Nox Connect Privacy Notice
Nox Connect Services Privacy Notice for Customers and Authorized Users
Last Updated: February 6th, 2025
Overview
In this Privacy Notice,“we”, “us” or “Nox” refers to either :
- Nox Medical, LLC, a Georgia limited liability company with its principal place of business at 100 Kimball Place, Suite 100, Alpharetta, GA 30009; or
- Nox Medical Canada, Inc. a company registered in Ontario, Canada with its registered office at 1010 Polytek Street, Unit 13, Ottawa, Ontario, Canada, K1J9H9; or
- Nox Medical ehf, a company registered in Iceland, with its registered office at Katrínartún 2, 105 Reykjavik, Iceland;
based on the Nox entity identified in the Order Form or the Nox authorized distributor agreement by which you ordered Nox Connect.
We take the protection of your personal data very seriously. This Privacy Notice (“Notice”) applies to Nox Connect customers and their authorized users (“end users”) of Nox Connect. This notice does not apply to Nox Connect customers’ patients.
Scope
When used in this Notice, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual and includes “personal data” or “personal information” as defined in applicable data protection laws. Data that cannot be associated with you, such as aggregated, de-identified, or anonymized information (“Anonymous Information”), is not personal data. Nox commits to keep Anonymous Information in its de-identified state, and will make no efforts to re-identify such data.
This Notice describes how Nox Connect processes personal data (collects, uses, shares, stores, transfers, retains and deletes) in accordance with applicable data protection legislation, including, but not limited to the provisions of the European General Data Protection Regulation “GDPR,” the California Privacy Rights Act “CPRA,” Canada’s Personal Information Protection and Electronic Documents Act “PIPEDA,” and Australia’s Privacy Act. This Notice provides you with an overview of the processing of your personal data by us, and outlines your rights regarding the processing of your personal data.
Nox may modify this Notice at any time effective upon its posting. Your use of our Nox Connect is subject to the applicable Terms of Use.
Personal Data Processing Summary
The table below provides you with details about the information we collect, how we obtain that information, how it is used, who it is shared with and how long we keep it. Please see the subsequent sections for further explanation about Nox’s data processing activities.
|
Categories of personal data processed |
Sources of personal data |
Purpose(s) of processing personal data
*EU legal bases for processing personal data |
Categories of third parties to whom we disclose | Retention of personal data |
| Personal identifiers:
Personal contact details such as name, business affiliation and related business contact information |
Directly or indirectly from you [x] Customers [x] End Users From third parties |
Security measures and complying with health and safety obligations Business purposes/ *legitimate business interests Compliance/ *legal obligation |
Professional services consultants Security vendors IT vendors Professional service providers, including external auditors |
For the duration of the relationship + 7 years |
| Device and Online Identifiers:
Account login information, Mac address, IP address, cookie IDs, mobile ad IDs, and social media information |
Directly or indirectly from you
[x] Customers [x] End Users |
Security measures and complying with health and safety obligations
Business purposes/ *legitimate business interests |
Professional services consultants
Security vendors IT vendors Professional service providers |
3 years |
| Internet or other similar network activity:
Information collected through cookies and similar technologies when using Nox Connect Analytics on usage of the Nox Connect Platform |
Directly or indirectly from you
[x] Customers [x] End Users |
Business purposes/ *legitimate business interests
Compliance/ *legal obligation |
IT vendors Security vendors Professional service providers, including external auditors |
3 years |
| Business and Commercial information:
Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
Directly or indirectly from you
[x] Customers [ ] End Users |
Business purposes/ *legitimate business interests | Professional service providers | The duration of the relationship + 3 years |
|
Sensory data:
Audio, electronic, visual, thermal, olfactory, or similar information. Photographs, video conferencing recordings, CCTV recordings, telephone calls, communications over electronic channels and applications
|
Directly or indirectly from you [x] Customers [x] End Users From third parties |
Business purposes/ *legitimate business interests
Compliance/ *legal obligation |
IT vendors Security vendors Professional service providers |
3 years
|
| Professional or employment-related information:
Title and role within your organization |
Directly from you [x] Customers [x] End Users From third parties |
Business purposes/ *legitimate business interests Compliance/ *legal obligation
|
IT vendors Security vendors Professional service providers |
For the duration of the relationship + 7 years |
|
Education Information: Degrees earned |
Directly or indirectly from you [ ] Customers [x] End Users From third parties |
Business purposes/ *legitimate business interests
Compliance/ *legal obligation |
IT vendors Security vendors Professional service providers |
For the duration of the relationship + 7 years |
| Sensitive personal data or CPRA “sensitive personal information” collected:
None |
|
Connections to Healthcare Institutions
To use Nox Connect, you must have an account with a healthcare institution that uses NoxConnect products. Your use of Nox Connect with that healthcare institution may be subject to that healthcare institution’s policies and terms. You understand that while connected or attempting to connect to a healthcare institution’s system, the healthcare institution may collect, store, process, maintain, upload, sync, transmit, share, disclose, and use certain data and related information, including but not limited to information or data regarding the characteristics or usage of your device, system and application software, and peripherals as well as your personal information, location data, and other content.
Please contact your employer or other entity that provides your access to Nox Connect if you have any questions about their policies or terms.
Who Your Personal Data is Shared With
Nox shares your personal data with external parties in order to fulfill the above-mentioned purposes, if we are legally obliged to do so, or if you have given your consent for us to share your personal data.
External recipients include service providers that are carefully selected and process your personal data exclusively for the purposes specified by us and in accordance with our instructions.
External recipients may include:
- Professional services consultants
- Data analytics services
- Security vendors
- IT vendors
- Third parties involved in legal and compliance activities
How Long Your Personal Data is Retained
Your personal data is retained for as long as it is required for the purposes mentioned above or to comply with applicable regulations.
How We Protect Your Personal Data
The security of your information and data while using our Applications is very important to us. Our Applications employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.
In addition, healthcare organizations with whom you connect may use a variety of physical, administrative, and technical measures to protect your personal information.
Please see our Trust Center: https://trust.noxhealth.com/ for more information on our security practices.
International Transfers of Personal Data
Nox Connect stores data on servers located where personal data was initially collected. Some of our service providers have servers that are located outside of the region where your data was collected, and therefore your personal data may be transferred to and accessible from countries outside of your country of origin.
Transfers of EU personal data to the US are subject to the EU Standard Contractual Clauses pursuant to Article 46 (2) (c) GDPR. Please contact us via our contact details below to obtain a copy of the relevant standard contractual clauses.
Your Data Subject Rights
Upon request, Nox will provide you with a copy of personal data we hold about you, correct your personal data, or delete your personal data. You may also object to processing of your personal data or opt-out of automated decision making processes.
Please note, pursuant to the law, certain personal data is exempt from the above requests.
To exercise your rights, use our online form, email us at privacy@noxmedical.com, or call +(354) 570 7170.
or call +(354) 570 7170
We may request additional information from you, if necessary, to verify your identity or find your unique records in our systems. If you are the authorized representative making an access, correction or deletion request, we must take steps to verify your authority. This will require you to provide written proof of your authority.
We respect your right to privacy, and will not take any negative actions against you for asserting your rights.
You may also lodge a complaint with your local supervisory authority.
Australia:
https://www.oaic.gov.au/privacy
Canada Office of the Privacy Commissioner:
https://www.priv.gc.ca/en/contact-the-opc/
European Union/ EEA Data Protection Authorities:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
United Kingdom Information Commissioner’s Office:
https://ico.org.uk/global/contact-us/contact-us-public/
United States Attorneys General:
https://www.naag.org/find-my-ag/
Contact
If you have any questions on the processing of your personal data, please contact us using the details below.
Nox Medical
Data Protection Officer
Katrínartún 2
105 Reykjavík
Iceland
+(354) 570 7170
privacy@noxmedical.com