Privacy & Cookies Notice
Organ Recovery Systems, Inc. (“ORS”) provides this Privacy & Cookies Notice to explain our practices regarding the collection and processing of certain individually identifiable information about ORS clients and other online visitors (collectively, “Personal Information”). As such, this Privacy & Cookies Statement applies to Personal Information that we collect via our websites (individually and collectively, “Site”), as well as through trade shows, seminars, conferences, and other offline means.
Table of Contents
- Information Collection
- Use of Personal Information
- Marketing Choices
- Cookies
- United States Data Subject Rights
- European Union Data Subject Rights
- Brazil Data Subject Rights
- Exercising Your Privacy Rights
- Data Security
- Cross Border Transfers
- Data Privacy Framework
- Third Party Services
- Legal Basis for Processing Personal Information
- Age Restrictions
- Changes to Privacy Policy
- Contact Us
Information Collection
ORS collects data, including Personal Information about you. You are not required to provide all of the Personal Information identified in this Privacy & Cookie Notice to use our Site or to interact with us, but some functionalities will not be available if you do not provide certain information. In particular, we may not be able to respond to your requests, perform a transaction with you, or provide you with marketing that we believe you would find valuable.
In the previous twelve months, we have collected various types of information, including:
Data Category | Examples of Specific Data | When the Data is Collected |
Browsing Information |
|
We collect browsing information automatically when you visit our website or use the LifePort® Mobile Troubleshooting App. |
Commercial Information |
|
We collect commercial information when you become our customer or vendor, or if you voluntarily provide it to us. |
Contact Information |
|
We collect contact information when you provide it to us via email, online form and job application submission, or through other means. |
Financial Information |
|
We collect financial information when you place an order with us or through our vendor. |
Social Media Data |
|
We collect this information automatically when you share information through social media widgets on our website. We also collect it when you voluntarily provide it to us. |
We collect Personal Information from a variety of different sources, including:
- Website visitors. We collect browsing information automatically from those who visit our website. We collect contact information, commercial information, and social media data from those who provide it voluntarily via contact forms, job applications, email messages, and social media links.
- LifePort Mobile Troubleshooting App Users. We collect browsing information automatically from those who use the LifePort mobile app. We collect Device ID, device type/name, system manufacturer of mobile device/phone, browsing information (e.g. unique page views, page navigation, timestamps, and links clicked).
- Customers, vendors, and service providers. We will collect commercial information, contact information, and financial information when you voluntarily become our customer, vendor, or service provider.
- Cookies and trackers. We use cookies and other embedded tracking technology like web beacons which automatically collect users’ browsing information when they use our website. You will find other parties’ trackers on our website. Other parties like our analytics and advertising partners place code with cookies or web beacons embedded in them. These are called third-party cookies. Some third-party cookies are used to track a particular user’s activity across the Internet.
Sensitive Information. ORS does not collect, use, or process Personal Information which is classified as sensitive information under certain US or foreign legislation under the scope of this Privacy Policy, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data.
Use of Personal Information
Personal information retention. ORS uses several criteria to determine how long we should keep categories of Personal Information. We will retain your Personal Information for the time period reasonably necessary to achieve the business purposes outlined in this Privacy Policy to the extent permitted by applicable law.
Please understand that residual copies of the Personal Information can be stored in locations or formats that make complete erasure extremely difficult. The best way to ensure you control your information is to give us only the Personal Information that you are completely comfortable sharing with us.
How we use collected information. ORS uses Personal Information for a variety of business purposes, as described below. We use the information we obtain about you to:
- Provide personalized services;
- Process, validate, and deliver purchases;
- Provide information about products or services you request;
- Conduct marketing research, such as questionnaires and surveys;
- Deliver notices to you about the use of our website, like updates to this Privacy Policy;
- Manage your participation in our events and other promotions, where you have signed up for such events and promotions;
- Protect against fraud, unauthorized transactions, and other liabilities;
- Manage client and supplier accounts and relationships, and to maintain our business operations;
- Secure our website by identifying potential hackers and unauthorized users;
- Develop and improve our organ preservation products and services, including performing analysis and research and development;
- Enforce our Terms of Use;
- Perform transactions and responding to your product and service requests, including providing client service and addressing client satisfaction issues;
- Comply with applicable legal requirements, court orders, legal proceedings, document requests, industry standards, and our internal policies; and
- For other purposes with your consent or where permitted by law.
Selling and Sharing. In the past twelve months, ORS has not disclosed information obtained from consumers to certain third parties in exchange for monetary or other consideration.
Other disclosures. We may disclose your Personal Information in the following ways and circumstances:
- When you consent. Out of respect for your privacy, ORS will not disclose your Personal Information to others without your consent, except as specified in this Privacy Policy.
- With our service providers and vendors. We transfer all or a portion of your information to our service providers who help us deliver our products and services to you and for the purposes described in this Privacy Policy. These service providers are required by contract or law to only use or disclose the information as necessary to perform services on our behalf or as otherwise required by law. Although ORS requires these third parties meet our privacy and security requirements, ORS does not control the privacy or security policies of such third parties.
- With our affiliated companies. We transfer the information that we collect to other ORS companies, subsidiaries, and related affiliates acting on our behalf for the purposes described in this Privacy Policy.
- Auditors, advisors, and financial institutions: We share Personal Information with auditors for the performance of audit functions, with advisors for the provision of legal and other advice, and with financial institutions in connection with payment and other transactions.
- For a merger, acquisition, change in ownership, or reorganization. Personal information we have collected may be disclosed to a third party in the event of a merger, transfer of ownership or assets, bankruptcy, or other corporate reorganization.
- For data analytics. We share your information with analytics service providers such as Google. Google may combine your browsing information, including information from your use of our website, to generate interest-based advertisements.
- Where information is anonymized or pseudonymized: ORS may share information publicly and with our trusted business partners when the data is de-identified in a manner which prevents others from using the information to link data to an individual.
- When we are legally permitted or required to do so. ORS may disclose without your prior consent any information about you or your use of our website, if we believe disclosure is necessary, including to:
- Protect and defend the rights, property, or safety of ORS, employees, other users of the website, or the public;
- Enforce the Terms of Use that apply to use of the website;
- As required by a legally valid request from a competent governmental authority;
- Respond to claims that any content violates the rights of third parties;
- Respond to enforcement agencies, if we are required to do so; and
- Satisfy any applicable law, regulation, legal process, or governmental request.
Marketing Choices
You have control regarding our use of Personal Information for direct marketing. You can manage, review, and update your information on our Site, as well as opt-out of marketing communications by using the link provided at the bottom of the communications. As further detailed below, you may contact us to exercise your data subject rights, including regarding Personal Information used for marketing, here.
Cookies
In accordance with applicable law, we use, and allow certain third parties to use, various technologies to collect, store, and process information, including cookies, pixel tags, databases, and similar tracking technologies (collectively, “cookies”) on our Site.
- What are cookies? Cookies are small amounts of data that are stored in your web browser, on your device, or on the webpage you are viewing to make websites work more efficiently and otherwise gather information. More information about cookies and how they work is available at: www.allaboutcookies.org.
- How do we use cookies? We use cookies to provide our Site and services, to gather information about your usage patterns when you navigate this Site in order to enhance your personalized experience, and to understand usage patterns to improve our Site, products, and services. You may also find other parties’ cookies on our Site. Some third-party cookies are used to track a particular user’s activity across the Internet. This information is used to provide advertising tailored to your interests on websites you visit, also known as interest-based advertising, and to analyze the effectiveness of such advertising. Cookies on our Site are generally divided into the following categories:
- Strictly Necessary Cookies: Strictly necessary cookies that are required for the operation of our Site (e.g., cookies that enable you to login to secure areas of our Site).
- Analytical/Performance Cookies: We may use analytical/performance cookies that allow us to recognize and count the number of users of our Site, and help us to improve the functionality of our Site (e.g., cookies that allow us to analyze how users navigate through our Site, which helps us to determine whether users are able to easily find what they are seeking). Note that our Site uses Google Analytics for these purposes.
- What are your options if you do not want cookies on your device? To exercise choices with regard to certain cookies (e.g., disable, delete), you can review your Internet browser settings, typically under the “Help” or “Internet Options” sections. Please note that our Site relies on some cookies to function properly, and some features of our Site may not function properly without them.
To learn more about the use of cookies for Google analytics and to exercise choice regarding such cookies, please visit: https://tools.google.com/dlpage/gaoptout.
To learn more about certain cookies used for interest-based advertising, including through cross-device tracking, and to exercise choices regarding such cookies, please visit the following websites (or your device settings for mobile applications):
Digital Advertising Alliance (http://optout.aboutads.info/)
Network Advertising Initiative (http://optout.networkadvertising.org/)
EU Interactive Digital Advertising Alliance (http://www.youronlinechoices.eu)
Digital Advertising Alliance-Canada (http://youradchoices.ca/choices/)
United States Data Subject Rights
Certain laws, including but not limited to, the California Privacy Rights Act and the Virginia Consumer Data Protection Act grant you rights to control your Personal Information. Consistent with these laws, ORS gives you options to access, edit, or remove certain information, as well as choices about how we contact you. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances.
- Right to Know and Access Information. Note that much of the information you are entitled to know or access is disclosed in this Privacy & Cookie Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific Personal Information we associate with you or your account.
- Right to Data Portability. If you request a copy of your specific information then we will provide it in an easily accessible format.
- Right to Deletion or Erasure. You may request that we delete the Personal Information we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it.
- Right to Correct Information. You may request we correct or rectify inaccurate information we have collected about you.
- Right to Limit Use of Information for Advertising. You may opt-out of our use of your Personal Information for advertising purposes.
- Right to Withdraw Consent. You may withdraw your consent to our data privacy practices.
- Right to Non-Discrimination. You have the right to not experience discrimination from us for exercising the rights listed in this section. What we mean by discrimination is denying you access to our services or limiting the quality of our services. However, limiting use of, or deleting, your Personal Information may restrict the purposes or uses that rely on that information. If you need further assistance, you can contact ORS through one of the channels listed below under “Contact.”
In addition to these rights, pursuant to California’s “Shine the Light” law, California residents who share Personal Information with us have the right to request and obtain from us once per year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you would like to exercise this right, please use the contact information listed below to contact us.
You may freely exercise these rights without fear of being denied goods or services. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your Personal Information.
If you would like to exercise one of your rights, please fill out and submit the request form here.
European Union/UK Data Subject Rights
Certain laws, including but not limited to, the General Data Protection Regulation grant you rights to control your Personal Information (personal data) , including choices and means available you to limit the use and disclosure of your Personal Information. Consistent with these laws, ORS gives you options to access, edit, or remove certain information, as well as choices about how we contact you. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances.
To the extent that such rights are mandated by the laws applicable to the individual data subject, the following rights may apply:
- Right to access. Note that much of the information you are entitled to know or access is disclosed in this Privacy Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific personal information we associate with you or your account.
- Right to rectification. You may request we correct or rectify inaccurate information we have collected about you.
- Right to erasure. You may request that we delete the personal information we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it.
- Right to restrict processing. If we process your information based on our legitimate interests as explained in this Privacy Notice, you may have the right to restrict processing in certain circumstances.
- Right to object. If we process your information based on our legitimate interests as explained in this Privacy Notice, or in the public interest, you can object to this processing in certain circumstances. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or changing your account settings.
- Right to data portability. If you request a copy of your specific information then we will provide it in an easily accessible format.
- Right to lodge a complaint with an appropriate data privacy regulatory authority. You may be entitled to lodge a complaint with your data privacy regulatory authority.
If you would like to exercise one of your rights, please fill out and submit the request form here.
Brazil Data Subject Rights
Certain laws, including but not limited to, the Brazilian General Data Protection Law (LGPD) grant you rights to control your personal information. Consistent with these laws, ORS gives you options to access, edit, or remove certain information, as well as choices about how we contact you. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances.
To the extent that such rights are mandated by the laws applicable to the individual data subject, the following rights may apply:
- Anonymization, Blocking, or Deletion. You have the right to request that we anonymize, block (restrict) from processing, or delete unnecessary or excessive personal data or personal data processed in violation of the LGPD.
- Information About Recipients. You have the right to request information about the public and private entities with whom we shared your personal data.
- Possibility to Decline Consent or Revoke Prior Consent. You have the right to information regarding the possibility to decline providing consent to processing your personal data where we seek your consent, and the consequences of declining consent.
- Automated Decision Making Information. You have the right to request for the review of decisions made solely based on automated processing of your personal data affecting your interests, including decisions intended to define your personal, professional, consumer and credit profile, or aspects of your personality.
- Right to Know and Access Information. Note that much of the information you are entitled to know or access is disclosed in this Privacy & Cookie Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific Personal Information we associate with you or your account.
- Right to Data Portability. If you request a copy of your specific information then we will provide it in an easily accessible format.
- Right to Correct Information. You may request we correct or rectify inaccurate information we have collected about you.
- Right to Limit Use of Information for Advertising. You may opt-out of our use of your Personal Information for advertising purposes.
If you would like to exercise one of your rights, please fill out and submit the request form here.
Data Security
We maintain physical, technical, and organizational measures to protect Personal Information against loss and unauthorized access, use, destruction, modification, or disclosure, appropriate to the level of risk and sensitivity of the Personal Information. However, you also have an important role in protecting your Personal Data because no degree of preventive security measures can guarantee against compromise. You should not share your user name or password with anyone, and you should not reuse passwords across more than one website. If you have reason to believe that the data you have shared with us has been breached, please immediately notify us here.
Cross-Border Data Transfers
Our Site is operated in the US. If you are located outside the US, Personal Information will be transferred to the US, a jurisdiction that may not provide an equivalent level of protection as your home jurisdiction. Cross-border transfer is therefore necessary for the conclusion or performance of a transaction that you are requesting, and for the establishment, exercise, and defense of legal claims.
Data Privacy Framework
Organ Recovery Systems, Inc. (ORS) has self-certified its participation in the EU-U.S. Data Privacy Framework (DPF) and UK Extension to the EU-U.S. DPF.
A full list of participating businesses can be found at https://www.dataprivacyframework.gov/
ORS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. ORS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF and UK Extension to the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .
The Federal Trade Commission has jurisdiction over ORS’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF. In certain situations, ORS may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Moreover, ORS may establish alternative grounds for transferring Personal Information, depending on the particular data flows, such as the execution of Standard Contractual Clauses.
ORS’s accountability for Personal Information that it receives under the DPF and subsequently transfers to a third party is described in the DPF Principles. ORS remains responsible and liable under the DPF Principles if ORS’s third-party agents process Personal Information on ORS’s behalf in a manner inconsistent with the Principles, unless ORS demonstrates that it is not responsible for the event giving rise to the damage.
In compliance with the Principles, ORS commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this Privacy Policy should first contact ORS at orsprivacy@organ-recovery.com.
ORS has further committed to refer unresolved privacy complaints related to non-human resources data under the DPF Principles to an independent dispute resolution mechanism, the JAMS Data Privacy Framework (DPF) Dispute Resolution , operated by JAMS ADR. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by ORS, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ORS commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
ORS acknowledges the rights of EU and UK individuals related to their Personal Information. Individuals wishing to exercise those rights should refer to the rights section
Third Party Services
This Privacy & Cookie Notice applies only to our website and other services. Our website may contain links to other websites including those that permit online transactions. We have no control over the privacy practices or the content of any of our business partners, advertisers, sponsors, or other third parties we link to from our website. ORS does not endorse, approve, or certify these other websites, and we do not guarantee the accuracy, completeness, efficacy, or timeliness of the information contained on those websites. You should check the applicable Privacy & Cookie Notice of the website sponsor when linking to other websites.
Legal Basis for Processing Personal Information
We rely on the following legal grounds for the processing of Personal Information:
- Performance of a transaction with you (e.g., responding to your order requests);
- Compliance with legal obligations (e.g., keeping records to substantiate tax liabilities);
- Consent where required by applicable law (e.g., for the purposes of using certain cookies in limited jurisdictions); and
- For our legitimate business interests (e.g., where necessary to maintain our business generally or, subject to your objection rights, provide relevant marketing).
Age Restrictions
ORS takes children’s privacy seriously. By accepting the Privacy & Cookie Notice through your use of our website or services, you certify that you are 18 years of age or older.
ORS does not have actual knowledge of any Personal Information about individuals under the age of 18 whose information has been collected through our website or services. If we become aware that a person submitting information to us is a minor, we delete the information as soon as we discover it and do not use it for any purpose nor disclose it to third parties. If you are a parent or guardian concerned that your child may have provided Personal Information to us, please contact us using the methods listed below.
Changes to Privacy & Cookie Notice
We may update or change this Privacy & Cookie Notice from time to time. We will post the changes on our website and will indicate the effective date. Your continued use of our website or our services after the changes are effective constitutes your acceptance of the Privacy & Cookie Notice.
Contact Us
If you have any questions or comments about this Privacy & Cookies Statement, or if you would like to request rights or a copy of the appropriate safeguards concerning Personal Information, you may contact us here or at the address below.
Organ Recovery Systems
Attn: Compliance Manager
One Pierce Place, Suite 475W
Itasca, IL 60143
Updated 07/26/2024