Axogen Corporation global privacy statement
Axogen Corporation, its parent and affiliates (“Axogen”) are committed to protecting the privacy of Personal Information we may collect or obtain in the course of business from individuals inside or outside the organisation. This Global Privacy Statement (“Privacy Statement”) describes the type of Personal Information Axogen may collect, how we may use and share that information, and how you can correct or change such information. By using Axogen’s website www.axogeninc.com and any and all other or future websites operated by or on behalf of Axogen (the “Sites”), you signify your acceptance of the terms in this Privacy Statement. This Privacy Statement is incorporated and made part of Axogen’s Site Terms and Conditions. If you do not agree to any of the terms of this Privacy Statement, you should not use the Site.
Axogen may amend this Privacy Statement at any time. All amended terms automatically take effect when they are posted on the Site and shall only apply to information collected after the date of the change. You agree that notice on the Site of changes to the policy is sufficient notice. Your continued use of the Site following the posting of changes to this Privacy Statement will mean that you accept those changes
This Privacy Statement describes the ways Axogen manages Personal Information it may receive: (i) in the course of its business operations involving current, prospective, and former customers (collectively, “Customers”); (ii) from visitors of Axogen offices, websites, or events; (iii) from prospective employees in connection with employment applications; and (iv) in the course of interactions with its current, prospective, and former suppliers, vendors, subcontractors, and other business partners (collectively, “Suppliers”), including in each such case on the Sites. All individuals and entities that Process Personal Information on behalf of Axogen are expected to protect Personal Information in adherence to this Privacy Statement.
1.3 Key terms
“Controller” has the meaning set forth in the Regulation (EU) 2016/679 (“GDPR”);
“Data Protection Laws” means the European Economic Area;
“Data Subject” means any person whose Personal Information is the subject of Processing.
“GDPR” means Regulation (EU) 2016/679;
“Personal Data” or “Personal Information” has the meaning set forth in the GDPR.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, acquisition, holding, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
“Processor” has the meaning set forth in the GDPR;
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding individuals located in the EEA that is classified as a “Special Category of Personal Data” under European Union or EEA member state law, which consists of the following data elements:
(1) race or ethnic origin;
(2) political opinions;
(3) religious or philosophical beliefs;
(4) trade union membership;
(5) genetic data;
(6) biometric data where Processed to uniquely identify a person;
(7) health information; and
(8) sexual orientation or information about the individual’s sex life.
“Supervisory Authority” means an independent public authority established in a local country within the European Union pursuant to GDPR Article 51.
“Supervisory Authority Concerned” means a Supervisory Authority which is concerned with the Processing of Personal Information because: (a) the Controller or Processor is established on the territory of the member state of that Supervisory Authority; (b) data subjects residing in the member state of that Supervisory Authority are substantially affected or likely to be substantially affected by the Processing; or (c) a complaint has been lodged with that Supervisory Authority.
“Third Party” is any natural or legal person, public authority, agency, or body other than the Data Subject, Axogen, or Axogen’s agents.
2.1 The personal information we collect and how we use it
The types of Personal Information Axogen may collect (directly from you or Third Parties) depend on the nature of the relationship that you have with Axogen and the requirements of applicable law. We collect only information relevant for the purposes of Processing. We do not engage in automated decision making when Processing your Personal Information. Below are the legal bases for Processing Personal Information, some of the ways we collect information and how we use it.
Information Axogen collects from or on behalf of its Customers includes name, title, address, phone number, email address, business or company affiliation, user name and, if you have access to any of our secure on-line resources, an answer to a security question, password, credit card, and other financial information related to payments for services or goods and other details Customers may provide.
We Process Personal Information about or on behalf of Customers for a variety of business purposes, including but not limited to:
- Processing Customer orders;
- generally managing Customer information;
- responding to Customer questions and requests;
- providing access to certain areas and features of the Sites;
- verifying Customer identity;
- communicating about Customer accounts and activities on the Sites and systems and, at Axogen’s discretion, changes to any Axogen policy;
- tailoring content, publications, and advertisements and offering what we believe may be of interest to Customers;
- processing transactions and payments for products purchased by Customers;
- improving Axogen Sites and systems; and
- for further purposes disclosed at the time that Customers provide Personal Information, or otherwise with consent.
The information Axogen collects from its Suppliers relates to the management of these relationships and the exchange and fulfilment of requested products and services. Such information may include name, title, address, phone number, email address, invoicing and other payment information, and agreements executed with Axogen.
We Process Personal Information about Suppliers for a variety of business purposes, including but not limited to:
- generally managing Supplier information;
- responding to questions and requests;
- providing access to certain areas and features of the Sites;
- verifying Supplier identity;
- communicating about Supplier accounts and activities, including activities on Axogen Sites and systems, and, in Axogen’s discretion, changes to any Axogen policy;
- processing payments for products or services purchased by Axogen;
- improving Axogen Sites and systems;
- developing new products, processes and services;
- processing applications and transactions; and
- further purposes disclosed at the time Suppliers provide Personal Information, or otherwise with consent of the Supplier.
If you visit an Axogen office, we may collect Personal Information about you, including, but not limited to, your name, title, address, phone number, email address, business or company affiliation, government identification (driver’s license, passport), and other details you provide. We Process this information for a variety of purposes, including to verify your identity, to provide access to Axogen facilities and systems, for security and other safety purposes, to communicate with you regarding your visit, to provide information we believe may be of interest to you, and for purposes disclosed at the time you provide Personal Information, or otherwise with your consent.
If you submit Personal Information via the Sites or otherwise to inquire about or apply for a position at Axogen, we will Process such Personal Information solely for the purposes of considering applications and recruitment (and for purposes of our administration or management if you commence work for Axogen).
Social Media Activities
Axogen may collect Personal Information to enable Data Subjects to use on-line social media resources, which may include posting or sharing Personal Information with others. When using these resources, you should consider what Personal Information you share with others.
Information from Third-Party Sources
Axogen may collect information about you from Third Party sources to supplement information provided by you. This supplemental information allows us to verify or supplement information that you have provided to Axogen and to enhance our ability to provide you with information about our business and services. Axogen’s agreements with these Third Parties typically limit how Axogen may use this supplemental information.
Direct Mail, Email and Other Forms of Electronic Communication
Customers and Suppliers that provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, mailings, or other forms of electronic communication from us with information on our company, products or other news or developments, or upcoming special events. Our Customers and Suppliers have the option to decline these communications at no cost.
Axogen may perform research (on-line and off-line) via surveys and may engage Third Parties to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected may be used or disclosed for research, analytics, and reporting purposes to help us to better serve Customers and Suppliers.
Users of Our Sites – Cookies, Similar Tools and Aggregate Information
Axogen may collect aggregate queries for internal reporting and targeted advertising. Axogen also counts, tracks and aggregates the visitor’s activity into Axogen’s analysis of general traffic flow at the Site. To these ends, Axogen may merge information about you into aggregated group data. In some cases, Axogen may remove personal identifiers from PII and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with Axogen’s affiliates, business partners, service providers and/or vendors; if it does so, Axogen will not disclose your individual identity.
We may receive certain health information of yours that is “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). When we receive protected health information, such information will be subject to the requirements under HIPAA and the HITECH Act, and the regulations effective under each of those Acts.
2.2 CHOICE/MODALITIES TO OPT OUT
You have the right to opt-out of certain uses and disclosures of your Personal Information, as set out in this Privacy Statement.
Where you have consented to Axogen’s Processing of your Personal Information or Sensitive Data, subject to applicable legal and ethical obligations that may apply to us and to our lawful ability to enforce our rights or your obligations to us, you may withdraw that consent at any time and opt-out. Additionally, before we use Personal Information for any new purpose not originally authorised by you, we will provide information regarding the new purpose and give you the opportunity to opt-in to such secondary uses. If you choose not to opt-in to our secondary use of your Personal Information, we will not Process it for that use.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorised subsequently by the Data Subject, Axogen will endeavour to obtain each Data Subject’s consent. Where consent of the Data Subject is required by law or contract, we will comply with the law or contract. For more information about how to consent to or withdraw consent for certain uses and disclosures of your Personal Information, please contact us.
An “Unsubscribe” button will be provided at the top or bottom of each email marketing communication sent by Axogen, so that you may opt out of further email communications. However, we will continue to send transaction-related emails regarding our relationship and the services you have requested.
You can also send your request via email to email@example.com.
You can mail your request to the following postal address: Axogen, Inc., 13631 Progress Blvd., Ste. 400, Alachua, FL 32615 (Attn: Privacy Officer)
2.3 Onward transfer
Information We Share
Axogen does not sell, rent, license or otherwise disclose Personal Information about you, except as described in this Privacy Statement or as you explicitly consent. Axogen may share Personal Information with our service providers and consultants for our internal business purposes or to provide you with a service that you have requested. Payment information will be used and shared only to effectuate your order and may be stored by a service provider for purposes of future orders. Axogen requires our service providers to agree in writing to maintain confidentiality and security of Personal Information they maintain on our behalf, including to provide at least the same level of protection as required by the GDPR, not to use it for any purpose other than the purpose for which Axogen retained them and to notify Axogen if they make a determination that they can no longer comply with that obligation. With respect to onward transfers to third-party agents under GDPR, GDPR requires that Axogen remains liable should such agents Process Personal Information in a manner inconsistent with the GDPR.
Axogen may disclose information about you: (i) if we are required to do so by law, court order, or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation or arbitration; (iv) to enforce Axogen policies, contracts, or other rights; (v) to collect amounts owed to Axogen; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if in good faith we believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes—e.g., to detect unauthorised activity on the Sites. In such cases, server log data containing IP addresses may be shared with law enforcement bodies, contractors, or consultants so that they may identify users in connection with their investigation of the unauthorised activities.
Axogen reserves the right to disclose or transfer any information we have about you in the event of a proposed or actual reorganisation, sale, lease, merger, joint venture, assignment, amalgamation, or any other type of acquisition, disposal, or financing of all or any portion of Axogen or of any of our assets (including should Axogen cease to trade, become insolvent, or enter into receivership or any similar event occur). Should such an event take place, we will endeavour to direct the transferee to use Personal Information in a manner that is consistent with this Privacy Statement.
Axogen is a global business with Clients and Suppliers located throughout the world. As a result, your Personal Information may be transferred to other Axogen offices, data centres, and servers in the United States, Europe, Asia and South America for the purposes identified. Any such transfer of Personal Information shall take place only in accordance with applicable law.
Axogen will take steps designed to comply with all applicable local laws when Processing Personal Information, including any local law conditions for and restrictions on the transfer of Personal Information. Axogen may also protect your data through other legally valid methods, including international data transfer agreements.
Axogen takes steps to ensure that appropriate technical and organisational security measures and safeguards are applied if transferring Personal Information outside of the EEA and that privacy rights outlined in this Privacy Statement are preserved. Axogen ensures that all transfers of Personal Information are subject to appropriate safeguards as defined by the regulation.
2.4 Individual rights of access and choice
Subject to applicable law, you may have the right to obtain confirmation regarding whether Axogen Processes Personal Information about you, request access to and receive information about the Personal Information we maintain about you, receive copies of the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, object to the Processing of your Personal Information, and have the information blocked, anonymised, or deleted, as appropriate. The right to access Personal Information may be limited in some circumstances by local law. To exercise these rights, please contact us.
Where otherwise permitted by applicable law, you may use any of the methods set out in this Privacy Statement to request access to, receive (port), or restrict Processing, seek rectification, or request erasure of Personal Information held about you by Axogen. Such requests will be processed in line with applicable laws. Although Axogen makes good faith efforts to provide individuals with access to their Personal Information, there may be circumstances in which Axogen is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the information is commercially proprietary. If Axogen determines that access should be restricted in any particular instance, we will endeavour to provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Axogen will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
Persons located within the EEA
Axogen adheres to applicable Data Protection Laws in the EEA, which, if applicable, practicable, and required under the GDPR, include the following rights:
- If the Processing of Personal Information is based on your consent, you have a right to withdraw consent at any time for future Processing;
- You have a right to request from us, where we act as a Controller as defined in the law, access to and rectification of your Personal Information;
- You have a right to object to the Processing of your Personal Information; and
- You have a right to lodge a complaint with a Supervisory Authority.
When we Process Personal Information about you, we do so with your consent or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our Customers, or fulfil other legitimate interests of Axogen, or otherwise as described in Section 2 (“Policy”) above. If we transfer Personal Information from the European Economic Area, we do so based on a variety of legal mechanisms, as described in Section 2.3 (“Onward Transfer”) above.
Axogen retains Personal Information that we receive for as long as necessary to fulfil the purpose(s) for which the information was collected, to provide our services and products and to resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with all applicable laws.
The security of all Personal Information provided to Axogen is important to us and we take reasonable steps designed to protect your Personal Information. Axogen maintains administrative, technical and physical safeguards designed to protect Personal Information that is received against accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure or use.
2.7 Other rights and important information
Links to Third Party Websites
Please note that our Sites may contain links to other websites for your convenience and information. Axogen does not control Third Party websites or their privacy practices, which may differ from those set out in this Privacy Statement. Axogen does not endorse or make any representations about Third Party websites. Any Personal Information you choose to give to these Third Parties is not covered by this Privacy Statement. Axogen encourages you to review the Privacy Statement of any company or website before submitting your Personal Information. Some Third Parties may choose to share their users’ Personal Information with Axogen; that sharing is governed by that company’s Privacy Statement, not Axogen’s Privacy Statement.
Changes to this Privacy Statement
Axogen may update this Privacy Statement from time to time as it deems necessary or appropriate in its sole discretion. If there are any material changes to this Privacy Statement, Axogen will notify you by email, by means of a notice on our Sites, or as otherwise required by applicable law. Axogen encourages you to periodically review this Privacy Statement to be informed regarding how Axogen is using and protecting your information and to be aware of any policy changes. Any changes to this Privacy Statement take effect immediately after being posted or otherwise provided by Axogen.
Children’s Privacy Protection
Axogen understands the importance of protecting children’s privacy in the interactive on-line world. The Site is not designed for and does not intentionally target children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 13.
Your California Privacy Rights
Under California’s Shine the Light law, California residents who provide Personal Information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the Personal Information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2019 will receive information regarding 2018 sharing activities).
To obtain this information from Axogen, please send an email message to firstname.lastname@example.org with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your email address in response. Not all information sharing is covered by the Shine the Light requirements, and only information on covered sharing will be included in our response.
2.8 Contact us
If you have any questions or comments regarding this Privacy Statement or Axogen’s privacy practices, or if you would like us to update information or preferences you provided to us, you may contact us at email@example.com.
If you believe that Axogen has not adequately resolved any such issues, you may contact the Supervisory Authority concerned.
If you have any questions about this Privacy Statement or about Axogen’s handling of your information, please contact privacy@axogenInc.com.