fbpx
Menu

Privacy Policy

Nox Medical Website Privacy Policy

Last Updated: January 10th, 2025

1. Overview

Nox Medical, including Nox Medical ehf., Nox Medical LLC, Nox Medical Canada Inc, and its affiliated parties  (hereinafter “we”, “us” or “Nox”) are committed to the protection of your personal data.  We understand that health is a very private subject, and we want you to feel comfortable visiting our website, and engaging with our applications and services. We provide this Website Privacy Notice (“Notice”) to inform individuals about the personal data we collect, how we use, disclose, and protect that information as well as what choices you may make regarding your information.

2. Scope

When used in this Notice, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual and includes “personal data” or “personal information” as defined in applicable data protection laws. Data that cannot be associated with you, such as aggregated, de-identified, or anonymized information (“Anonymous Information”), is not personal data. Nox commits to keep Anonymous Information in its de-identified state, and will make no efforts to re-identify such data.

This Notice describes how Nox processes personal data (collects, uses, shares, stores, transfers, retains  and deletes) in accordance with applicable data protection legislation, including, but not limited to the provisions of the European General Data Protection Regulation “GDPR,” the California Privacy Rights Act “CPRA,” and Canada’s Personal Information Protection and Electronic Documents Act “PIPEDA”. This Notice provides you with an overview of the processing of your personal data by us, and outlines your rights regarding the processing of your personal data. 

Nox may modify this Notice at any time effective upon its posting. Your use of Nox Medical’s website is subject to the applicable Terms of Use.

3. Personal Data Processing Summary

The table below provides you with details about the information we collect, how we obtain that information, how it is used, who it is shared with and how long we keep it. Please see the subsequent sections for further explanation about Nox’s data processing activities. 

 

Categories of personal data processed 

  

Sources of personal data

 Purpose(s) of processing personal data

*EU legal bases for processing personal data

 Categories of third parties to whom we disclose Retention of personal data
Personal identifiers:

 

Personal contact details such as name, business affiliation and related business contact information

  

Directly or indirectly from you

From third parties

  

*With your consent

Security measures and complying with health and safety obligations

Business purposes/ *legitimate business interests

Compliance/ *legal obligation

  

Professional services consultants

Security vendors

IT vendors

Professional service providers, including external auditors

  

For the duration of the relationship + 7 years
Device and Online Identifiers:

Account login information, Mac address, IP address, cookie IDs, mobile ad IDs, and social media information

 Directly or indirectly from you Security measures and complying with health and safety obligations

Business purposes/ *legitimate business interests

 Professional services consultants

Security vendors

IT vendors

Professional service providers

 3 years
Internet or other similar network activity:

Information collected through cookies and similar technologies when using Nox sites

Analytics on usage of the Nox sites

 Directly or indirectly from you *With your consent

Business purposes/ *legitimate business interests

Compliance/ *legal obligation

  

 

IT vendors

Security vendors

Professional service providers, including external auditors

  

 

 

 

 3 years
Business and Commercial information:

Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

 Directly or indirectly from you Business purposes/ *legitimate business interests Professional service providers The duration of the relationship + 3 years
 

Sensory data:

 

Audio, electronic, visual, or similar information. Photographs, video conferencing recordings, CCTV recordings, telephone calls, communications over electronic channels and applications

 

  

Directly or indirectly from you

From third parties

  

*With your consent

Business purposes/ *legitimate business interests

Compliance/ *legal obligation

  

IT vendors

Security vendors

Professional service providers

  

 

 

 

 

 3 years

 
Professional or employment-related information:

 

Title and role within your organization

  

Directly from you

From third parties

  

*With your consent

Business purposes/ *legitimate business interests

Compliance/ *legal obligation

  

IT vendors

Security vendors

Professional service providers

  

 

For the duration of the relationship + 7 years
 

Education Information:

Degrees earned

  

Directly or indirectly from you

From third parties

 *With your consent Business purposes/ *legitimate business interests

Compliance/ *legal obligation

  

 

IT vendors

Security vendors

Professional service providers

  

 

 

For the duration of the relationship + 7 years
Sensitive personal data or CPRA “sensitive personal information” collected:

 None

  

 

 

 

 

 

 

 

 

 

4. How We Use Your Information

In addition to the purposes and uses described above, we use information in the following ways:

  • To identify you when you visit our websites and use our web and mobile applications.
  • To provide you with the services and products for which you request or register.
  • To respond to your inquiries related to support or employment opportunities, or to respond to your other requests.
  • To generate statistics regarding the composition and nature of user feedback.
  • To monitor the effectiveness and safety of our products in the market and help us improve our products.
  • To conduct analytics (e.g., to enhance user experiences on our Nox Website).
  • To send marketing and promotional materials, including information relating to products and services.
  • For internal administrative purposes, as well as to manage our relationship with you.
  • To detect security incidents, and to protect against malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions.
  • To comply with legal obligations, to establish or exercise our rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible misconduct.

Although the sections above describe our primary purposes for collecting and using your information, in many situations, we have more than one purpose. For example, if you submit an application for a job posting, we may collect your information in anticipation of employing you, but we also collect your information as we have a legitimate interest in contacting you about the status of your application and evaluating your qualifications for the position. As a result, our collection and processing of your information is based on different contexts upon your consent, our need to perform a contract of employment, our obligations under law, and/or our legitimate interest in conducting our business.

5. How We Share and Disclose Your Information

To the extent necessary for purposes of communicating with you or fulfilling your requests for content, materials, and opportunities, we may share your information with the entities identified below and any of the entities that we elect to share such information with, subject to any legal or contractual limitations. In addition to the specific situations discussed elsewhere in this Privacy Notice, we disclose information to others in the following situations:

  • Affiliates and Acquisitions. We may share your information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires (or proposes to acquire) our company, any of our affiliates, business, or our assets, we will also share your information with that company, including at the negotiation stage.
  • Trusted Third Parties/Service Providers. We may share your information with service providers. Among other things, service providers may help us to administer our Nox Website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.
  • Other Disclosures for Legal and Regulatory Compliance Reasons. We may disclose information when we are legally required to do so, such as in response to subpoenas, warrants, or court orders, or in connection with any other legal process, or to comply with applicable laws and regulations. We may also disclose your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for products or services by a third-party intermediary.
  • Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy, and if you provide consent we may disclose your information to those entities.
  • Public. Some parts of our Nox Website may provide the opportunity to post comments or other content in a public forum. If you decide to submit information on these pages, that information may be publicly available.

We, our affiliates, or our respective trusted business parties and third-party service providers may also produce reports on the Nox Website’s traffic or usage patterns and share these reports with us, or our business partners and others. In addition to the uses described above, Nox may also use and disclose certain aggregated, anonymized information, such as usage data related to the Nox Website, to our affiliates, subsidiaries, trusted business partners, or other trusted third parties. Such information may also be shared with other users or the general public for advertising, informational, or comparison purposes.

6. How Protect Your Information

We use reasonable efforts to protect your personal data from unauthorized access, use, or disclosure. However, no method of transmission over the Internet, or method of electronic storage, is fully secure and impenetrable. Therefore, we cannot guarantee the security of your personal data. In the event that we are required by law to inform you of any unauthorized access to your personal data, we may notify you electronically, in writing, or by telephone, if permitted to do so by law. You agree to immediately notify us of any breach of security of the Nox Website, any breach of this Privacy Notice, or any breach of the Terms of Use of which you become aware.

Some areas of our Nox Website permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your user identification and your password, and you are responsible for any access to or use of your account by someone else that has obtained your user identification or your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

7. Cookies and Usage Reports

By placing a small file known as a “cookie” on your computer (or other device), Nox’s, and its third-party service providers’, servers may passively gather information about a visitor’s use of the Nox Website for several reasons, including, but not limited to, the following: statistics collection and analysis, Nox Website optimization, analytics (as described below), market research, and maintenance of user login information. The information that we and our third-party service providers track with cookies may include, but is not necessarily limited to, the type of browser (such as Google Chrome or Internet Explorer) and Internet-connected device being used to access the Nox Website, your Internet Protocol (“IP”) address, your home domain or Internet service provider, your referrer URL (which is the URL for the website that you were viewing prior to visiting the Nox Website), how you were directed to the Nox Website, which specific pages you access, how long you view each page, the time and date you gain access and the total number of visitors to the Nox Website and any portions thereof. We may also use your IP address to determine the general physical location of your computer or device and understand from what geographic locations visitors come.

Our Nox Website allows you to define which cookies you will allow on your computer and will respect those settings. Certain cookies labeled “Strictly Necessary Cookies” are required for our applications to function, so if you reject all cookies, then the application will not function. We would ask you to accept all of our cookies so that we can provide you with the best experience and support.

8. International Transfers of Information

Nox Group, Inc. is a multinational company and maintains offices around the world, including in the United States, Canada, and in Iceland. As a result, your personal data may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal data using the same privacy principles that apply pursuant to the law of the country in which we first received it. By submitting your personal data to us, you agree to the transfer, storage and processing of your personal data in a country other than your country of residence including, but not necessarily limited to, the United States. If you are visiting the Nox site or Application or any part thereof from outside of the United States of America, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country,and have put in place the required legal data transfer mechanisms necessary to protect your data  By using any portion of the Nox Website, you understand and consent to the transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this Privacy Notice. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to personal data when it goes to another jurisdiction, you can contact us using the contact information below.

9. Your Data Rights and Choices

You may have certain rights and choices regarding your personal data.  Depending on your jurisdiction, and subject to applicable law, you may make the following choices:

  • Manage Contact and Emails. You may choose to provide us with your e-mail address for the purpose of allowing us to send you free newsletters, surveys, announcements of new products and services, and other information we think you may find useful. If you decide at any time that you no longer wish to receive these emails, you can update your preferences while logged into your account or unsubscribe from our email list by following the unsubscribe instructions in the emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
  • Access Your Personal Information. You may access your personal data while logged into your account. Additionally. upon request, we will grant reasonable access to the personal data that we hold about you, including in some cases the right to data portability. You may request access to your personal data by contacting us at the address described below.
  • Modify/Update Your Personal Information. You may make changes to your personal data while logged into your account, or you may request that we modify or update your inaccurate or out-of-date personal data by contacting us at the address described below.
  • Delete Your Personal Information. In certain circumstances, you may request that we delete your personal data. If required by law, we will delete your personal data after such a request is made. You should note that there are some situations in which we may decline to delete your personal data. For example, we may keep your personal data as needed to comply with our legal obligations, where permitted by law, to resolve disputes, and/or to enforce any of our agreements. You may request deletion of your personal data by contacting us at the address provided below.
  • Object to Certain Processing of Your Personal Information. In certain circumstances, you may object to the processing of your personal data or request that we restrict processing of your personal data. Where our processing is based upon your consent, you may revoke consent by contacting us at the address provided below. If you revoke your consent or object to processing, we may no longer be able to provide you services. In some cases, we may limit or deny your request if the law permits or requires us to do so, or if we are unable to adequately verify your identity.

10. Links to Other Sites

For your convenience, some hyperlinks may be posted on the Nox Website that link to other websites not under our control (the “Linked Websites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Websites or of any companies that we do not own or control. We cannot be responsible for the privacy practices of any such Linked Websites, nor do we endorse any of these Linked Websites, the services or products described or offered on such Linked Websites, or any of the content contained on the Linked Websites. We encourage you to seek out and read the privacy policy of each website that you visit. In addition, should you happen to initiate a transaction on a Linked Website, even if you reached that site through Nox Website, the information you submit to complete that transaction becomes subject to the privacy practices of the operator of the applicable Linked Website. You should read each Linked Website’s privacy policies to understand how Personal Information that is collected about you is used and protected.

11. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. The effective date of this Privacy Notice is specified by the version date located at the end of this Privacy Notice. All updates and amendments to this Privacy Notice are effective immediately when posted on the website. We expressly reserve the right to make any changes to this Privacy Notice at any time, without prior notice to you. This Privacy Notice is not intended to and does not create any contractual or other legal right in or on behalf of any party other than Nox.

12. Children

The Nox Website is intended for a general audience and is not intended for use or viewing by children under sixteen (16) years of age, and we do not knowingly collect information about children or sell products to children. 

13. Contact Information

Should you have any questions about this Privacy Notice or our privacy practices, please contact us at the appropriate address below.

 

Nox Medical, LLC

USA

 Nox Medical ehf 

Iceland

 Nox Medical 

Canada, Inc.

 Data Protection Officer/  DPO

 
Address:

100 Kimball Place 

Suite 100

Alpharetta, GA 30009

USA


Tel: 855-617-6691

Fax: 678 669 2274

Email: privacy@noxmedical.com

 Address: 

Katrínartún 2

105 Reykjavík

Iceland


Tel: +(354) 570 7170

Email: privacy@noxmedical.com

 

 Address: 

1010 Polytek Street, Unit 13, Ottawa, Ontario, Canada 

Tel:(249) 507-5337 or (249) 50 SLEEP.

Email: privacy@noxmedical.com

 

 Address: 

Harris Troutman

Data Protection Officer

100 Kimball Place 

Suite 100

Alpharetta, GA 30009

USA 

Email: privacy@noxhealth.com

 

You may also contact  your local supervisory authority.

14. Additional Regional Privacy Considerations

Nox has adopted a global approach on privacy with the intent of providing individuals with strong privacy protections regardless of where they reside. We recognize and implement high standards for privacy rights compliance on a global scale. Listed below, you can find additional privacy provisions that may be relevant to your specific country or region.

If you have any questions or concerns regarding the privacy provisions relevant to you, or you wish to exercise any of these rights, please contact our Privacy Officer by using the contact information provided in Section 13 “Contact Information.”

 

Canada:

Controlling Law: Personal Information Protection and Electronic Documents Act (PIPEDA)

Canada Privacy Rights: You can exercise your rights of access and rectification by contacting us. Depending on your province, you may have additional rights, including the right to control the dissemination of your personal data, the right to data portability, the right to be informed of and submit observations regarding automated decision-making, and the right to request information about data processing.

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada or your local privacy commissioner.

To exercise your rights, use our online form located here: 

Supervisory Authority:

Office of the Privacy Commissioner of Canada

Online: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/file-a-complaint-about-a-business/

Direct mail:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC K1A 1H3

Phone: 1-800-282-1376 (toll-free)


European Union (EU), United Kingdom (UK), Switzerland (CH) and European Economic Area (EEA): 

Controlling Laws: The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), UK The Data Protection Act 2018 (UK GDPR), Swiss Federal Act on Data Protection.

Legal Bases for Processing EU, UK CH, EEA personal data: Applicable law and policies require Nox Medical to have a “legal basis” for the processing of your personal data.  The applicable legal basis often depends on the types of data and the specific context in which it is processed. Where the GDPR and similar laws apply, we typically rely on performance of a contract, our legitimate business interests, or your consent as our primary legal bases to process your personal data.

EU, UK, CH, EEA Privacy Rights: If you are located in these regions listed, you have the following rights with respect to your personal data. You may contact us if you wish to exercise any of these rights:

  • The right to access your personal data;
  • The right to update your personal data by emailing us or, where appropriate, amending the personal details contained in your registered account with us. If practically possible, we will make corrections (where appropriate) based on your updated information;
  • The right to withdraw your consent with respect to data that is collected on the basis of your consent;
  • The right to request erasure of your data or object to its processing;
  • The right to data portability; and
  • The right to lodge a complaint with us or with a supervisory authority.

To exercise your rights, use our online form located here: 

Supervisory Authorities:

EU/ EEA Data Protection Authorities:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

Switzerland: Federal Data Protection and Information Commissioner

Online:https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/anzeigeformular_betroffene.html

Phone:  058 462 43 95

United Kingdom: UK Information Commissioner’s Office:

Online: https://ico.org.uk/make-a-complaint/data-protection-complaints/what-to-expect/

Phone: 0303 123 1113

 

United States (US): 

Controlling Law: There are many US state-specific privacy laws with new ones coming into effect every year. Because California’s privacy protections are viewed by many to be the most comprehensive in the US, we refer US-based individuals to the California Consumer Privacy Act of 2018 (“CCPA”), and as of January 1, 2023 the California Privacy Rights Act of 2020 (“CPRA”), for personal data protection.

Our Processing of US Personal Data:  We collect and have collected in the last 12 months all of the information described in Section 3 of our Privacy Notice from and about US residents. You should refer to that section for more detail, but this information generally falls into the categories listed in the chart in Section 3 to the extent it is personally identifiable. The chart also indicates the data subjects whose personal data we collect, the purposes of processing, and the categories of third parties to whom we recently disclosed the data leading up to the effective date of this Statement. 

We have not sold or shared (as defined in the CCPA and other U.S. state comprehensive privacy laws) personal data covered by this Privacy Notice in the preceding 12 months. We also do not knowingly sell or share the personal data of individuals under 16 years of age.

 US Privacy Rights: Under applicable US law, you have the right to:

  • Request access to your personal data as it is processed and stored by us;
  • Correct or delete your personal data that we hold unless Nox is legally required to retain it;
  • Restrict or object to our processing of your personal data;
  • Lodge a complaint; and
  • Opt out of “sale” of your personal data.

To exercise your rights, use our online form located here: 

You may also call our phone number: 855-617-6691

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written document permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided above to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require: 

  • The authorized agent to provide proof that you gave the authorized agent signed permission to submit the request.
  • You to verify your identity directly with us.
  • You to directly confirm with us that you have provided the agent with your permission to submit the request on your behalf.

Subject to applicable law, we may not discriminate against you for exercising any of the above-listed rights or any other rights under the CCPA or similar U.S. state comprehensive privacy laws, including by: 

  • Denying you goods or services.
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to Nox by your personal data, subject to the requirements of applicable law. 

California law requires that Nox indicate whether it honors “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is not currently in use by Nox. As it is not currently in use, Nox adheres to the standards set out in this Privacy Notice and does not monitor or follow any Do Not Track browser requests.

Cookies and online tracker opt-out: If you would like to opt-out of CPRA “sales or sharing” that happen through Cookies and related technologies, follow the steps below on each Nox site you use:

Click the cookie icon in the bottom left corner of the Site and select the “Reject All” option.

Please note, you must repeat this process for each device and browser that you use to access Nox Sites.

Contact: Please contact us as described in Section 13 for more information or to exercise a request regarding your US privacy rights. 

Supervisory Authority:

If you are concerned about Nox’s compliance with US laws relating to the privacy of your personal data, you may contact your Attorney General’s Office.

List of Attorneys General: https://www.naag.org/find-my-ag/