ROM Technologies, Inc.® User Privacy Policy

This ROM Technologies, Inc. (“ROMTech®”) privacy policy (“Privacy Policy”) describes how information about you may be used and disclosed in connection with your use of our web portal and otherwise. Please review it carefully.

NOTICE AT COLLECTION OF INFORMATION: This is to notify you, at or before collecting personal information about you, of the categories of personal information we collect and the purposes for which the personal information will be collected. Please see Section 1.1 Collection Of Information, 2.1 Information We Collect, and 2.2 Use Of Personal Information.

The effective date of this Privacy Policy is August 15, 2023, which is when this Privacy Policy was last updated.

1. GENERAL PROVISIONS

1.1 TYPES OF INFORMATION WE MAY COLLECT

Your name, email address, contact information, date of birth, phone number(s), and statistics generated from your rehabilitation sessions using ROMTech devices.

  • Data about your ROMTech device, including your device ID, IP address, cookies, web beacons, browser type, operating system, cross-device matching data, and similar data, including without limitation metadata or data used for analytics purposes
  • Information about when your ROMTech account was registered, modified or terminated, and dates/times of logins and logouts
  • Any permissions and authorizations you have provided related to your ROMTech account including without limitation the identity of and other information concerning other individuals to whom you have given access to your account
  • Information about and related to any services or third party platforms you use or access through your ROMTech account, including frequency of access, types of use, features or functionality used, client accounts accessed, etc.
  • Security related information, such as your credentials which include but are not limited to username and password, number of failed login attempts, timeouts, past passwords, security questions for identity or account validation, number and frequency of username or password resets, permissions and authorizations for our services and those of third party platforms, and geolocational information.

In addition, we may collect other information as permitted under applicable law. We may also share information regarding your ROMTech account and services as follows:

  • Within ROMTech, including with employees, contractors, agents, and service providers, and with other third parties we use to support our business or services and who are bound by contractual obligation to keep information confidential and use it only for the purposes for which we disclose it to them;
  • To protect our rights and property and the rights and property of our clients and others, including to enforce agreements, policies and terms of use;
  • To comply with applicable laws and regulations;
  • To respond to lawful requests, regulatory enquiries, investigations and legal process;
  • To protect the safety of any person;
  • With third parties other than as set out above and only with your consent;
  • In connection with, or during the consideration, negotiation, or consummation of any merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

In addition, we may share information as permitted under applicable law.

1.2 OUR COOKIES

Like many other websites, we use cookies on this Site. A cookie is a small removable data file that is stored by the web browser on your computer that identifies your computer and browser when you visit ROMTech.com.

We use cookies to authenticate users, block malicious use of login credentials, and shield unauthorized access to ROMTech properties and services. We also developed and use cookies to collect information on ROMTech and our services in order to understand and improve our services and the manner in which they are provided. These cookies also help us learn how well ROMTech and our services operate across different locations and identify any issues in the operation and provision of our services.

Most web browsers are initially set up to accept cookies. You have the option to reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, that certain features of the Site may not function if you delete or disable cookies.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

THIS SITE’S COOKIES DO NOT AND CANNOT INFILTRATE A VISITOR´S HARD DRIVE TO COLLECT ANY INFORMATION STORED ON THE HARD DRIVE.

1.3 THIRD-PARTY COOKIES

We also permit the setting of third-party cookies. These assist us in measuring and understanding how our products are used and how they can be optimized. We may also receive other analytics information from these third parties.

Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Your ROM Tech account also may not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads.

For more information, visit the help page for your web browser.

ROMTech may from time to time promote products or services through third party websites. Some of these third parties generate their own cookies in order to track how many visitors to this Site have seen their advertisement and to record how many people have seen it more than once.

Third party advertising cookies can be used for statistical purposes, for example, in providing you with future advertising that is more relevant to your interests.

We have no control over third party advertising cookies, but believe they cannot be used to identify an individual visitor. The only data that will be collected by these cookies is that the visitor has arrived on the third party´s site having previously visited the ROMTech.com website.

1.4 DATA RETENTION

To the extent permitted by applicable law and any applicable client agreements, we may retain your information for as long as needed to comply with our legal obligations (which obligations include those to you, our clients, or to any third parties including regulatory and related authorities), to resolve disputes, to enforce our legal rights, policies, terms and agreements, for analytic purposes, for security purposes, or for as long as is reasonably necessary for other lawful purposes.

1.5 SECURITY OF INFORMATION

Security is of the utmost importance for ROMTech. ROMTech uses technical and physical safeguards to protect the security of your information from unauthorized disclosure. However, security cannot be guaranteed against all threats.

You may not assign or transfer your ROMTech account or share your ROMTech login, password, or any other credentials with any other person without our consent. Please notify us immediately if you believe the security of your ROMTech account may have been compromised.

1.6 NOTICE REGARDING CHILDREN AND MINORS

ROMTech recognizes the importance of protecting the privacy and safety of children. ROM Tech accounts are not intended for users under the age of sixteen (16) years old, and such users are not authorized to have ROMTech accounts. ROMTech has no actual knowledge that it sells or shares the personal information of consumers under 16 years of age. (11 CCR 7011(e)(1)(G).) If you believe we have collected data from a user under sixteen (16) years old without the consent of their parent or legal guardian, please let us know immediately by contacting us as indicated below in Section 1.15, Contact, and provide sufficient information so we can act appropriately on your request.

1.7 TELEPHONE CONSUMER PROTECTION ACT (TCPA) NOTICE

In connection with your ROMTech account, we may need to send business, informational, support and security related messages (whether texts, alerts or calls) to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your ROMTech account, including on the ROMTech device itself. You agree such texts or calls may be prerecorded messages or placed with an automatic telephone dialing system. In addition, you agree that ROMTech may send service or account related text messages to cellular phone numbers you provide to ROMTech, and you agree to accept and pay all carrier message and data rates that apply to such text messages. If you choose to provide an e-mail or other electronic address on your ROMTech account, you acknowledge and consent to receive business and informational messages relating to your ROMTech account at the address, and you represent and warrant that such address is your correct address and is not accessible or viewable by any other person.

1.8 DISPUTES

Unless otherwise required by applicable law, or otherwise specified in other ROMTech terms applicable to the specific Services you are accessing or using through your ROMTech account (and then only to the extent that the dispute relates solely to such specific Services), you agree that all provisions regarding disputes set forth in our terms of use also apply to any disputes related to this ROMTech User Privacy Policy except to the extent specifically overridden by this ROMTech User Privacy Policy; this includes, without limitation, choice of law, forum, service of process, mediation or arbitration, waiver of rights to trial by jury and agreement not to assert any claims in a consolidated or class action.

1.9 YOUR RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
    Ask us how by emailing [email protected].
  • We will provide a copy or a summary of your health information, usually within 10 business days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your personal or medical record

  • You can ask us to correct personal or health information about you that is incorrect or incomplete. This will not apply to any notes made by your health care providers or other similar information, but does apply to fact-based metrics such as your date of birth, gender, or marital status. Ask us how by e-mailing [email protected].

Request confidential communications

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.

Ask us to limit what we use or share

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would negatively affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

  • You are entitled upon request to a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another accounting within 12 months.

Get a copy of this privacy policy

You can ask for a paper copy of this Privacy Policy at any time, even if you have agreed to receive the Privacy Policy electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

  • You can lodge a complaint with us if you feel we have violated your rights in any way. Please see information in Section 1.12, Contact, regarding how to contact us.
  • You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:

    200 Independence Avenue, S.W., Washington,
    D.C. 20201, calling 1-877-696-6775

    or visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

1.10 YOUR CHOICES REGARDING YOUR INFORMATION

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may choose to share your information if we reasonably believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to your health or safety.

We never share your information for the following purposes (unless you give us written permission, which we will not solicit):

  • Marketing purposes
  • Sale of your information

1.11 APPEAL OF OUR DECISIONS

An appeal procedure is required by a number of states. You can appeal any decision we make about your information by sending an email to Nick Totilo at [email protected].

1.12 OUR USES AND DISCLOSURES

How do we typically use or share your health information?

We typically use or share your health information in the following ways.

In the Course of Your Treatment

We may share your health information with health care professionals who are treating you.

In the delivery of our services

We may use and share your health information to deliver our services to you, to improve the delivery of your care by your health care professionals, and to contact you when necessary.

Billing and payment for your ROMTech services

We may use and share your health information to bill and get payment from health plans or other entities.

How else can we use or share your health information?

We are allowed or required in some circumstances to share your information in other ways that most often contribute to the public good, such as public health and research. However, we have to meet many legal conditions before we can share your information for these purposes. For more information about privacy and medical information visit:

https://www.hhs.gov/hipaa/for-individuals/index.html

Help with public health and safety issues

We can share health information about you for certain situations such as:

  • Preventing disease
  • Helping with product recalls
  • Reporting suspected abuse, neglect, or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services and any applicable state or local health department.  We can use or share health information about you:

  • For workers’ compensation claims
  • For law enforcement purposes or in response to a valid legal mandate
  • With health oversight agencies for activities authorized by law
  • With respect to other government requests.

Respond to Subpoenas, Court Orders, and Other Legal Actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

1.13 OUR RESPONSIBILITIES

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this Privacy Policy and give you a copy of it in writing if you so request.
  • We will not use or share your information other than as described here unless you give us written permission. If you give us such permission, you may withdraw it at any time. You must advise us in writing if you wish to revoke any previously given permission.

For more information regarding this Privacy Policy and your health-information privacy rights as a consumer of ROMTech services, visit:

https://www.hhs.gov/hipaa/for-individuals/index.html.

1.14 CHANGES AND AMENDMENTS TO THE TERMS OF THIS NOTICE

We reserve the right to change and/or update the terms of this Privacy Policy at any time and without advance notice to you, and all such changes will apply to all information we have about you and we will post the updated Privacy Policy on our website and update the Privacy Policy’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

1.15 CONTACT

If you have any questions about this ROMTech User Privacy Policy or any other aspects of your privacy rights with respect to ROMTech, please contact us at:

ROM Technologies, Inc.
101 Silvermine Road
Brookfield, Connecticut 06804
Attention:
By email:  [email protected]
By Phone: Toll-free: 1-888-374-0855
Web-site address: www.romtech.com

1.16 INVALIDITY

If any portion of this Privacy Policy is found to be invalid with regard to a person or entity under a particular state’s law or any federal law or another country’s law or under the GDPR, then the narrowest amount possible of that portion of this Privacy Policy shall be held to be invalid for those users covered by that law, and the remainder of this this Privacy Policy will continue in full force and effect. Further, if any portion of this Privacy Policy is found to be invalid, then any arbitrator or any court that becomes involved is hereby directed by the parties to replace the legally invalid provisions of this Privacy Policy with legally valid provisions which will, from an economic viewpoint, most nearly and fairly approach the eliminated provisions.

2. CALIFORNIA AND OTHER STATE PRIVACY RIGHTS ADDENDUM

A number of states have passed or are in the process of passing online privacy requirements, including California, Indiana, Tennessee, Iowa, Montana, Texas, Florida, Connecticut, Colorado and Virginia. In addition to the General Terms above, this Addendum (“State Addendum”) to the Privacy Policy applies to any person or entity covered by the law of one or more of the states with such an online privacy policy. In the event of any conflict between this State Addendum and the General Terms section, this State Addendum controls.

This State Addendum is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) and the associated regulations (altogether, “CCPA”) and other state privacy laws. Any terms defined in the CCPA have the same meaning when used in this State Addendum unless otherwise specified.

2.1 INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information
  • Information excluded from the CCPA’s scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months (as identified in Cal. Civil Code Section 1798.140(v)(1)(A) through (K)) as indicated:

CategoryExamplesCollected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
E. Biometric information.  (Ca. Civ. Code Sec. 1798.140(c).)  An individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.YES
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.NO
G. Geolocation data. Physical location or movements.YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.YES
I. Professional or employment-related information. Current or past job history or performance evaluations.NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YES
L.  Sensitive Personal Information listed in Cal. Civ. Code Sec. 1798.140(ae). (1) Personal information that reveals:
(A) A consumer’s social security, driver’s license, state identification card, or passport number.
(B) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
(C) A consumer’s precise geolocation.
(D) A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
(E) The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
(F) A consumer’s genetic data.
(2)
(A) The processing of biometric information for the purpose of uniquely identifying a consumer.
(B) Personal information collected and analyzed concerning a consumer’s health.
(C) Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
YES

We obtain the categories of personal information listed above either directly from you (e.g., from your use of the Services) or indirectly from you (e.g., observing your actions on our website or through our devices), as further described above.

These categories of information that we collect will be retained indefinitely. (11 CCR 7012(e)(4).)

We do not use or disclose Sensitive Personal Information for purposes other than those specified in 11 CCR 7027(m), which are those purposes identified in Cal. Civil Code Section 1798.121(a) for which a business may use or disclose Sensitive Personal Information without being required to offer consumers a right to limit that use or disclosure. These purposes are as follows:

To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;

Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business;

Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business;

Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

2.2 USE OF PERSONAL INFORMATION

We may use, or disclose the personal information we collect for one or more of the following purposes:

  • To fulfill or meet the reason you provided the information. For example, providing ROMTech products or services to you or responding to questions about ROMTech products or services.
  • To provide, support, personalize, and develop ROMTech web properties, products and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your website and services experience and to deliver content and product and service offerings relevant to your interests via email or text message with your consent, where required by law.
  • To help maintain the safety, security, and integrity of ROMTech, our website, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve the ROMTech website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

2.3 SHARING PERSONAL INFORMATION

We share your personal information with the following categories of third parties:

  • Service providers.  
  • Third Parties that you consent to or direct us to share your information with.  

Disclosures of Personal Information for a Business Purpose

We may disclose the following categories of personal information for a business purpose:

  • Category A: Identifiers.
  • Category B: California Customer Records personal information categories.
  • Category C: Protected classification characteristics under California or federal law.
  • Category D: Commercial information.
  • Category E. Biometric information.
  • Category F: Internet or other similar network activity.
  • Category G: Geolocation data.
  • Category H: Sensory Data.
  • Category K: Inferences drawn from other personal information.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service providers.
  • Third parties that you consent to or direct us to share your information with.

2.4 YOUR RIGHTS TO OBTAIN INFORMATION

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, a list disclosing:
    • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • We do not provide these access and data portability rights for B2B personal information.

2.5 YOUR PRIVACY CHOICES

You may choose the option “Do Not Sell or Share My Personal Information” and/or “Limit the Use of My Sensitive Personal Information.” By clicking the link above next to “YOUR PRIVACY CHOICES” you will be taken to a web page where you can designate your choices with either or both of these options.

The “Do Not Sell or Share My Personal Information,” will enable you, or a person authorized by you, to opt out of the sale or sharing of your Personal Information as defined in the chart above.

The “Limit the Use of My Sensitive Personal Information” will enable you, or a person authorized by you, to limit the use or disclosure of your Sensitive Personal Information as defined in the chart above to the following uses:

To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;

Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business;

Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business;

Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

(Cal. Civ. Code Sec. 1798.135(a)(3), 1798.121 and 1798.140; 11 CCR 7015.)

You have the right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the California Consumer Privacy Act (“CCPA”), including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights. (11 CCR 7011(e)(2)(f).)

2.6 DELETION REQUEST RIGHTS

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our services.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation. We will not delete investor contact information as we are required to give investors notice in certain situations.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • We do not provide these deletion rights for B2B personal information.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by contacting us per the instructions above in Section 1.15, Contact.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please call the phone number referenced above.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
  • Name, address, date of birth, usernames (where applicable) and email address. We may use this information to surface a series of security/quiz questions to you to verify your identity.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

For Access, Data Portability, or Deletion Requests, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. (11 CCR 7011(e)(3)(E).) We will inform the requestor if their identity cannot be verified. (11 CCR 7012(a).) We do not require a consumer to verify their identity to make a request to opt-out of sale/sharing or to make a request to limit. (11 CCR 7060(b).)

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

2.7 NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

2.8 OTHER CALIFORNIA PRIVACY RIGHTS

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of ROMTech’s products or services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact us as described above, under Section 1.15, Contact.

2.9 HOW TO SEND US YOUR FEEDBACK

Our goal is to respect your privacy and we encourage user feedback to help us improve our privacy policies. If you have any questions, concerns or suggestions about this privacy statement or our processing of your personal information, please contact us as described above under Section 1.15, Contact. (11 CCR 7011(e)(3)(J).)

3. GDPR DATA PROTECTION ADDENDUM

Compliance with the European Union’s General Data Protection Regulation (GDPR)

In addition to the General Terms above, this GDRP Data Protection Addendum (“GDRP Addendum”) applies to any person or entity covered by the European Union’s General Data Protection Regulation. A given provision also applies when any U.S. state or federal law requires it. Further, certain terms from the State Addendum above apply here as specified below. In the event of any conflict between the General Terms, the State Addendum or the General Terms, this GDRP Addendum controls and after that the State Addendum controls.

3.1 WHAT DATA DO WE COLLECT?

See Section 1.1, Types Of Information We May Collect, above.

3.2 HOW DO WE COLLECT YOUR DATA?

We collect your data through registrations or responses you make on our website, orders you make for our products and services, emails and letters you send us, customer surveys we may use from time to time, medical information we obtain from you or your physician(s), information we receive from your insurers, biometric information we collect from your use of our equipment, cookies in your browser or cookies we place on your computer to help our website run better, and other sources relating to the services and equipment we provide.

3.3 HOW WILL WE USE YOUR DATA?

See Section 1.12, Our Uses And Disclosures.

  • Our company collects your data so that we can:
    • Process your order, manage your account.
    • Email you with special offers on other products and services we think you might like.
  • When our company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.

3.4 HOW DO WE STORE YOUR DATA?

3.5 MARKETING

  • Our company would like to send you information about products and services of ours that we think you might like, as well as those of our affiliates and partner companies (“Company Group”). 
  • We will assume that by providing us information you have agreed to receive such marketing, but you may always opt out at a later date. 
  • You have the right at any time to stop our company from contacting you for marketing purposes or giving your data to other members of our Company Group. 
  • If you no longer wish to be contacted for marketing purposes, please click here. 

3.6 WHAT ARE YOUR DATA PROTECTION RIGHTS?

  • Our company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following: 
  • The right to access – You have the right to request our company for copies of your personal data.   See Section 1.9, Your Rights
  • The right to rectification – You have the right to request that our company correct any information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.  See Section 1.9, Your Rights
  • The right to erasure – You have the right to request that our company erase your personal data, under certain conditions.   See Section 2.5, Deletion Request Rights
  • The right to restrict processing – You have the right to request that our company restrict the processing of your personal data, under certain conditions.  See Section 2.5, Your Privacy Choices.      
  • The right to object to processing – You have the right to object to our company’s processing of your personal data, under certain conditions.  See Section 2.5, Your Privacy Choices.       
  • The right to data portability – You have the right to request that our company transfer the data that we have collected to another organization, or directly to you, under certain conditions.  See Section 1.9, Your Rights
  • If you make a request, we will respond to you. If you would like to exercise any of these rights, please contact us per the information in Section 1.15, Contact

3.7 WHAT ARE COOKIES?

  • Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.  See Section 1.2, Our Cookies, and Section 1.3, Third-Party Cookies
  • For further information, visit https://allaboutcookies.org/

3.8 HOW DO WE USE COOKIES?

  • Our company uses cookies in a range of ways to improve your experience on our website, including: 
    • Keeping you signed in. 
    • Understanding how you use our website. 
  • Also see Section 1.2, Our Cookies, and Section 1.3, Third-Party Cookies

3.9 WHAT TYPES OF COOKIES DO WE USE?

  • There are a number of different types of cookies, however, our website uses: 
    • Functionality – Our company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used. 
    • Advertising – Our company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website. 
  • Also see Section 1.2, Our Cookies, and Section 1.3, Third-Party Cookies

3.10 HOW TO MANAGE COOKIES

You can set your browser not to accept cookies and, among other websites, https://its.uiowa.edu/support/article/719 tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. 

3.11 PRIVACY POLICIES OF OTHER WEBSITES

Our company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy. 

3.12 CHANGES TO OUR PRIVACY POLICY

Our company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on the date at the beginning of this policy. 

3.13 HOW TO CONTACT US

If you have any questions about our company’s privacy policy, the data we hold regarding you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.  To do this, see Section 1.15, Contact

3.14 HOW TO CONTACT THE APPROPRIATE AUTHORITY

  • Should you wish to report a complaint or if you feel that our company has not addressed your concern in a satisfactory manner, you may appeal any of our decisions.  To do this, see Section 1.11, Appeal Of Our Decisions
  • You may also contact the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/