INTRODUCTION

Stryker Performance Solutions, LLC (“Stryker,” or “we,” “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy. This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you or that you may provide when you use the Stryker, MotionSense Application (our “Application”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. 

This policy applies to information we collect: on our Application; and by phone, email, text, or other electronic messages between you and our Application. It does not apply to information collected by: us offline or through any other means, including on any other applications or websites operated by Stryker any third party; and any third party, including through any application or content that may link to or be accessible from or on the Application.  

Note, Stryker is not a medical group. Any telemedicine consults obtained through our Application are provided by independent medical practitioners (each, a “Provider”). Your Provider is responsible for providing you with a Notice of Privacy Practices describing its collection and use of your health information, not Stryker. If you do not agree to be bound by those terms, you are not authorized to access or use our Application, and you must promptly exit our Application. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Application. By accessing or using our Application, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Application after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. 

 

CHILDREN UNDER THE AGE OF 13
With parental consent, our Application may collect information from children under 13 years of age. If we learn we have collected or received Personal Data from a child under 13 without parental consent, we will delete that information. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. If you decide that you no longer want to use the Application or you believe we might have collected information from a child under 13 without parental consent, please email us at globalprivacy@stryker.com. 

 

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from and about users of our Application (collectively, “Personal Data”), specifically information by which you may be personally identified, such as name, address, e-mail address, telephone numbers, date of birth, images and video of you, Social Security Number, your medical history, your race or ethnicity, gender, age, and health information, and information about traffic data, location data, logs, other communication data, information about your mobile device, and the resources that you access and use on the Application. We collect this information:

• directly from you when you provide it to us;
• automatically as you use our Application; and
• from third parties, for example, your Provider. 

 

INFORMATION YOU PROVIDE TO US
The information we collect through our Application is:

• information that you provide by filling in forms on the Application. This includes information provided at the time of registering to use our Application, using our Provider services, or requesting further services. We may also ask you for information when you report a problem with our Application; 
• your responses to surveys that we might ask you to complete for research purposes; and
• records and copies of your correspondence (including email addresses), if you contact us.

 

INFORMATION WE COLLECT THROUGH AUTOMATIC DATA COLLECTION TECHNOLOGIES
As you navigate through and interact with our Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

• Usage Details. Details of your visits to our Application, such as traffic data, location, logs, date and time of your use of our Application, error information, and other communication data and the resources that you access and use in the Application;
• Device Information. Information about your mobile device, and Internet connection, specifically your unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number;
• Stored Information and Files. Where video files and photographs are submitted through the Application, the Application collects metadata and other information associated with those photographic images; and
• Location Data. The Application, depending on the version, may collect information about the location of your device. If you do not want us to collect this information, you can choose not to enable or you can turn-off collection of location information using the privacy settings in the Application or your device. 
• Health Data. The Application may collect information from the supported platform health and fitness APIs. The only data collected is your recorded activity level as an aggregated hourly step count. If you do not want us to collect this information, you can choose not to enable or you can turn-off collection of activity information using the privacy settings in the Application or your device. The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. 

 

HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any Personal Data:

• to present our Application and its contents and services to you;
• to process, fulfill, support, and administer transactions and orders for services ordered by you or your Provider;
• to provide you with notices about your MotionSense account;
• to contact you in response to a request;
• to fulfill any other purpose for which you provide it;
• to notify you about changes to our Application or any products or services we offer or provide through them;
• in any other way we may describe when you provide the information; an
• for any other purpose with your consent. 

Some information Stryker collects constitutes protected health information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”).  As set forth above, your Provider will provide you with a Notice of Privacy Practices describing its collection, use, and disclosure of your health information, not Stryker. Stryker will use and disclose PHI only as permitted in Stryker’s agreements with your Provider and we only collect the PHI we need to fully perform our services and to respond to you or your Provider. We may use your PHI to contact you to the extent permitted by law, to provide requested services, to provide information to your Providers and insurers, to obtain payment for our services, to respond to your inquiries and requests, and to respond to inquiries and requests from your Providers and benefits program. We may combine your information with other information about you that is available to us, including information from other sources, such as from your Providers, insurers or benefits program, in order to maintain an accurate record of our participants. PHI will not be used for any other purpose, including marketing, without your consent. 

DISCLOSURE OF YOUR INFORMATION
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

• To your Provider for professional medical services. Providers access patient information through our HIPAA compliant companion website, OrthoLogIQ
• to our affiliates, such as EnMovi and Stryker Corporation;
• to contractors, service providers, and other third parties we use to support our Application. The services provided by these organizations include IT and infrastructure support services;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Stryker about our Application users are among the assets transferred;
• to fulfill the purpose for which you provide it;
• for any other purpose disclosed by us when you provide the information; and
• with your consent. For example, we may disclose your Personal Data to a hospital or research site if you participate in a research study.
• We may also disclose your Personal Data:
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to enforce or apply our Terms of Use at http://www.stryker.com/us/en/joint-replacement/products/MotionSense/MotionSense-EULA.html and other agreements; and
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Stryker, our users, or others.  

 

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
Third parties may aggregate the information they collect from you with information from their other customers for their own purposes. When using our Application, we may collect certain information regarding your location. You must exercise your own judgment as to the adequacy and appropriateness of sharing location information with us and our third party service providers. If you do not want us to collect this information, do not download the Application or delete it from your mobile device. You can choose whether or not to allow the Application to collect and use information about your mobile device’s location through the mobile device’s location or privacy setting. Please refer to the user guide for your operating system for more information on how to enable or disable location based services for the Application. If you block the use of location information, some parts of the Application may then be inaccessible or not function properly. If you enable such location-based services in connection with the Application, you hereby consent to the collection, transmission and use of your location data by the Application. 

YOUR RIGHTS REGARDING YOUR INFORMATION AND ACCESSING AND CORRECTING YOUR INFORMATION
You can review your Personal Data by logging into our Application and visiting the [My profile] section of our Application. If any changes or errors in any Personal Data or if you would like to close your account, you must contact your Provider to submit the request. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.With respect to any PHI Stryker may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach. See the Notice of Privacy Practices provided to you by your Provider for more information. 

DATA SECURITY
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.The safety and security of your information also depends on you. Where you have chosen a password for the use of our Application, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.Unfortunately, the transmission of information via the Internet is not completely secure. Although we work diligently to try and protect your Personal Data, we cannot guarantee the security of Personal Data transmitted to our Application. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Application or in your operating system. 

STATE SPECIFIC PRIVACY RIGHTS
The law in some states may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Policy. 

CHANGES TO OUR PRIVACY POLICY
We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Application’s home page. If we make material changes to how we treat our users’ Personal Data, we will notify you through the Application’s home screen. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for reviewing this Privacy Policy to check for any changes. 

CONTACT INFORMATION
If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy, you may contact us at GLOBALPRIVACY@STRYKER.COM.

PRIVACY ADDENDUM FOR CALIFORNIA RESIDENTS
Effective Date: [5/29/2021]
Last Reviewed on: [1/19/2022]

This Privacy Addendum for California Residents (“Privacy Addendum”) supplements the information contained in MotionSense Privacy Policy that this is attached to and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice. Please note that the CCPA expressly excludes personal information regulated under the California Confidentiality of Medical Information Act (CMIA) and protected health information (PHI) collected by a “covered entity” (e.g., a health care provider or insurance plan) or “business associate” (e.g., Stryker) that provides services to a covered entity governed by HIPAA. Additionally, Personal Information that is regulated under the CCPA may represent a limited portion of Personal Data as described in the MotionSense Privacy Policy; therefore, this Privacy Addendum applies solely to the Personal Information as defined below. We may update this Privacy Addendum for California Residents as necessary and in the event of changes in the CCPA. Note that this notice does not apply to our personnel. Please contact your supervisor if you are personnel and would like additional information about how we process your personal information.  

INFORMATION WE COLLECT
Our Application collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, Stryker collects and has collected Personal Information through its Application from its consumers, as provided below. 

Categories of Personal Information Stryker has collected in the preceding 12 months:

• Identifiers (e.g., name, postal address, email address, unique personal identifier, online identifier, Internet Protocol address (IP address), Social Security number, or other similar identifiers)
• Personal information categories listed in the California Customer Records statute (e.g., name, postal address, telephone number, Social Security number, medical information or health insurance information. Note, some of this information may overlap with other categories)
• Protected classification characteristics under California or federal law (e.g., age, race, color, ancestry, medical condition, physical disability, sex (including gender).
• Commercial information (e.g., records of services obtained or considered)
• Biometric information (e.g., physiological characteristics or activity patterns, such as gait or other physical patterns, and health or exercise data)
• Internet or other similar network activity (e.g., information on a consumer’s interaction with an application)
• Geolocation data (e.g., physical location)
• Sensory data (e.g., photographs, and electronic or similar information)
• Inferences drawn from other personal information (e.g., profile reflecting a person’s physiological abilities or characteristics)·      
• Personal Information does not include information that is: (a) publicly available information from government records; (b) deidentified or aggregated consumer information; or (c) certain information excluded from the scope of CCPA, such as PHI covered under HIPAA and medical information covered under the CMIA as discussed above. 

 

Categories of sources from which Stryker has collected Personal Information:

• Directly from you. For example, from forms you complete when registering for the services or when you complete assessments about your physical condition for your Provider;    
• Indirectly from you. For example, from our operating systems and platforms; 
• From your Provider. For example, when he or she signs you up for our services; and 
• Service providers.   

 

USE OF PERSONAL INFORMATION
We may use or disclose the Personal Information we collect for one or more of the following business purposes: 

• To fulfill or meet the reason you provided the information. For example, if your Provider recommends our services to you, your Provider may with your permission, register you for our services, and we will use your Personal Information to register you for an account. 
• To provide, support, develop and improve our Application and services.
• To carry out our obligations and enforce our rights arising from any contacts entered between you and us or between us and your Provider, including for billing and collection
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and to monitor and improve our responses.
• To help maintain the safety, security, and integrity of our Application and services, databases and other technology assets, and business, including to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity, and to debug to identify and repair errors that impair existing intended functionality.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• Undertaking internal research for technological development and demonstration, including for the purposes of treatment, quality, and improvement of health status.
• As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Stryker assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Strykerabout our customers are among the assets transferred.
• Stryker will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

SHARING PERSONAL INFORMATION
We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate your Personal Information to another organization for monetary or other valuable consideration. However, Stryker may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. 

• We share your Personal Information with the following categories of third parties;
• Your Provider
• Service providers. 

 

DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
In the preceding twelve (12) months, Stryker has disclosed the following categories of Personal Information for a business purpose: 

• Identifiers
• California Customer Records Personal Information categories
• Protected classification characteristics under California or federal law 
• Commercial information
• Biometric information
• Internet or other similar network activity
• Geolocation data
• Sensory data 
• Inferences drawn from other Personal Information 
• We disclose your Personal Information for a business purpose to the following categories of third parties: 
• Your Provider
• Service providers

 

SALES OF PERSONAL INFORMATION
Stryker does not sell Personal Information.

YOUR RIGHTS AND CHOICES
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

ACCESS REQUEST RIGHTS
You have the right to request that Stryker disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will disclose to you:

• The categories of Personal Information we collected about you.
• The categories of sources for the Personal Information we collected about you.
• Our business or commercial purpose for collecting or selling that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• The specific pieces of Personal Information we collected about you.
• If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
  • sales, identifying the Personal Information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. 

 

DELETION REQUEST RIGHTS
You have the right to request that Stryker delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: 

1. Complete the services for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you or your Provider.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
5. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
6. Comply with a legal obligation.
7. Make other internal and lawful uses of that information that are compatible with the context in which you provided it. 

 

EXERCISING ACCESS AND DELETION RIGHTS
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either: 

• Emailing us at globalprivacy@stryker.comOnly you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an “Authorized Representative”), may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Representative. Before completing your request to exercise the below, we will verify that the request came from you by asking you one or more knowledge-based questions about you.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. With few exceptions, we will only review and fulfill a request from your Authorized Representative if (a) you grant the Authorized Representative written permission to make a request on your behalf, (b) you or the Authorized Representative provides us notice of that written permission, and (c) we are able to verify your identity in connection with that notice and the request. 

Making a verifiable consumer request does not require you to create an account with us.We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights. 

RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to the contact information you provided in that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.  

PERSONAL INFORMATION SALES OPT-OUT AND OPT-IN RIGHTS
We do not sell the Personal Information of consumers and therefore do not provide any opt-in or opt-out capabilities on our Application or otherwise.   

NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

 

OTHER CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Application that are California residents and who provide Personal Information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared your Personal Information with for the immediately prior calendar year (e.g. requests made in 2021 will receive information regarding such activities in 2020). You may request this information once per calendar year. To make such a request, please contact us at globalprivacy@stryker.com.

CHANGES TO OUR CALIFORNIA ADDENDUM
We reserve the right to amend this Privacy Addendum as described in our Privacy Policy. When we make changes to this Privacy Addendum, we will inform you of such updates as described in our Privacy Policy.  

MOTIONSENSE PRIVACY ADDENDUM FOR NEVADA RESIDENTS
Effective Date: 5/29/2021
Last Reviewed on: 1/19/2022 

Stryker respects your privacy and is committed to protecting it through our compliance with this policy. Stryker does not sell your personal information to any outside companies; therefore, Stryker does not provide any opt-out capabilities on our Application. You are entitled, nevertheless, under Nevada law to formally request that we not sell any of your personal information. 

Please email us at GLOBALPRIVACY@STRYKER.COM to submit your request and we will confirm your request.