendix 2.

5.7 Do we transfer information outside your country of origin?

5.7.1 Since our headquarters are located in the United States of America, information you provide to us is stored on our secure servers which might be located outside your country.

5.7.2 If we transfer your information outside your country, we will take steps to ensure that appropriate security measures are taken to protect your privacy rights as outlined in this policy. We adhere to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as well as the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CPBR) System that aim to ensure adequate protection. For example, all our server hosts have signed up to "Privacy Shield".

5.8 How long do we keep your personal information for?

5.8.1 If we collect your personal information the length of time we keep it for is determined by a number of factors including our purpose for using the information and our legal obligations.

5.8.2 We keep identifiable records only for as long as they have a legal or business purpose.

5.8.3 All records pertaining The Products shall be retained for a period of time equivalent to the design and expected life of The Products, but in no case less than 2 years from the date of release for commercial distribution by us (21CFR820.180).

5.8.4 We keep academic transcript data at least until your date of birth or age + 120 years, in order to provide references and verify your academic activity with us.

5.8.5 We keep some information relating to the module or qualification, and related queries and communications, until six years after you have completed the module or qualification, in order to inform our ongoing relationship with you, and in case it is necessary to establish, bring or defend legal claims.

5.8.6 We destroy some information within three years, where it does not have a longer term impact, and is not required for business purposes.

5.8.7 The log files obtained from your interaction with The Site may be kept in an aggregated and anonymized form for historical records.

5.8.8 It is good information management practice to destroy information when it becomes redundant. This ensures that retrieving current information is more efficient, and that redundant information is not retrieved in error because it still exists. Student data retention periods should be set taking good practice into account, as well as legal and regulatory requirements.

5.9 How are the personal data protected?

5.9.1 Security is very important to us. We also understand that security is important to you. We are committed to the data protection principles of good practice for handling information.

5.9.2 We take reasonable steps to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Your personal data are protected both online and off-line.

5.9.3 When The Site asks you to enter sensitive information, that information is encrypted and is protected with the best encryption software in the industry - SSL. While on a secure page of The Site, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just "surfing".

5.9.4 While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices except when we need to transfer it to third parties, for example to process your payments. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use password-protected workstations. They must re-enter their password to re-gain access to your information.

5.9.5 If your communication requests an email response from us, the e-mail response or confirmation may include your personal information, including personal information about your health, your name, address, etc. We cannot guarantee that our e-mails to you will be secure from unauthorized interception.

5.9.6 You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, e-mail may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

5.10 Users' use of personal data?

5.10.1 Users are not usually expected to collect or use personal data as part of their interaction with us, The Information, The Products and/or The Services you need or want from us, but if you need to do so you must immediately tell our Data Protection Officer, using the contact details in Section 5.14 of this document.

5.10.2 If you do need to process personal data, we will be the data controller for these activities as long as you have followed the advice in Paragraph 5.10.1 above. Otherwise, you will be the data controller for the personal data you process, and will be fully responsible for it.

5.11 Your rights

5.11.1 You have a number of rights in relation to your personal information. In order to exercise any of these rights, please contact us using the details in Section 5.14 of this document.

5.11.2 You have the right to:

5.11.3 In certain circumstances, you have the right to:

5.11.4 If you are concerned about the way we have processed your personal information, you can complain to the Data Protection Officer, using the contact details in Section 5.14 of this document.

5.12 Roles and responsibilities

5.12.1 Vestibular Technologies, LLC Manager is the Information Owner for us.

5.12.2 Vestibular Technologies, LLC Data Protection Officer is the responsible party for maintaining and implementing this Privacy Policy.

5.12.3 Vestibular Technologies, LLC Quality Assurance Manager is responsible for monitoring the implementation of this Privacy Policy.

5.12.4 It is the responsibility of each member of Vestibular Technologies, LLC to ensure they comply with this policy in relation to their own interaction with the personal information we collect.

5.12.5 You are required by regulatory agencies to notify us of any changes in ownership or contact information for the registered owner of any and all of our products you own or use so we can update our records and comply with our legal obligations.

5.12.6 You also need to notify us of any changes in contact information so we can keep providing you with The Information, The Products and/or The Services you need or want from us.

5.12.7 By using The Site, you agree to the terms of this Privacy Policy. Please read our Terms of Use to understand the general rules about your use of The Site. Except as may be written in any other disclaimers, policies, terms of use, or other notices on this website, this Privacy Policy and the Terms of Use are the complete agreement between you and us with respect to your use of The Site. You may be subject to additional terms that may apply when you access particular services or materials on certain areas in The Site, or by following a link from The Site.

5.12.8 The Site may contain links to other websites operated by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. This Privacy Policy does not apply to any website owned by, or operated by, third parties. We are not responsible for the performance of websites operated by third parties or for your business dealings with them. Therefore, whenever you leave The Site and visit a website of a third party, we recommend that you review each website's privacy practices and make your own conclusions regarding the adequacy of these practices.

5.13 Maintenance of policy

5.13.1 This Privacy Policy and the compliance with the policy, will be reviewed every at least 3 years.

5.13.2 Reviews will also be performed at such time when there is the need to ascertain if amendments to the policy in its entirety or to any of its components are required due to changing legislation or business requirements.

5.14 Contact us

5.14.1 Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using the contact details below.

Email:        data protection email
Telephone: +1 (307) 637-5711
Address:     Vestibular Technologies, LLC
                   205 Rd. 128A Ste. 200
                   Cheyenne WY 82007-1831
                   U.S.A.
                   Attn.: Data Protection Officer

5.14.2 You can update your contact preferences when you sign into The Site, by using any unsubscribe options available in communications we send you, or by contacting us.

5.15 Appendix 1: How do we use your personal data in our educatiol portal?

5.15.1 Activities relating to your contract with The Site

5.15.1.1 The following data processing activities are necessary for the contract we have with you They include:

5.15.2 Activities relating to our public task of delivering information to you

5.15.2.1 Some of our data processing activities are necessary for our public task. These include improving the study experience and the quality and delivery of teaching and learning. This includes educational research, market research, and engaging users in quality enhancement activities. We may use depersonalized data to inform these activities and we will ask you for feedback when you complete learning activities. We may also ask you to take part in specific research activities, or engage outside research agencies to do so on our behalf. We may use data you have provided to us regarding your ethnic origin, disability or other special category data in order to identify groups for formal feedback and analyze responses.

5.15.2.2 We may also contact you to find out if you are interested in taking part in other areas of research. If you do not want to be contacted to take part in any research activities, please let us know using the details given in Section 5.14.

5.15.2.3 We may also make recording of study events, e.g. online tutorials and face to face tutorials.

5.15.3 Information we process in our legitimate interests

5.15.3.1 We may use and process your personal information where it is necessary for us to pursue our legitimate interests for the following purposes:

5.16 Appendix 2: Who do we share your personal data with in our education portal?

5.16.1 Where we have a legal obligation to share data

5.16.1.1 We might share your data with regulatory agencies in your country if required to show proof of completion of qualification studies.

5.16.2 Where we share data as part of our public task of offering Professional Development and Continuing Education qualifications

5.16.2.1 We may ask you if you would be willing to take part in educational research carried out by other organizations.

5.16.3 Where we share data as part of your contract to use some of The Services

5.16.3.1 If your fee or part of your fee is paid by sponsorship, information may be released to your sponsor organization, including your name, module details and module result. If we have a corporate contract with your employer, we may also share information about your participation in study activities and events.

5.16.3.2 If you are studying a qualification or program that leads to professional recognition we may share some information with the relevant professional body.

5.16.4 Sharing under other legal bases

5.16.4.1 We will provide academic references and confirmation of study to prospective employers and to your local authority or council, with your consent.

5.16.4.2 We will share information with the emergency services where there is an emergency situation such as illness or serious injury, where this is in someone's vital interest.

5.16.4.3 We will share information with the police and other agencies where necessary for the prevention and detection of crime.

5.16.5 Third party suppliers and service providers

5.16.5.1 We use third party suppliers and service providers for a number of activities, from printing desk records and providing IT systems, to providing venues for learning events, and as agents for contacting international students and conducting market research. It is in our legitimate interest to use third party suppliers to maintain cost effective and efficient operations.

5.16.5.2 When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service. We have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

horizontal line

Effective Date: May 1, 2018