Advanced Brain Monitoring, Inc. (ABM) is a neuro-diagnostics device company internationally recognized for its innovative technologies. Our products are used by individuals, clinicians, researchers, and in clinical trials to interpret brain and physiological function as they relate to chronic diseases and early stage neurodegeneration, as well as to improve sleep quality and enhance performance. ABM is an ISO 13485 certified and FDA registered device manufacturer with a global distribution network established in Australia, Asia, Canada, and Europe. ABM is based in Carlsbad, CA, USA with a European office in Belgrade, Serbia.
PRIVACY COMMITMENT STATEMENT
ABM is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. Consistent with this commitment, ABM maintains compliance with several regulatory programs. We are dedicated to ensuring compliance with all of our products and services, as well as the underlying processing of personal data on behalf of our customers.
ABM is HIPAA compliant. HIPAA establishes standards for the security of electronic protected health information. We perform periodic technical and non-technical evaluations that establish the extent to which our security policies and procedures meet the HIPAA security requirements. Please visit the HHS website to learn more about HIPAA.
ABM is HITECH compliant. HITECH promotes the adoption and meaningful use of health information technology, as well as privacy and security concerns associated with the electronic transmission of health information. Please visit the HHS website to learn more about HITECH.
ABM maintains certifications for the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK and Gibraltar, and Switzerland to the U.S. Please visit the DPF website to view our certification and learn more about the Data Privacy Framework.
ABM is compliant with the EU GDPR, UK DPA/GDPR, and Swiss FADP. Compliance with these data protection regulations is an active process and will continue up to and after the enforcement date. These regulations provide a set of standardized data protection laws across the EU/EEA, the UK, and Switzerland, and are applicable to any organization collecting information from an individual residing in the EU/EEA, UK, and Switzerland, respectively, regardless of where the organization is located. Please visit the websites for the EU GDPR, UK DPA/GDPR, and Swiss FADP to learn more about these regulations.
ABM has appointed DataRep as its Data Protection Representative for the purposes of GDPR in the EU/EEA, The Data Protection Act 2018 / UK GDPR (as amended) in the UK, and the Federal Act on Data Protection (FADP) in Switzerland. See the Data Representative section below for more information.
INDIVIDUAL RIGHTS
Individuals have personal data rights to the following:
PERSONAL INFORMATION VOLUNTARILY SUBMITTED
This statement of privacy applies to the ABM website and governs data collection and usage. If you choose to provide ABM with personal information by completing a “Contact Us” form, we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.
All information included on the Contact Form is sent to Zoho, ABM’s third party customer relationship management (CRM) provider. Zoho initiates an email to ABM and an ABM representative reaches out to the individual requesting information. Once patient inquiries/requests have been satisfied, personal data is deleted from Zoho. ABM considers medical and research providers business to business (B2B) contacts. B2B contact information is saved in Zoho for further business development. For more information, please review Zoho’s Privacy Policy.
Occasionally, ABM will reach out to B2B contacts through a targeted marketing campaign to inform contacts regarding items such as new products or services, scientific findings, or press releases for FDA clearance.
WEB TOOLS
COOKIES
ABM’s website uses cookies. Cookies are small text files that can be used by websites to personalize a user’s online experience and make the experience more efficient. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer.
GDPR regulations state that we can store cookies on a user’s device if they are strictly necessary for the operation of our site. However, for all other types of cookies we need your permission. ABM employs Cookiebot service to help facilitate obtaining consent for the use of cookies. Cookiebot itself automatically sets up cookies in the user’s web browser when the user visits our website: The first-party cookie, “CookieConsent” which stores the user’s consent, expire automatically for renewal after 12 months from the date of the user’s consent. A user may withdraw a consent at any time by deleting the “CookieConsent” cookie. A user consent is logged and documented by registration of the user’s anonymized IP number, browser user agent, website URL, date and time of consent and a unique, encrypted key that is stored in a data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd in Dublin, Ireland.
THIRD PARTY LINKS AND FEATURES
The ABM website may contain links to third-party websites (such as social media sites) and may contain third-party plug-ins (such as the YouTube videos) and functionalities. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. ABM is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not ABM’s privacy policy. We urge you to read the privacy and security policies of these third parties.
SECURITY
ABM is committed to ensuring that personal information is secure. We have physical, electronic, and procedural safeguards that comply with regulations to protect personal information. ABM uses industry-standard encryption technology to protect privacy. We limit access of personal information to employees who we believe reasonably need to come into contact with such information to provide products or services in order to do their jobs.
For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.
DISCLOSURE
ABM does not sell, distribute, or lease personal information to third parties, ever.
ABM will disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on ABM or the site; (b) protect and define the rights or property of ABM; and (c) act under exigent circumstances to protect the personal safety of ABM website users, or the public.
RETENTION AND STORAGE
ABM retains personal information for no longer than necessary for the purpose for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it.
All information is stored on secured servers owned and operated by ABM. We use third party vendors to support our services, which includes an IT Security Consultant. We store backups off site with third party storage provider to ensure data security in case of an emergency or catastrophe. All IT services are governed by a written contract.
ASSIGNMENT
If ABM is acquired by or merges with another entity, our assets, including all proprietary intellectual property and information embedded in our services and any personal information stored in our databases, will likely be transferred to the new entity. By utilizing our services you acknowledge and agree that ABM may assign assets and any information stored therein in the event of such a transaction.
CONTACT US
In addition to understanding what information we collect, how we use information, with whom we share it, and how long we retain it, as detailed above, individuals have other rights as identified in the "Individual Rights" section. Should an individual desire to exercise one of these rights, or have any questions regarding our privacy policy, please contact ABM by email at privacy@b-alert.com. Note: Individuals from the EU/EEA, UK, and Switzerland also have the right to contact us through our GDPR/DPA/FADP representative, referenced in the section below.
DATA REPRESENTATIVE (EU/EEA, UK, AND SWITZERLAND INDIVIDUALS)
Advanced Brain Monitoring, Inc., which processes the personaldata of individuals in the European Union, European Economic Area, UK, and Switzerland, in either the role of 'data controller' or 'data processor', has appointed DataRep as its Data Protection Representative for the purposes of GDPR in the EU/EEA, The Data Protection Act 2018 / UK GDPR (as amended) in the UK, and FADP in Switzerland.
If Advanced Brain Monitoring, Inc. has processed or is processing your personal data, you may be entitled to exercise your rights under GDPR/FADP in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the national Data Protection Authority in your country, the European Commission in the EU (https://commission.europa.eu/law/law-topic/data-protection_en), the Information Commissioner’s Office in the UK (https://ico.org.uk/), or the Federal Data Protection and Information Commission in Switzerland (https://www.edoeb.admin.ch/en).
Advanced Brain Monitoring, Inc. takes the protection of personaldata seriously and has appointed DataRep as its Data Protection Representativein the European Union, United Kingdom, and Switzerland so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, Norway & Iceland in the European Economic Area (EEA), the UK, and Switzerland, so that Advanced Brain Monitoring, Inc.'s customers can always raise the questions they want with them.
If you want to send a personal data question to Advanced Brain Monitoring, Inc., or otherwise exercise your rights in respect of your personal data, you may do so by:
On receiving your correspondence, Advanced Brain Monitoring, Inc. is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.
If you have any concerns over how DataRep will handle the personal data they will require to undertake their services, please refer to their privacy notice at www.datarep.com/privacy-policy.
Note: When mailing personal data requests to DataRep, please ensure your request is addressed to 'DataRep', not ‘Advanced Brain Monitoring, Inc.’
DataRep Contact Addresses
Austria
DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium
DataRep, Rue des Colonies 11, Brussels, 1000
Bulgaria
DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia
DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus
DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic
DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic
Denmark
DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia
DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland
DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France
DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany
DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece
DataRep, Ippodamias Sq. 8, 4th floor, Piraeus, Attica, Greece
Hungary
DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland
DataRep, Laugavegur 13, 101 Reykjavik, Iceland
Ireland
DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy
DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia
DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein
DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania
DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg
DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta
DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands
DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway
DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland
DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal
DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania
DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia
DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia
DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain
DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden
DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
Switzerland
DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland
United Kingdom
DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom
Advanced Brain Monitoring Inc. ("Company") has adopted this Data Privacy Framework Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that the Company obtains from Customers located in the European Union, United Kingdom and Gibraltar, and Switzerland.
The Company complies with the EU-U.S. Data Privacy Framework (DPF), U.K. Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the US Department of Commerce. The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regards to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. The Company has certified to the U.S. Department of Commerce that it adheres to the UK Extension to the EU-U.S. Data Privacy Framework Principles with regards to the processing of personal data received from the United Kingdom and Gibraltar in reliance on the EU-U.S. DPF. The Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, UK Extension to the EU-U.S. DPF Principles, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction over the Company’s compliance with the Data Privacy Framework.
Definitions
“Personal Information” or “Information” means information that (1) is transferred from the EU, UK, Gibraltar, or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Principles
Notice
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected. To exercise any of these rights, contact us via the information provided in the product-specific policies linked in Appendix A.
Choice
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. To exercise any of these choices (opt-out or opt-in), contact us via the information provided in the product-specific policies linked in Appendix A.
Onward Transfers
Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company may store such Personal Data in the facilities operated by Third Parties. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. Company is liable for appropriate onward transfers of personal data to third parties. See Appendix A for links to product-specific policies including information about the identity of third parties and/or the purposes for which we disclose information.
Data Security
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. See Appendix A for links to product-specific policies.
Data Integrity
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. See Appendix A for links to product-specific policies.
Access
Company acknowledges the right of individuals to access their personal information. Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons than the individual would be violated. See Appendix A for links to product-specific policies.
Enforcement
Company uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using BBB National Programs Data Privacy Framework Services, operated by the Council of Better Business as a third party resolution provider.
Amendments
This privacy policy may be amended from time to time consistent with the requirements of the Data Privacy Privacy Framework. The revised policy will be posted on our website.
Information Subject to Other Policies
The Company is committed to following the Principles for all Personal Information within the scope of the Data Privacy Framework Agreement. The Company may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Collection and Use of Personal Data
This policy describes the principles we follow with respect to transfers of personal information belonging to personal information hosted on the Company’s Sleep Profiler and Night Shift Portal Systems, and personal information gathered on our website between countries in the European Union (EU), United Kingdom (UK) and Gibraltar, Switzerland, and the United States. See Appendix A for links to product-specific policies.
Privacy Complaints
In compliance with the EU-U.S. DPF Principles, UK Extension to the EU-U.S. DPF Principles, and the Swiss-U.S. DPF Principles, Advanced Brain Monitoring, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. Individuals in the European Union, United Kingdom, Gibraltar, and Switzerland with DPF inquiries or complaints should first contact:
Privacy Officer
Advanced Brain Monitoring Inc.
2237 Faraday Avenue, Suite 100 Carlsbad CA, 92008, USA
Privacy@b-alert.com
Advanced Brain Monitoring, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
Appendix A – Product-Specific Privacy Policies
1. Sleep Profiler Portal - Privacy Notice.
2. Night Shift Portal - Privacy Notice.
3. ABM Website - See Company Privacy Policy Tab
