Privacy Policy | Treace Medical Concepts, Inc.

Privacy Policy

Effective November 1, 2020

This Privacy Policy (the “Privacy Policy”) describes how Treace Medical Concepts, Inc. (“Treace,” “we,” “us,” or “our”) and our affiliated entities collect, use, and share your personal information. This Privacy Policy applies to your use of our websites (including www.treace.com, www.Lapiplasty.com, www.AlignMyToe.com, and www.LapiplastyOutreach.com), and all other digital and online services provided by us, as well as information collected offline (collectively, our “Services”), and describes our privacy practices relating to the Services.

We value your privacy, and are committed to protecting your personal information. Please review this Policy in order to understand how we collect, use, and share personal information.

Personal Information We Collect About You

“Personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, deidentified, or aggregated.

The categories of Personal Information we collect include:

  • Identifiers such as your name, address, zip code, telephone number, email address, date of birth, and IP address;
  • Membership in a protected class, including sex and age;
  • Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Biometric information, such as x-rays;
  • Information relating to internet and other electronic network activity, including browsing history, search history and information regarding your interactions with our websites, Services, or advertisements;
  • Geolocation data;
  • Audiovisual information;
  • Professional and employment-related information;
  • Information about your medical conditions, treatment, payment, and insurance coverage;
  • Inferences from any of the above that may reflect your preferences, characteristics, trends, predispositions, behavior, or attitudes.

Patient Health Information
In performing our core functions, we are not a covered entity or a business associate as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”). However, we routinely conduct business with medical practices , and, as a result, situations arise when we may receive and store identifiable patient health information. We do so in accordance with applicable laws, rules and regulations, including those under HIPAA and the HITECH Act. For more information on your healthcare provider’s information-sharing practices, please contact the provider’s office.
Back to Table of Contents

How We Collect Personal Information

We collect your personal information through various means, including when you directly provide information to us, from your healthcare providers, and when we automatically collect information about you through your use of our Services.

Information You Provide to Us
We may collect personal information you provide directly to us, including:

  • When you, or someone on your behalf:
    • Submit information through our website;
    • Submit information to us via email, telephone, or online chat;
    • Complete an assessment to determine if you are a candidate for our products/services;
    • Register or maintain an account with us;
    • Register for one of our webinars, meetings, presentations, or conferences;
    • Submit a Patient Story, testimonial, photo, or video to us;
    • Post comments to our online communities;
    • Do business with us as a medical provider or practice;
    • Apply for employment with us;
    • Obtain technical support or speak with our customer service representatives;
    • Participate in a survey, marketing promotion; or
    • Connect with us via social media.

Information We Collect Automatically
In addition to information you provide to us, we and our agents, vendors, business partners, and consultants (collectively “Service Providers”) may collect information automatically about our Services and how you use them. Examples of the types of personal information collected automatically when using the Services include:

  • IP address;
  • Browser type and language, operating system, access time, duration of visit, and referring website address;
  • The pages you view within our websites, search terms you enter, and other actions you take while visiting us;
  • The pages you view immediately before and after you access our Services;
  • Information related to whether you’ve opened an email or clicked on a link contained in an email;
  • Information from a referring source (an advertising site, a blog, a social media site, etc.);
  • Information from surveys and promotions;
  • Information from content you post or share publically on discussion forums or other social media pages (including the content you post, your name, and a link to your profile) may be shared across our Services and in other public or private areas of the Internet.

Cookies and Tracking Technologies
We and our Service Providers may use cookies, tracking pixels, or other tracking technologies to collect and store information about your interactions with our Services. Cookies are small files that a website or a third party transfers to a computer’s hard drive through a web browser that enable the site’s or service provider’s systems to recognize the user’s browser and capture and remember certain information about the user. Tracking pixels are small, often-transparent graphic images that can be embedded in web pages, videos, or emails, and can allow a web server to collect information about you such as whether you have viewed a particular web page or email message.

In general, we and our Service Providers use cookies, pixels, and other tracking technologies (such as web beacons and HTTP referrers) to optimize the functionality of the Services, to help us understand how the Services are used, and to provide users with interest-based content or advertising based on their browsing activities.

For more information about cookies, including how to set your browser to refuse cookies and how to remove cookies from your browser, visit www.allaboutcookies.org.
Back to Table of Contents

How We Use Personal Information

We use your Personal Information for the following purposes:

  • To help you determine if you may be a candidate for our products/services;
  • To assist you with finding a doctor qualified to perform a procedure using our products/services;
  • To respond to questions, requests, and comments from you;
  • To provide you with downloadable information about our products/services;
  • To send educational information about bunions and our products/services;
  • To send promotional offers and advertisements regarding our products/services;
  • To operate and improve our websites and Services;
  • For customer service, security, and to detect, prevent and mitigate fraudulent, harmful or illegal activities;
  • For purposes of hiring and employment with us;
  • We may aggregate or de-identify your Personal Information so that it can no longer be linked to you. Aggregated/de-identified information may be used for any purpose.

Back to Table of Contents

How We Share Your Personal Information

We share Personal Information internally among our websites, and with our contractors, business partners, physician network and Service Providers. We may also share Personal Information if necessary for legal reasons, or to protect the rights, privacy, safety or security of you, us, our Services or websites. We do not sell Personal Information.

Service Providers
We engage third-party service providers to help us design and operate our websites and Services, understand how users interact with our websites and Services, improve website security, and assist us with marketing our Services through social media and email marketing. Our Service Providers may use cookies, tracking pixels, and similar technologies to collect information about your use of our websites as well as information about your use of other websites over time. Our Service Providers include Google and Facebook.

Google Analytics
We use Google Analytics to help us analyze user activity on our websites. Google Analytics uses cookies to generate information about your use of our websites, compiling reports on website activity, and providing other information related to user activity and Internet usage. If you want to know more about how data is collected, used and shared by Google, please review Google’s Privacy Policy. You may prevent Google Analytics from collecting your information by disabling cookies on your browser or by opting-out of Google’s use of cookies via the Google Analytics Opt-out Page at https://tools.google.com/dlpage/gaoptout.

Ads on Third-Party Sites
We share personal information with third-party sites (such as Google, Facebook, Instagram, LinkedIn, YouTube, and Twitter) to market our products and services to you while you are browsing the internet or using social media. For more information on how these sites use your personal information to target advertising to you, please visit their websites.

Public Forums, Testimonials, and Patient Stories
We offer features on our websites that allow users to connect and share their stories. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these communities or sharing your information, photos, or videos with others.

Please be aware that any Personal Information you choose to submit in any Patient Stories, communities, forums, or reviews can be read, collected, or used by others, and could be used to send unsolicited messages to you. Despite our safety and privacy controls, we cannot guarantee that you will not encounter inappropriate or illegal conduct from others when using the Services. You can help us to make our websites (including public forums) welcoming for all users by reporting any offensive or unwelcome conduct to us.

We may engage our Service Providers to assist in providing community services to you.
Back to Table of Contents

Online Chat

Some of our websites offer an online chat feature where you can ask questions and get real-time answers about our products/services. We use service providers to help us run our online chat feature. If you choose to use this feature, the content of the chat messages as well as your name, email address, and other personal information you provide may be shared with our chat service providers.
Back to Table of Contents

Our Websites Are Not Intended for Children

Our websites are not intended for children nor targeted to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16. If we learn that we possess information from a child under the age of 16, we will delete such information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws. If you are a parent or guardian and you believe that your child under the age of 16 has provided us with Personal Information without your consent, please contact us at compliance@treace.net.
Back to Table of Contents

Email Communications

From time to time, we and our Service Providers may send you email communications marketing our Services. You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or by sending us a request to unsubscribe to compliance@treace.net. If you opt-out of receiving our marketing email communications, we may still send you email messages related to your account with us, including specific transactions or interactions with our Services.
Back to Table of Contents

Do Not Track

We do not currently have the technology to automatically respond to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms

Our Service Providers, such as Google, may collect data that relates to you on our websites, across time, and over other websites. Their responsiveness to do-not-track signals is governed by their privacy policies. You also may limit certain tracking by disabling cookies in your web browser. For more information on Do Not Track, please visit https://allaboutdnt.com/.
Back to Table of Contents

Information Security

We have implemented appropriate and reasonable physical, technical, and administrative safeguards to help prevent unauthorized access to, use of, and disclosure of, your Personal Information. However, there is no perfect security, and we cannot guarantee the security of your Personal Information. You are responsible for maintaining the secrecy of any credentials used to access your account with us and you should report suspected unauthorized activity to us immediately.
Back to Table of Contents

Your California Privacy Rights

If you are a resident of California, your right to submit certain requests relating to your personal information is described below. Please note that when submitting a request, you will be asked to provide information to verify your identity before action is taken. You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below.

Right to Opt Out of the Sale of Your Personal Information
California residents have the right to opt out of the sale of their personal information. However, since we do not sell Personal Information, there is no need to submit such a request to us. If you have any questions, please reach out to us by email at compliance@treace.net or by calling us at 1-877-360-3232.

Right to Request More Information
If you are a California resident, you have the right to request more information regarding the following, to the extent applicable:

  1. The categories of personal information we have collected about you;
  2. The categories of sources from which the personal information was collected;
  3. Our business or commercial purposes for collecting your personal information;
  4. The categories of third parties with which we share your personal information;
  5. The categories of personal information that we disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information;
  6. The specific pieces of personal information we have collected about you;
  7. A list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.

You may submit a request for the information above via email to complianc@treace.net or by calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.

Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can and no later than legally required.

Right to Request Deletion of Your Personal Information
California residents also have the right to request that we delete your Personal Information collected or maintained by us. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records, and we will direct any Service Providers (such as Google Analytics) that may have collected personal information about you through our websites to delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct Service Providers to delete your Personal Information from their records. For example, if we need to: (1) retain your Personal Information to complete a transaction or provide services; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; or (5) comply with a legal obligation. You may submit a request to delete your personal information by via email to compliance@treace.net or calling us at 1-877-360-3232. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.

Verification of Requests for Further Information or to Delete Personal Information
Upon submission of a request for information or a request to delete information, we will take reasonable steps to confirm that the person submitting the request to know or request to delete is the person to whom the information relates, and to prevent unauthorized access or deletion of information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the robustness of personal information provided to verify your identity, the nature of our business relationship with you, and available technology for verification.

We will generally try to avoid requesting additional information from you for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law.

The following generally describes the verification processes we use:

  • Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
  • Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
    • For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
    • For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
    • For requests to delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.

If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.

Right to Non-Discrimination for the Exercise of Your Privacy Rights
If you choose to exercise any of the privacy rights conferred by the California Consumer Privacy Act of 2018, you also have the right not to receive discriminatory treatment by us. This means that, consistent with California law, we will not deny providing our services to you, charge you different prices or provide a different level or quality of services to you unless those differences are related to the value of your personal information.
Back to Table of Contents

Nevada Privacy Notice

Nevada law provides that Nevada residents may opt-out of the “sale” of “covered information” to third parties, including but not limited to name, address, social security number, and online service activity. Our uses of your Personal Information are not sales under Nevada law, so no opt-out is required.
Back to Table of Contents

Changes to Our Privacy Policy

We may change this Privacy Policy at our sole discretion at any time. It is your responsibility to review our Privacy Policy each time you use our Services or provide Personal Information to us.
Back to Table of Contents

How to Contact Us

If you have any comments or questions about how we collect and use your Personal Information, communications can be submitted to our postal address, via email to compliance@treace.net, or by calling us at 1-877-360-3232.

Treace Medical Concepts, Inc.
203 Fort Wade Road, Suite 150
Ponte Vedra, FL 32081

Back to Table of Contents

M1031