ResMed Shop Privacy Notice

Effective as of March 16, 2021

About this Notice

Expedite, LLC ("Expedite", "we", "our", "us") is committed to protecting the privacy and security of your Personal Data (as defined below) and we want to be transparent about the types of Personal Data we collect about you and how we use it. The Shop.ResMed.com Privacy Notice (hereafter the "Notice"), explains how we collect, use and share any information gathered about you ("Personal Data", “Personal Information”) through your use of Shop.ResMed.com and its associated web pages (the "Site") and aims to inform you about the rights you can exercise with regard to our use of your Personal Data. This Notice also describes the measures we implement to protect your Personal Data.

The Site is managed by Expedite, LLC, headquartered at 9001 Spectrum Center Blvd, San Diego, CA 92123, who is the data controller for all Personal Data that is processed via the Site. For more information about the Site, please see the Terms of Use.

We intend for the products and services provided through the Site to be accessed only by users in the United States. Expedite reserves the right to limit access to products and services offered to users located outside of the United States. Users located outside of the United States will be unable to make purchases through the Site.

If you do not want Expedite to process any of your Personal Data through the Site, as set out in this Notice, you should not use the Site.

Personal Data we process, purposes, and legal basis

When you use the Site, we collect the following types of Personal Data about you, which we will process under the following purposes and legal basis:

Types of Personal Data	Processing purposes	Legal basis for processing
To offer you products and services through the Site
Identification data: name, surname Demographic data: gender, state of residence. Contact details: email address. Lifestyle data: information about your current sleep conditions. Prescription information / date of birth: information about sleep care products prescribed to you.	To address you in a more personalized way; To tailor transactional communications to you; To email you for transactional communications and reply to your inquiries; To tailor Site content and transactional communications with you; To confirm a valid prescriptions on file with your healthcare provider before dispensing a device;	Contractual necessity Your consent
To send you promotional emails
Contact details: email address Identification data: name, surname Demographic data: age range, gender	To deliver promotional emails; To address you in a more personalized way; To tailor promotional emails to you;	Your consent
Site usage tracking
Information collected via the Site: traffic data, screens and content accessed by the user, time spent on a page. Device Identification data: such as IP address.	To continuously improve the Site by analyzing aggregated user usage that cannot be traced back to a specific user; For more information on our use of trackers refer to our Cookie Notice.	Contractual necessity
For legal obligations
Identification data: Name, surname, date of birth, gender, user ID, state of residence. Contact details: email address. Device Identification data: such as IP address.	For the establishment, exercise and defense of legal claims.	Legal obligation
To respond to data right requests
Identification data: name, surname, date of birth	To validate user identity prior to processing a request.	Legal obligation

Legal grounds for processing your Personal Data

General ground for processing

Depending on the purpose for which we process your Personal Data (see table above) the legal ground on which we will rely to process your Personal Data may be either your consent, the necessity to perform our contractual obligations with you, our obligation to comply with laws and regulations that apply to us, or the pursuit of our legitimate interests.

Processing that is based on your consent

In some cases, we will rely on your consent to process your Personal Data. Consent will be obtained in a free, express, individual, clear, specific way:

To provide the core services of the Site
To deliver promotional information

We will send you newsletters and/or promotional communications via email only upon your prior consent or when you sign up to receive these.

You may withdraw your consent at any time by contacting us as explained in the section on "How to contact us” below.

How we obtain your Personal Data

The information we process is obtained directly from you. Some of this information is manually collected from you and some is collected automatically through your interaction with the Site.

In addition, we may obtain Personal Data from third parties with your consent, for example, when you make public reviews regarding our products.

Who we share your Personal Data with

We may disclose your Personal Data to the following categories of recipients:

affiliates, subsidiaries, and any company owned or controlled by ResMed, Expedite’s parent company, for purposes consistent with this Notice. We take precautions to limit Personal Data access to Expedite or ResMed employees that fulfil the data processing purposes.
vendors, service providers and partners who carry out the Site’s data processing purposes (for example, data hosting providers) on our behalf. These vendors, service providers, and partners are limited to processing the Personal Data only for the purpose(s) stated within our contracts and described within this Notice.
any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose;
a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Notice;
to any other person if you have provided your prior consent to the disclosure.

How we protect your privacy

We will process Personal Data in accordance with the following principles:

Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data.
Lawfulness: We will process Personal Data only on lawful grounds.
Purpose limitation: We will process Personal Data for specified explicit and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless consented by you or permitted by applicable data protection laws.
Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
Data accuracy: We will take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing us promptly of any changes or errors. Please see section “Your Data Rights” for more information.
Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. For example: physical measures such as secure locations for infrastructure that host data; technical measures such as encryption; and organisational measures such as employee vetting and supervision.
Data retention: We retain your Personal Data to identify you for as long as necessary to achieve the purposes for which we are processing your data and do not store your data for longer, unless we must to comply with applicable laws.

Data storage, retention and deletion

The Personal Data we collect from you is stored in servers located in the US.

We will retain your Personal Data for as long as you have an active business relationship with us. You may request to have your Personal Data deleted at any time. See section “Your Data Rights” for more information.

Technical and organizational security measures

We use commercially reasonable standards of technology and operational security to protect your Personal Data. Personal Data submitted by you through this Website or while using this Website is transmitted in encrypted form. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.

Profiling

Where we are analysing aggregate data for purely statistical purposes without making any predictions about you, this does not constitute profiling.

We do not make any decisions based solely on automated processing of aggregated data, which either produce legal effects that concern you or significantly affect you.

Minors

The Site is not designed or intended to appeal to minors and we do not knowingly collect Personal Data from children under the age of 13. If you are a parent or guardian and have become aware that your child has provided us with information without your consent, please contact our privacy team at privacy@eshop.resmed.com, so we can promptly delete your child’s information.

Sales of Personal Information

We have not sold any categories of Personal Information. Expedite does not sell Personal Information to third parties.

Your data rights

You may make certain requests regarding our use of your Personal Information by contacting privacy@eshop.resmed.com. If you are a resident of the State of California, some of these requests may be governed by the California Consumer Privacy Act of 2018 (“CCPA”), as amended, and its associated regulations. If you are not a California resident, or a response to any given request is not required by CCPA or other applicable law, you agree that we are under no obligation to provide a specific response to any such request, however, we agree to make commercially reasonable efforts to respond to any request we receive.

You may request that we disclose the categories of Personal Information we collect in the 12-month period preceding the request date. Consumer requests of this nature may be made no more than twice in a 12-month period. The categories of Personal Information are:

Category A: Identifiers
Category B: California Customer Records Personal Information categories
Category C: Protected classification characteristics under California or federal law
Category D: Commercial information
Category E: Biometric information
Category F: Internet or other similar network activity
Category G: Geolocation data
Category H: Sensory data
Category I: Professional or employment-related information
Category J: Non-public education information
Category K: Inferences drawn from other Personal Informations

You may request to review and access your Personal Information. You can request that we disclose information we have about you and its use over the past 12 months. For non-California residents, we may charge a reasonable, cost-based fee. We will include the following information:

The categories of Personal Information we collected about you.
The categories of sources for the Personal Information we collected about you.
Our business or commercial purpose for collecting or selling that Personal Information.
The specific pieces of Personal Information we collected about you.
If we shared Personal Information with third parties, we will disclose the categories of these third parties.
If we disclosed your Personal Information for a business purpose, we will provide a list identifying the Personal Information categories that each category of recipient obtained.

You may request the deletion of your Personal Information that we collected from you and retained, subject to certain exceptions as required by applicable law. We may deny your deletion request, but we will tell you why in writing.

You may request to amend your Personal Information. You can ask us to correct Personal Information about you that you think is incorrect or incomplete. In your request, please make clear what Personal Information you would like to have changed. We may deny your request, but we will tell you why in writing.

You may request confidential communications. Within reason, we will act upon requests to contact you in a specific way (for example, home or office phone) or to send mail to a different address.

You may request a copy of this Privacy Notice. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically by contacting us at privacy@eshop.resmed.com, and we will reply promptly to your request.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity to confirm the Personal Information relates to you. We will only use Personal Information provided in a consumer request to authenticate the requestor's identity.

External links

If any part of the Site provides links to third party websites, such websites do not operate under this Notice. We recommend you review the privacy notices of these third parties to understand why they process your Personal Data.

Updates to this Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the “last update” date displayed at the top of this Privacy Notice.

How to contact us

If you have any questions, concerns or complaints about this Notice or the way we process your Personal Data, or if you want to exercise your rights as described above, please contact our Privacy Office as follows:

9001 Spectrum Center Blvd, San Diego, CA 92123
Email: privacy@eshop.resmed.com