Welcome to Faro Health Inc.!

Introduction and Overview

Faro Health, Inc. (“Company,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy describes how we collect, use and share information about you as well as your rights and choices about such collection, use and sharing, and applies to this website as well as the services offered by Company, whether via this website or a Company product (collectively, the “Services”).

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you reserve the right to not to use the Services. By accessing or using the Services, you implicitly agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. If you have any questions about our privacy practices, please contact us as set forth in the Contact Us section below.

Information Collection

We collect the following types of information from users of the Services.

1. Information You Provide to Company

We collect certain information you provide directly via the Services: Your contact information when you contact us by email, chat, telephone, or via a contact form. Professional information about you, including your employer. 

• Payment information when you subscribe to the Services. The content of your communications with us as necessary to provide you with the Services. Any information necessary to carry out Services offered to your employer.
• 
  

2. Information Collected Automatically

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

• Details of your use of the Services, including traffic data, logs, and other communication data and the resources that you access and use on the Services. Information about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data may include IP address, MAC address, device advertising ID (e.g., IDFA or AAID), and other device identifiers. The information we collect automatically helps us to improve the Services, including by enabling us to:

• Estimate our audience size and usage patterns. Store information about your preferences, allowing us to customize the Services according to your individual interests. Recognize you when you return to the Services. The technologies we use for this automatic data collection may include: Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, Services may not function as intended. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services. Flash Cookies. Certain features of the Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Services. Flash cookies are not managed by the same browser settings as are used for browser cookies. 
• Web Beacons. Pages of our website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). 
• 
  

3. Third-Party Sources of Information

We may receive your personal information from third parties for our sales and marketing purposes. We do not control third party collection or use of your information.

Use of Information

We use information that we collect about you or that you provide to us, including any personal information: To present the Services and its contents to you, including to provide customer support. To provide you with information, products, or services that you request from us. To fulfill any other purpose for which you provide it. If you have an account with Company, to provide you with notices about your account.  To carry out our obligations and enforce our rights arising from any contracts entered into between Service users and us, including for billing and collection. To notify you about changes to the Services or any products or services we offer or provide through it. To allow you to participate in interactive features of the Services. In any other way we may describe when you provide the information.

• For any other purpose with your consent. We may also use your information to contact you about our goods and services that may be of interest to you. If you do not want us to use your information in this way, please let us know at privacy@farohealth.com. We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, see Your Rights and Choices below.

Sharing of Information

We share information about you as follows: Service Providers. We may share your information with our agents, vendors and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as payment processing, credit checks, data analytics, marketing and promotional services, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes. Affiliates. We may share your information with our related entities, including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing and technical operations. Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing the Services, or engaging in joint marketing activities.  Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business. Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of Company, the Services or any third party. Consent. We may share your information for any other purpose disclosed to you and with your consent. Without limiting the foregoing, in our sole discretion, we may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see Your Rights and Choices below.

Your Rights and Choices

1. Review and Update of Account Information

You may access, update, or remove certain account information that you have voluntarily submitted to us through the Services by sending an email to us at privacy@farohealth.com. We may require additional information from you to allow us to confirm your identity.  Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents have additional rights as set forth in Your California Privacy Rights below.

2. Tracking Technology Choices

Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies, some parts of the Services may not function as intended.

3. Communications

You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at privacy@farohealth.com  with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of certain non-promotional emails, such as those about your account, transactions, servicing, or Company’s ongoing business relations with you.

Your California Privacy Rights

California law grants additional privacy rights to California residents. In particular, the California Consumer Privacy Act (“CCPA”) requires businesses to disclose, for the past 12 months, (i) the categories of personal information collected, (ii) the sources of the collected personal information, (iii) the purposes for which the collected personal information is used, (iv) the categories of personal information disclosed for a business purpose, and (v) the categories of any personal information sold. Company provides these disclosures in the following table. (Note that Company does not sell any personal information, even under the broad CCPA definition of a “sale.”)

Category	Sources of Collection	Purposes of Collection	Disclosures for a Business Purpose
Identifiers	Website visits, creation of accounts and registration for Company products and services	For customer registration, to enable Company to provide its products and services and to allow Company to communicate with you	To Company service providers to assist in providing Company products and services
Personal information categories listed in the California Customer Records statute	Registration to receive Company products and services	To enable Company to provide its products and services and to allow Company to communicate with you	To Company service providers to assist in providing Company products and services
Commercial information	Purchase of Company products and services	To provide Company products and services to customers and maintain purchase history	To Company service providers to facilitate delivery of products and services
Internet or other electronic network activity	Your browsing and search history on our website and other interaction with our website	To improve the visitor experience on our website, diagnose server problems and administer our website	To third-party analytics services providers for the purpose of enhancing our website and improving the effectiveness of our advertising

California residents also have the rights described below. We will not discriminate against any California resident who exercises these rights.  Right to access/know your information. You may request from us a list of (i) the personal information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your personal information. You have the right to up to two (2) access requests each twelve (12) months.

Right to delete your information. You may request, at any time, that we delete your information and direct our service providers to delete your information from their records. We are not required to delete any information that is necessary to provide our Services you have requested, to detect security incidents, or to comply with a legal obligation, among other limited exceptions. You may contact us to exercise these rights at privacy@farohealth.com. To ensure the privacy and protection of individuals, we are required to verify your identity (or that of your authorized agent) or otherwise authenticate your request(s), which we will do in accordance with the CCPA regulations. Please note that, under the CCPA, we are not required to grant a request to access/know or a request to delete with respect to personal information obtained from you in your role as an employee, owner, director, officer or contractor of a company and within the context of Company providing its services to such company.

Your European Privacy Rights 

If you are a resident of the European Union, you are entitled to certain information and have certain rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). Those rights include: 

• The right of access to your information.
• The right to rectify your information if it is incorrect or incomplete.
• The right to have your information erased (“right to be forgotten”) if certain grounds are met.
• The right to withdraw your consent to our processing of your information at any time (if our processing is based on consent).
• The right to object to our processing of your information (if processing is based on legitimate interests).
• The right to object to our processing of your information for direct marketing purposes.
• The right to receive your information from us in a structured, commonly used and machine-readable format, and the right to transmit your information to another controller without hindrance from us (data portability).

If you are located in the European Union and you are or have been a user of our services, we may send you marketing communications based on our legitimate interests, subject always to your right to opt out of such communications. Further, if you are located in the European Union, we will never share your information with a third party for such third party’s marketing purposes, unless you have specifically consented to us doing so.

You may contact us at privacy@farohealth.com to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your information.

Furthermore, if you believe that our processing of your information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.

For purposes of the GDPR, we are a “controller” and you are a “data subject.”

Visitors Outside the United States

Company is a U.S.-based company. If you are a non-U.S. resident and provide us with your personal information, you acknowledge and agree that your personal information may be transferred to and processed in the United States, where the laws regarding processing of personal information may be less stringent than the laws in your country. By providing your information, you consent to such transfer and processing. 

Children

The Services are intended for a general audience and are not directed to children under 13 years of age. Company does not knowingly collect personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe Company has collected such information in a manner not permitted by COPPA, please contact us at privacy@farohealth.com and we will remove such information to the extent required by COPPA.

Security

We have implemented measures designed to protect the confidentiality, integrity, and availability of your personal information.  Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to this Privacy Policy

We reserve the right to revise this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy and updating the “last modified” date above. Your continued use of the Services indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

Contact Us

If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us at privacy@farohealth.com.

Last updated: March 15, 2024