TheraTec Privacy Policy

Updated February 01, 2024

TheraTec, Inc. and its subsidiaries or affiliates (collectively, “We”, “Us”, “Our”, or “TheraTec”), are committed toprotecting the privacy and security of Our customers’ data.

Scope

This statement sets forth TheraTec’s Privacy Policy (“Privacy Policy”) and describes the practices that We will followwith respect to the privacy of the information of users of this website and its various webpages (“Sites”) and Our mobile applications (“Apps”). By visiting theratec.com and using TheraTec’s mobile application and services (collectively, the“Services”) you acknowledge that you accept the practices and policies outlined in this Privacy Policy. “You”, “your”, orsimilar terms refer to you as a user of the Services. We encourage you to review this Privacy Policy regularly to stay informed about Our information practices and the choices available to you. This policy applies to information We collect:

through the Services; and
via email, text, or other electronic messages between you and any employee or agent of TheraTec.

This policy does not apply to the actions of any company or entity that We do not control and to individuals who We do not directly employ or manage.

Some of the Services are provided using telehealth, which means that We use electronic communications to enable providers to exchange health and medical information from one site to the other for the purpose of treatment or patientcare. Before you use the Services, you will be asked to affirmatively provide informed consent for telehealth services. If you do not agree to this informed consent, you are not authorized to access the Services or use Our Sites, and you must promptly exit Our Sites or Apps.

As used in this Privacy Policy, the terms “using” and “processing” information may include, amongst other things, subjecting such information to analysis, using cookies or web beacons, and managing information in several ways, including but not limited to collection, storing, evaluating, modifying, deleting, using, combining, and/or disclosing.

TheraTec and its affiliated clinical entities are an Affiliated Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Some of the individually identifiable information We collect or that you provide to Us for the purposes of obtaining medical care may constitute PHI under HIPAA. PHI is subject to special protections under HIPAA. To the extent other state or local privacy and data protection laws apply to your data, We will comply with those requirements. Information that you provide directly to a physical therapist, or other clinician acting within the scope of their license in the provision of medical, physical therapy or professional physical therapy services is covered by the Notice of Privacy Practices for the affiliated healthcare professionals. The Notice of Privacy Practices does not apply to information not PHI. This Privacy Policy supplements the Notice of Privacy Practices for PHI. If there is ever any conflict between this Privacy Policy and the Notice of Privacy Practices, the Notice of Privacy Practices will apply.

Should you have any questions about this policy or Our practices, please send an email to privacy@theratec.com

Information Collection

TheraTec collects various types of information about you, as described below.

Contact Information: We may collect your name, e-mail address, phone number or other contact information. We mayalso collect information you provide to create an account such as your username and password.

Health Information: We may collect or access medical records from your past, current, and future health care providers. This may include information about your existing or past diagnoses, previous treatments, general health, laboratory or pathology test results and reports, social histories, family medical history, and records about phone calls or emails relatedto your health or test results. We ask you to provide personal information, including but not limited to: your name, address, telephone number, email address, and health information in connection with the use of Our products or Services.

Demographic Information: To better understand Our customers and offer products and services of interest to you, We may collect information from or about you that indicates your demographic information. Examples may include date of birth, age, gender, or geographic location (e.g., zip code).

Customer Service and Feedback: We may collect information from you when you request customer support or information from Us, provide feedback or reviews about your experience with Us or Our products, or otherwise communicate with or contact Us.

Location Information: We may collect or infer information about your location based on your zip code or IP address.

Site Usage and Device Information: We may collect information about your use of Our Services, including technical information about your device, browser or mobile carrier; usage information such as when you access the Services, for how long, and the websites you accessed before or after your use of the Services; and device identifiers and IP address. We may also capture information concerning your interaction with the Services.

You may choose not to provide Us with certain information, but that may result in Our inability to provide you access to the Services.

How We Collect Information

There are several ways We may obtain information about you:

(a) that you choose to share with Us when using Our Services and when you otherwise interact with Us
(b) that We collect automatically when you use Our Services

We collect information from you directly: We collect information when you use Our Services or otherwise interact with Us. This may include signing up for communications and registering for an account with Us. We may collect information when you use the Service.

We collect information automatically: We collect data about you using automated technology via Our Services. We use these technologies to improve Our Services and your experience, see which areas and features of Our Services are popular, and count visits. They also help Us understand information like access times, pages viewed, and links clicked. For more information about Our use of cookies and other tracking technologies, see the “Targeted Advertising and Analytics” section and the “Cookies” sub-section of the “Your Privacy Rights and Choices” section below.

Use of Information

We may use the information that We collect from and about you for a variety of business purposes, as noted below. We may combine personal and non-personal information collected by TheraTec about you and may combine this information with information provided by external sources, as well as information collected offline, and across other computers or devices that you may use.

We use information to communicate with you: We may use information to answer your questions and comments, including providing you with information about this Policy or Our Terms and Conditions. We may also use information to provide you with customer service. By using the Services you consent to and authorize TheraTec and its affiliates to disclose your eligibility for and participation in the Services among themselves and to others, such as: TheraTec senior management and administrators, and other users of TheraTec’s Services. By default, only your first name is shared, and you may choose to use a pseudonym instead of your real first name.

We use information so you can use Our products and Services: We may use information to process and fulfill orders, administer your account, including your care team to personalize your experience, and provide you with access to tools and services. We may use information to process your registration with Our Services so you can use Our features.

We use information to improve Our products and Services: We may use information to make Our Services better, such as by responding to your inquiries and sending you administrative communications; obtaining your feedback on Our Sites and Our offerings; statistically analyzing user behavior and activity; using machine learning, artificial intelligence, or other similar technology to analyze and process your content and information; providing Our users with more relevant content; and conducting research and measurement activities.

We use information to personalize the Services: We may use information to personalize your experience with us, including saving preferences or settings. This may include customizing the content you see or making it easier for you to log into your account, sending you personalized emails or secure electronic messages pertaining to your health information, or contacting you about the products and services We offer. In order to personalize the Services, We may analyze your preferences, information, and habits.

We use information for marketing purposes: We provide you with information about new products and special offers or promotions which may include advertisements for Our products and services that are tailored to you. We deliver content to you through various channels, such as email and phone number. If you wish to opt out of marketing emails, please see the “Your Privacy Rights and Choices” section below.

We use information to protect Our company and others: We use information to identify fraud and secure Our Services and systems to protect you and Our other customers.

We use information for other lawful purposes or as we may disclose to you.

Targeted Analysis

We engage others to provide analytics and perform related services across the web and in mobile apps. These entities may use cookies, web beacons, software development kits (“SDKs”), device identifiers, and other technologies to collect information about your use of Our Services and other website and mobile apps, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information allows Us to determine whether you have visited the Sites previously and save and remember any preferences that may have been set and statistically monitor how many people are using Our Sites and for what purpose. This information is used to analyze and track data, determine the popularity of certain content and better understand your activity. We may also make use of “persistent” or “memory based” cookies, which remain on your computer’s hard drive until you delete them. You can modify your browser to either accept all cookies, notify you when one is sent, or reject all cookies, but it may not be possible to utilize Our Services if you reject them. Web beacons are small pieces of code (also called pixels) that are embedded on the pages of websites and that can report your visit or use toa third party. We use web beacons to collect automatic information about Our visitors but not personal information. TheraTec may use these tools for the purposes of web analytics, marketing, and error management. You may modify your browser to prevent web beacons from collecting automatic information about you.

Disclosure of Information

We may disclose information We collect from and about you as follows:

We disclose information within Our family of companies: We may disclose information with the TheraTec family of companies, which includes all direct and indirect subsidiaries and affiliates of parent company TheraTec, Inc. and any future related companies.

We disclose information with service providers and other third parties we work with: We may disclose information with external companies who perform business, technical, professional, or marketing related services for Us. This also includes companies that help Us with fraud detection and Service operations. We may disclose information with data analytics vendors or market research companies. In some circumstances these entities may use your information for their own purposes.

We disclose information to comply with the law or to protect ourselves: We may disclose all categories of information to respond to a court order or subpoena. We will disclose information if a government agency or regulatory body requests it. This includes U.S. and non-U.S. law enforcement or regulatory authorities.

We disclose aggregate or anonymous information: We may disclose aggregate, anonymous, or de-identified information that cannot reasonably be used to identify you or via scientific research papers regarding Our Services.

Nondisclosure: We will not disclose your personal information for any other purpose unless you have authorized Us to do so.

Telephone Consumer Protection Act

TheraTec may provide you with notices, including those related to your enrollment or use of the Services, including but not limited to by email, postal mail, short message service (“SMS”), multimedia messaging service (“MMS”), text message, or other reasonable means now known or hereinafter developed. TheraTec will provide notice and request consent to receiving text messages at the point of collection for mobile phone numbers. By providing TheraTec with your telephone number, this gives TheraTec consent to send you text messages regarding your purchase(s), or for other non-telemarketing purposes, made by an automatic telephone dialing system.

You understand that you may receive email as part of using the Services, and while TheraTec encrypts all email communications, your email server may not guarantee encryption. If your email provider does not encrypt email, you accept the risk that some PHI could be acquired by someone else.

You understand that you may receive text messages (SMS) as part of using the Services. SMS messages are encrypted by TheraTec in transit to your cell phone provider, but cell providers do not guarantee encryption of SMS messages that are stored on your behalf. By using the Services you accept the risk that some PHI could be intercepted by someone else targeting your SMS communications.

Your Privacy Rights

Access, correction, deletion: Depending on where you reside, you may have the right to:

(1) request to know more about and access the personal information We collect, use, and disclose about you,
(2) request deletion of your personal information, and
(3) request correction of inaccurate personal information.

To request access, correction, or deletion of your personal information, please contact us at privacy@theratec.com. We may verify your request by asking you to provide information related to your recent interactions with Us, such as your name, email address, or phone number. If We deny your request, you may appeal Our decision by contacting Us atlegal@theratec.com. If you have concerns about the results of an appeal, you may contact the Attorney General in the state where you reside.

Opt Out: As described in the “Targeted Analytics” section above, We process personal information to understand and improve your experience with Our Services. Depending on where you reside, you may have the right to opt out. You can do so by navigating to the “Your Privacy Choices” link at the bottom of this page or by visiting Our Sites with a legally recognized opt-out preference signal enabled, such as the Global Privacy Control.

Nondiscrimination: We will not discriminate against you if you exercise your privacy rights.

Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of Our Sites.

Communication preferences: You may opt out of receiving promotional communications from Us by following the instructions presented at the time you sign up for them, as well as by following the instructions in those communications. If you opt out, We may still send you non-promotional communications, such as those about your account, relationship with Us, or Our ongoing business relations.

Data Protection

We exercise great care to protect your personal information through various administrative, technical and physical safe guards. This includes, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on Our systems. While We strive to protect your personal information, We cannot ensure or warrant the security of any information you transmit to Us or receive from Us while that information is in transit. This is especially true for information you transmit to Us via email since We have no way of protecting that information until it reaches Us since email does not have the security features that are built into Our Sites.

We limit Our employees’ and contractors’ access to personal information. Only those employees and contractors with specific business reasons have access to this information, and then may only access or use the minimum necessary for the task at hand. We educate Our employees about the importance of maintaining confidentiality of user information. We periodically review Our security arrangements and safeguards.

Your Responsibility in Your Data Protection

If you are using a TheraTec website or mobile application for which you registered, We recommend that you do not share your passcode with anyone. We will never ask you for your passcode in an unsolicited phone call or in an unsolicited email. Always remember to sign out of the TheraTec website and close your browser window when you have finished using the Services. This is to ensure that others cannot access your personal information and correspondence to Us if others have access to your computer or mobile device.

Age Restrictions

The TheraTec Sites and Services are not designed to be used by or intended to attract anyone under the age of 13.Individuals who We know are under the age of 13 will not be permitted to use the TheraTec Sites and Services and We will not collect their personal information. We do not share the personal information of consumers we know to be less than16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from the minor who is between 13 and16 years of age. If you are a parent or guardian and you are aware that your child who is under the age of 13 has provided Us with identifiable personal data, please contact Us. If We become aware that We have inadvertently collected data from children under the age of 13 without verification of parental consent, We will timely remove that information from Our servers to the extent permissible by law.

Do Not Track

Do Not Track is an optional setting that enables you to express your preferences regarding the collection of information about your online activities over time and across third-party websites. Your browser sends Do Not Track signals to the websites you visit expressing your preference not to be tracked. Because there is no industry-standard approach to responding to Do Not Track signals, We do not process or respond to Do Not Track signals.

Updates

As We continually update and improve Our Services, We may periodically make changes to this Privacy Policy. Or, We may modify this Privacy Policy to reflect new changes in laws or regulations. Accordingly, please check back and review this Privacy Policy periodically.

Additional Disclosures for Residents of California

If you are a resident of California, California law requires Us to disclose the following additional information with respect to Our collection, use, and disclosure of personal information. If you reside in California, this section applies to you and describes our data practices today and in the preceding 12 months. Please note that the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CPRA"), does not govern medical information or PHI that is collected by a covered entity or business associate that is governed by HIPAA. We collect the following categories of personal information: identifiers, demographic information, commercial information, internet or other electronic network activity information, audio and visual data, and inferences. For details about the precise data points, We collect and the sources of such collection, please see the “Information Collection” section above.

We collect personal information for the business and commercial purposes described in the “Use of Information” section above.

We disclose personal information for the business and commercial purposes described in the “Disclosure of Information” section above. Specifically, we have disclosed the following categories of personal information to the following categories of recipients:

Categories of Personal Information

Categories of Recipients

Demographic Information

Identifiers

Commercial Information

Internet or other electronic network activity information

Audio and Visual Data

Inferences

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Affiliates and subsidiaries, fraud prevention partners, credit-related entities, data analytics providers, marketing partners, payment and financing processors, fulfillment partners, customer support partners, Internet service providers, operating systems and platforms, customer feedback platforms, and cloud service providers.

Advertising and marketing networks, data analytics providers.

We retain personal information for as long as necessary to carry out the purposes for which We originally collected it and for other purposes described in this privacy policy.

We do not use or disclose sensitive personal information to infer characteristics about you.

We do not knowingly sell or share personal information about consumers under 16.

You have the right to opt out of sharing and sales at any time by navigating to the “Your Privacy Choices” link at the bottom of this page or by visiting Our Services with a legally recognized opt-out preference signal enabled, such as the Global Privacy Control. Please see the “Your Privacy Rights” section above for more information about your privacy rights and how to exercise them.

If you are submitting a rights request as an authorized agent, you are required to submit proof of your authorization to make the request, such as a valid power of attorney or proof that you have signed permission from the individual who is the subject of the request. Please do not provide any sensitive personal information in connection with the request, such as a driver's license or other government-issued ID. In some cases, We may be required to contact the individual who is the subject of the request to verify his or her own identity or confirm you have permission to submit this request. If you are an authorized agent seeking to make a request, please contact Us at legal@theratec.com.