Osso VR is committed to complying with applicable data protection laws and principles, which means that your personal data will be:
- Processed lawfully, fairly and in a transparent way
- Collected for specific, legitimate purposes stated in this policy
- Relevant and limited to what is necessary for those purposes
- Accurate and kept up to date, as needed
- Kept for no longer than is necessary for those purposes; and
- Processed in a reasonably secure means
Osso VR collects personal data to deliver Osso’s Site, Products and Services, including providing the training experiences, feedback, performance analyses, and metrics enabled by the Products.
The types of personal data Osso obtains throughout your use of Osso’s Services and Products is as described herein. Information you voluntarily provide Osso collect personal data you voluntarily provide to us in connection with the Site, Products and Services. For example, Osso collects the personal data you provide during account registration, such as:
- Your first and last name
- Your email address
- Your profession
- Your medical specialty
- Your organization
- Your profile password
This basic information is necessary to complete your user registration. If you decline to provide this information, you may not be able to create an account and use Osso’s services.
Osso VR reserves the right to confirm the accuracy of registration data using third-party sources, including your sponsoring organization, or other data in the public domain.
Osso may automatically collect certain personal data when you use Osso’s Site, Products and/or Services.
Log files and identifying data
Like many online service providers, Osso may collect certain log file information when you use Osso’s Site, Products and/or Services.
For example, Osso may collect your IP address, as well as information about your device, including the model, platform, locale code and UUID (universally unique identifier).
This information can assist us in maintaining and improving Osso’s services, including during customer support diagnostics.
Usage and participation data
When you use Osso’s Services, Osso records your training and test runs, generates performance metrics, and monitors feature usage and participation on Osso’s platform.
This includes, but is not limited to, page visits, training content viewed, procedure durations, scores, functional assessments and progress snapshots.
Osso may share this data with the organization that provides access to Osso’s Products and Services on your behalf (e.g. your employer) and, if the training procedure you have used and/or participated in has been created by and/or sponsored by one of Osso’s partners (a “Sponsoring Partner”), Osso may share the results of such training with such partner.
Third party aggregate data
Osso and Osso’s partners may use digital properties to improve aggregate analytics, such as Azure analytics and Google Analytics.
If you are using an Osso Site, Osso may collect certain information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. Osso does not collect information using cookies if you are accessing or using Osso Products or Services on Windows or Oculus Quest.
Osso may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on Osso’s Site, Product(s), and/or Services.
Osso uses two broad categories of cookies:
- First-party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits Osso’s Site
- Third-party cookies, which are served by service providers on Osso’s Site, and can be used by such service providers to recognize your computer or mobile device when it visits other websites
COOKIES OSSO USES:
These cookies are essential to provide you with services available through Osso’s site and to enable you to use some of its features. For example, they allow you to log in to secure areas of Osso’s site and help content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and Osso only uses these cookies to provide you with those services.
These cookies allow your site to remember choices you make when you use Osso’s Site, such as remembering language preferences, remembering your login details and remembering the changes you make to other parts of Osso’s Site that you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit Osso’s Site.
Analytics and Performance Cookies
These cookies are used to collect information about traffic to Osso’s Site and how users use Osso’s Site. The information gathered does not identify any individual visitor. It includes the number of visitors to Osso’s Site, the websites that referred them to Osso’s Site, the pages they visited on Osso’s Site, what time of day they visited Osso’s Site, whether they have visited Osso’s Site before, and other similar information. Osso uses the information to help operate Osso’s Site more efficiently, to gather broad demographic information and to monitor the level of activity on Osso’s Site. Osso uses Google Analytics for this purpose. Google Analytics uses its own cookies. These are only used to improve how Osso’s Site works.
You can find more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies
You can read more about how Google protects your data here:
You can prevent the use of Google Analytics relating to your use of Osso’s Site by downloading and installing the browser plugin available at this link:
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
For further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
If you do not accept Osso’s cookies, you may experience some inconvenience in your use of Osso’s Site. For example, Osso may not be able to recognize your computer or mobile device and you may need to log in every time you visit Osso’s Site.
Osso VR uses your personal data for the following reasons:
To operate effectively as a business and perform essential business operations, including providing and improving Osso’s Products.
- Osso develops products to assist medical professionals, including surgical training content and resources tailored to a users’ specific role, stage of training, location and medical specialty. To enhance your productivity on Osso’s Product, Osso provides personal performance assessments, and tries to recommend the most relevant content based on your profile and recent activities. To support and guide your training, Osso provides assessments and performance data to your sponsoring partner(s), which may include your faculty, senior residents, employer, or medical device company.
- To ensure your experience with Osso’s products is optimal, Osso continuously assesses, updates, and optimizes Osso’s platform user experiences. Osso may use the personal data Osso collects to perform such assessment, updates, and optimization.
- Osso may use your personal data to restrict access to certain content, based on location or custom organizational agreements. 188864358 v5
- Product issues, identified by users and communicated through customer support, are diagnosed and resolved using personal data collected from your interactions on Osso’s Products.
- Decisions on product development and evaluations of product performance are based on business intelligence and analysis of user personal data.
- Osso engages in research and collaborates with others to improve and validate the Osso VR surgical training platform, such as validation studies examining the efficacy of Osso VR as a surgical training tool. These studies may include performance metrics from the personal data collected during customer training runs.
To deliver communications of personal interest including performance assessments and reports, product and content releases, training prompts and in response to product queries or support requests.
- Osso VR may send communications to you via the email address provided by you during the registration process and through notifications delivered to your device. Osso VR may send you communications related to product and content releases and updates, and equipment maintenance. Osso sends such communications so you are aware of changes Osso is making to content, product features, or new releases, which could affect your experience of Osso’s core services.
To inform Sponsoring Partners of engagement and interactions on branded content hosted on Osso’s platform.
- Some surgical content on Osso’s platform may be created in partnership with a Sponsoring Partner, for example training on a surgical procedure using a branded device.
- Osso shares aggregated engagement metrics, such as metadata, with Osso’s Sponsoring Partners to allow them to track the quantity of users viewing and interacting with their content. Metrics may be aggregated, such as by profession, medical specialty, location and hospital affiliation. Additionally, Osso shares aggregate performance assessments and metrics related to content branded under a Sponsoring Partner’s name or marks. Sponsoring Partners use metrics for product development, improving delivery of content and training for medical professionals as well as other purposes.
To enable your participation in an educational course, training, or conference offered by a Sponsoring Partner
- If you run Osso’s Product using equipment from the Sponsoring Partner (for example, at an educational course, training or conference), Osso will share performance training information associated with your name and email address, so the Sponsoring Partner can optimize their provision of educational resources based on proficiency data and usage metrics.
To track and report your performance on relevant Osso VR training tools to a Sponsoring Partner, including the curriculum owner and residency program director.
- If you accept an electronic invitation to use a sponsored curriculum, you grant Osso VR permission to share your Osso VR profile and relevant activity metrics on the Products with the Sponsoring Partner(s) who created or sponsored such curriculum. Sponsoring Partners may include, but are not limited to academic institutions, hospitals, and medical device companies. Activity metrics are related to platform content which belongs to the curriculum. You have the right at any time to opt out of a sponsored curriculum by providing a written request to firstname.lastname@example.org.
Osso may create anonymous data from personal data Osso receives about you and other individuals whose personal data Osso collects.
- Osso makes personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. Osso uses this anonymous data to analyze usage patterns in order to make improvements to Osso’s Site, Products and Services.
- Osso may share anonymous data with Sponsoring Partners and other third parties for legitimate business purposes.
Osso may share your personal data as follows, and as otherwise described herein:
Third Parties Who Provide your Access to the Services. Osso may share your personal data with the third party or parties that provide access to the Product(s) and Services on your behalf, such as your employer or academic institution.
Osso’s Third Party Service Providers. Osso may share your personal data with Osso’s third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their service to us. They are required to follow Osso’s express instructions and to comply with appropriate security measures to protect your personal data.
Sponsoring Partners. As described above, Sponsoring Partners may create and/or sponsor the creation of certain curricula, training programs and other training materials (collectively, “Sponsored Programs”), which Osso may host and provide via Osso’s Products and Services. Osso may share the results you obtain from any Sponsored Program with the relevant Sponsoring Partner.
Corporate Restructuring. Osso may share personal data when Osso does a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of Osso’s business or assets. These deals can include any merger, financing, acquisition or bankruptcy transaction or proceeding.
In this section, Osso has summarized rights that you may have under data protection laws. The information Osso provides in this section is a brief summary. You should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under EU data protection law include:
Access: You can request more information about the personal data Osso holds about you. You can also request a copy of the personal data. Providing the rights and freedoms of others are not affected, Osso will supply to you a copy of your personal data, or do one of the following:
- Osso may ask you to verify your identity, or ask for more information about your request; or
- Where Osso is legally permitted to do so, Osso may decline your request, but Osso will explain why if Osso does so.
Rectification: If you believe that any personal data Osso is holding about you is incorrect or incomplete, you can request that Osso correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
Objection: You can contact us to let us know that you object to the collection or use of your personal data for certain purposes.
Erasure: You can request that Osso erase some or all of your personal data from Osso’s systems. There are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
Restriction of Processing: You can ask us to restrict further processing of your personal data.
Portability: You have the right to ask for a copy of your personal data in a machine-readable format. You can also request that Osso transmit the data to another entity where technically feasible.
Withdrawal of Consent: If Osso is processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of Osso’s Products. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Right to File Complaint: You have the right to lodge a complaint about Osso’s practices with respect to your personal data with the supervisory authority of your country or EU Member State.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Osso’s training simulations provide data and feedback to sponsoring partners, which those partners can use as an element of their overall evaluations of proficiency.
To contact us in relation to any of these requests, please use the email address email@example.com.
Osso VR retains personal data for as long as necessary to provide Osso’s Products and Services and fulfill the transactions you have requested, or for other essential purposes such as complying with Osso’s legal obligations, and enforcing Osso’s agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyze the data for the purpose it was collected (as described in section 3). Moreover, Osso is required to maintain appropriate business records, including records of assessments used for training and compliance.
Osso VR is committed to protecting the security of your personal data by endeavoring to use reasonable and appropriate technologies and processes to avoid unauthorised access or disclosure.
Osso utilizes cloud storage services, like Microsoft Azure, for data storage and processing purposes. Osso’s storage containers and databases may be located in data centers and systems around the world, including in the US or Europe.
Osso has offices in the United States of America and Canada.
Osso recommends you take every precaution in protecting your Personal Data when you are on the Internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.
If you would like further information about privacy at Osso VR, please contact us at firstname.lastname@example.org.