REVA Medical, Inc. (“REVA” or “the Company”) is a medical device company focused on the development and commercialization of bioresorbable polymer technologies for vascular applications. This Privacy Notice describes our commitment to safeguard your privacy and (1) the types of personal information we collect, (2) how we collect, use, disclose, transfer and store the information, and (3) your rights as it relates to your personal information.  If you have any questions regarding this Privacy Notice please contact our Data Protection Administrator at dataprotection@revamedical.com.

What is Personal Information?

Personal Information means any information relating to an identified or identifiable natural person, such as a name, address, email addresses and emails, voice and video recordings, or a copy of a passport.  It can also include financial data or copies of emails and contracts, provided that such information relates to a natural person.

What Personal Information Do We Collect?

We collect personal information from you if you request information about REVA or our products, sign up for our email alerts or our newsletter, purchase or use our products, or request customer support.

If you visit our website, you may browse many areas without providing any personal information. Please see our Cookies notice below. Should you choose to contact us, depending upon your request, you will be asked to provide contact information such as your name, email address, phone number and mailing address.

We also collect the person information of job applicants for hiring purposes.  If you contact us about an employment position with REVA, you will be asked to provide personal information that may include contact information such as your name, email address, mailing address, and phone number, the position of interest to you, your qualifications and experience including prior job history and education, references, and you may choose to submit other personal information.

We never ask for personal information related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences unless it is required by law.

If you are interested in purchasing/using or you purchase/use our products or services, we may ask for your contact information including your name, email address, phone number and mailing address, and your professional qualifications, including profession, clinical affiliation, and/or license number.

If you or your organization provides goods or services to our company, we may require your contact information, including your name, email address, phone number and business mailing address, and we may ask for video or voice recordings, and/or statements relating to our products.

If you are a patient and you choose to provide a testimonial about our products, you may provide us with your contact information, including your name, phone number, email address, mailing address, as well as images, video or voice recordings, and/or statements relating to your health.

Not all of the personal information REVA holds about you will always come directly from you. It may, for example, come from your employer, other organizations to which you belong, or a professional service provider such as your tax or accounting professional or attorney.

Why Do We Collect and Use Personal Information?

The personal information collected by REVA is used for our business purposes and in accordance with the European General Data Protection Regulation (GDPR) and the data protections laws of the jurisdictions in which we operate.  REVA collects and processes your personal data for the purposes of identifying employment candidates, managing customer and vendor relationships, paying vendors for goods and services provided to the Company, collecting payments for goods sold to customers, delivery of marketing materials, including patient testimonials, and disseminating public information related to the Company and its products.

In addition, REVA may share your information with third-party logistics companies, cloud storage providers, IT service providers, website service providers and credit check companies.  Any third-party entities are required to comply with our data protection policies and applicable law.  REVA will never sell your information to third parties.

REVA complies with its obligations under the GDPR by: (1) keeping personal information up to date; (2) storing it securely; (2) not collecting or retaining excessive amounts of information; (3) protecting personal information from loss, misuse, unauthorized access and disclosure; and (4) ensuring that appropriate technical measures are in place to protect personal information.

In all cases, REVA processes personal information only where: (1) the data subject provides consent; (2) processing is necessary in performance of a contractual or other legal obligation; (3) processing is necessary to protect vital interests of the data subject or another person; (4) processing is in the public interest; or (5) processing serves the legitimate interests of REVA.

Disclosure and Cross-Border Transfer of Personal Data

We store your personal information on our IT systems located in the United States and Europe. We transfer personal information to, or permit access to personal information from, any offices of our company or affiliates throughout the world, including in the United States, Europe and Australia.

We have engaged various data processors for the processing of your personal information on our behalf, including IT service providers and other business service providers. In some cases, we may need to disclose or transfer your personal information within REVA or to third parties in areas outside of your home country.  We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law.

We may be legally required to disclose your personal information in response to requests from regulators and law enforcement or security agencies. We will always assess the legitimacy of such requests before disclosing any personal information and will only disclose the personal information required to comply with such request.

We transfer personal information to, or permit access to personal information from, countries outside the European Economic Area (EEA). We will, in all circumstances, safeguard personal information as set out in this Privacy Notice.

You can request additional information about the specific safeguards applied to the export of personal information from our Data Protection Administrator at dataprotection@revamedical.com.

Cookies

Like most websites, the REVA website may use “cookies” to help us serve you better on future visits, help you avoid having to re-enter information, and help us improve the functions of our website. A cookie is a small file that the website places on your computer for future identification purposes. Cookies do not contain or transmit any personally identifiable information from your computer to our website. Should you choose to browse our website without using cookies, if you do not want us to be able to recognize your computer, then you can prevent cookies from being saved by disabling cookies from this website. Please note that it is possible that some features or services on our website may not fully function if cookies are disabled.

Our website makes use of the Google Analytics web service from Google, Inc. Google Analytics also utilizes cookies. Examples of the items of data collected include your operating system, your browser, your IP address, the REVA web page you accessed, and the time and date of your visit. The information generated by the text file (cookie) about the use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties when required to do so by law, or where such third parties process the information on Google’s behalf.

Safeguarding Your Information

Consistent with applicable laws and requirements (including the GDPR), REVA has put in place appropriate physical, electronic, and administrative safeguards to protect your personal information from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.

We restrict access to personal information to personnel and third parties that require access to such information for legitimate, relevant business purposes.

All our staff members, contractors and third parties who will have access to personal information on our instructions will be bound to confidentiality and we use access controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.

Our Commitment to Children’s Privacy

This website is not intended for use by children under 16 years of age. No one under age 16 may provide any information to our website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this website. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact dataprotection@revamedical.com.

California Privacy Rights

California Civil Code Section § 1798.83 entitles California residents to request information concerning whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. To make such a request, please contact dataprotection@revamedical.com. Be sure to include your name and address. If you would like a response via email, please include an email address. Otherwise, we will respond by postal mail within the time required by law.

Right to Unsubscribe

You have the right to unsubscribe from any services that we offer if you no longer want to participate. To do so, please Contact Us on this website for additional information. Please note that if you already have requested products or services when you decide to withdraw consent, there may be a short period of time for us to update your preferences and ensure that we honour your request.

Links to Other Websites

This Notice applies only to www.revamedical.com. Our website may contain links to other websites that are neither owned nor operated by REVA. You should carefully review the privacy policies and practices of other websites, as we cannot control and are not responsible for privacy policies or practices of third-party websites that are not ours.

Limiting Collection and Retention

We collect, use, disclose and otherwise process your personal information that is necessary for the purposes identified in this Privacy Notice or as permitted by the GDPR. If we require personal information for a purpose that differs from the purposes we identified in this Privacy Notice, we will notify you of the new purpose and, where required, ask for your consent to process personal information for the new purposes.

Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the personal information was collected, and any other permissible, related purpose. For example, we retain your personal information for the periods necessary to comply with our legal obligations (including notification of recalls, law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfil your request to “unsubscribe” from further messages from us.

Your Rights and Complaints

We strive to maintain personal information that is accurate, complete and current.

Under the GDPR, individuals in the EU have certain rights in relation to your personal information. These rights are described below. If you wish to exercise one these rights, please contact our Data Protection Administrator at dataprotection@revamedical.com. To ensure an efficient follow-up, we kindly ask you to specify your request and to indicate to which personal information your request relates.

You have the following rights (please be aware that certain exceptions apply to the exercise of these rights and so you may not be able to exercise these in all situations):

  • Right of access: you have the right to obtain confirmation as to whether or not personal information concerning you is being processed, and, where that is the case, to obtain a copy of the personal information we maintain about you.
  • Correction: you may ask us to correct any inaccurate personal information that we process.
  • Erasure: you may ask us to delete personal information that we no longer have a legal ground to process.
  • Restriction: you may ask us to mark certain personal information as restricted whilst complaints are resolved and also ask for restriction of processing under certain other circumstances.
  • Portability: you can ask us to transmit the personal information that you have provided to us and we still hold about you to a third party electronically.

In addition, under certain conditions, you have the right to:

  • where processing is based on consent, withdraw the consent;
  • object to any processing of personal information that REVA justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
  • object to direct marketing at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will respond to most requests within 45 days.

If you have questions or concerns about this Privacy Notice or REVA’s processing of personal information, we kindly ask you to first contact our Data Protection Administrator at dataprotection@revamedical.com. In addition, individuals in the EU always have the right to contact the applicable National Data Protection Authority, whose contact information can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Changes to This Privacy Notice

As we continue to provide additional services and as the privacy laws and regulations evolve, it may be necessary to revise or update this Notice. We encourage you to review this Notice from time to time, as you return to our website, so that you are familiar with any changes.

 If you have any questions about this Privacy Notice or the practices of this website, please contact our Data Protection Administrator at dataprotection@revamedical.com.

Contact Us

If you have any questions about this Privacy Notice or the practice of the website, please contact our Data Protection Administrator at dataprotection@revamedical.com or the Company at via Contact Us on this website. You may also write to us at:

REVA Medical, Inc.

Attn: Brandi Roberts, Data Protection Administrator

5751 Copley Drive

San Diego, CA 92111

Effective Date:  May 25, 2018