Back to eshop.resmed.com

Free ground shipping on orders over $50

Privacy Notice

Effective as of November 8, 2024

About this Notice

Expedite LLC ("Expedite", "we", "our", "us") maintains and operates ResMed Shop and is committed to protecting the privacy and security of your Personal Data (as defined below) and we want to be transparent about the types of Personal Data we collect about you and how we use it. The Shop.ResMed.com Privacy Notice (hereafter the "Notice"), explains how we collect, use and share any information gathered about you ("Personal Data", “Personal Information”) through your use of Shop.ResMed.com and its associated web pages (the "Site") and aims to inform you about the rights you can exercise with regard to our use of your Personal Data. This Notice also describes the measures we implement to protect your Personal Data.

The Site is managed by Expedite, LLC, headquartered at 9001 Spectrum Center Blvd, San Diego, CA 92123, who is the data controller for all Personal Data that is processed via the Site. For more information about the Site, please see the Terms of Use.

We intend for the products and services provided through the Site to be accessed only by users in the United States. Expedite reserves the right to limit access to products and services offered to users located outside of the United States. Users located outside of the United States will be unable to make purchases through the Site.

If you do not want Expedite to process any of your Personal Data through the Site, as set out in this Notice, you should not use the Site.

Some states may maintain laws relating to consumer health data and some information you provide to Expedite may be subject to such laws. When that is the case, please also refer to ResMed’s Consumer Health Data Privacy Notice for additional information.

Personal Data we process, purposes, and legal basis

When you use the Site, we collect the following types of Personal Data about you, which we will process under the following purposes and legal basis:

 

Types of Personal Data

Processing purposes

Legal basis for processing

To offer you products and services through the Site

Identification data: name, surname

Demographic data: gender, state of residence.

Contact details: email address.

Lifestyle data: information about your current sleep conditions.

Prescription information / date of birth: information about sleep care products prescribed to you.
  • To address you in a more personalized way;
  • To tailor transactional communications to you;
  • To email you for transactional communications and reply to your inquiries;
  • To tailor Site content and transactional communications with you;
  • To confirm a valid prescription on file with your healthcare provider before dispensing a device;

Contractual necessity

Your consent

To send you promotional emails

Contact details: email address

Identification data: name, surname

Demographic data: age range, gender
  • To deliver promotional emails;
  • To address you in a more personalized way;
  • To tailor promotional emails to you;

Your consent

Site usage tracking

Information collected via the Site: traffic data, screens and content accessed by the user, time spent on a page.

Device Identification data: such as IP address.
  • To continuously improve the Site by analyzing aggregated user usage that cannot be traced back to a specific user;

For more information on our use of trackers refer to our Cookie Notice.

Contractual necessity

For legal obligations

Identification data: Name, surname, date of birth, gender, user ID, state of residence.

Contact details: email address.

Device Identification data: such as IP address.

For the establishment, exercise and defense of legal claims.

Legal obligation

To respond to data right requests

Identification data: name, surname, date of birth

To validate user identity prior to processing a request.

Legal obligation

 

Legal grounds for processing your Personal Data

General ground for processing

Depending on the purpose for which we process your Personal Data (see table above) the legal ground on which we will rely to process your Personal Data may be either your consent, the necessity to perform our contractual obligations with you, our obligation to comply with laws and regulations that apply to us, or the pursuit of our legitimate interests.

Processing that is based on your consent

In some cases, we will rely on your consent to process your Personal Data. Consent will be obtained in a free, express, individual, clear, specific way:

  • To provide the core services of the Site
  • To deliver promotional information

We will send you newsletters and/or promotional communications via email only upon your prior consent or when you sign up to receive these.

You may withdraw your consent at any time by contacting us as explained in the section on "How to contact us” below.

How we obtain your Personal Data

The information we process is obtained directly from you. Some of this information is manually collected from you and some is collected automatically through your interaction with the Site.

In addition, we may obtain Personal Data from third parties with your consent, for example, when you make public reviews regarding our products.

Who we share your Personal Data with

We may disclose your Personal Data to the following categories of recipients:

  • affiliates, subsidiaries, and any company owned or controlled by ResMed, Expedite’s parent company, for purposes consistent with this Notice. We take precautions to limit Personal Data access to Expedite or ResMed employees that fulfil the data processing purposes.
  • vendors, service providers and partners who carry out the Site’s data processing purposes (for example, data hosting providers) on our behalf. These vendors, service providers, and partners are limited to processing the Personal Data only for the purpose(s) stated within our contracts and described within this Notice.
  • any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose;
  • a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Notice;
  • to any other person if you have provided your prior consent to the disclosure.

How we protect your privacy

We will process Personal Data in accordance with the following principles:

  • Fairness: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data.
  • Lawfulness: We will process Personal Data only on lawful grounds.
  • Purpose limitation: We will process Personal Data for specified explicit and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless consented by you or permitted by applicable data protection laws.
  • Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
  • Data accuracy: We will take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing us promptly of any changes or errors. Please see section “Your Data Rights” for more information.
  • Data security: We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. For example: physical measures such as secure locations for infrastructure that host data; technical measures such as encryption; and organizational measures such as employee vetting and supervision.
  • Data retention: We retain your Personal Data to identify you for as long as necessary to achieve the purposes for which we are processing your data and do not store your data for longer, unless we must comply with applicable laws.

Data storage, retention and deletion

We process, store, and retain your data to facilitate your interactions with use and your use of the Site. Generally, we will retain your Personal Data for as long as you have an active business relationship with us. You may request to have your Personal Data deleted at any time. See section “Your Data Rights” for more information.

Technical and organizational security measures

We use commercially reasonable standards of technology and operational security to protect your Personal Data. We implement technical controls to encrypt Personal Data submitted by you through this Website or while using this Website to the extent feasible. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.

Automated Processing

We may aggregate or anonymize data to analyze and improve our services. Where we analyze aggregate data for purely statistical purposes, this does not constitute profiling. We do not make any decisions based solely on automated processing of aggregated data which produce legal effects that concern or significantly affect you.

Minors

The Site is not designed or intended to appeal to minors and we do not knowingly collect Personal Data from children under the age of 13. If you are a parent or guardian and have become aware that your child has provided us with information without your consent, please contact our privacy team at privacy@resmed.com so we can promptly delete your child’s information.

Sales of Personal Information

We have not sold any categories of Personal Information. Expedite does not sell Personal Information to third parties.

Your privacy rights

Certain North American jurisdictions, including California and other U.S. states, have passed data privacy laws that provide residents with specific rights regarding their personal information. In this section, we describe these rights and how to exercise them, if applicable. This section may not apply to our handling of personal information that is exempt under such privacy laws, including, but not limited to, publicly available information or de-identified or aggregated information.

Understanding your rights

Right to know/request access. You may have the right to know what types of personal information we collect. Regarding personal information we have collected about you in the prior 12 months, and subject to certain conditions and exceptions, you may request:

  • the categories of personal information we collected about you
  • the categories of sources from which we collected your personal information
  • the business or commercial purposes for collecting, selling or sharing your personal information
  • the categories of third parties to whom we have disclosed your personal information
  • the specific pieces of your personal information collected.

The personal information collected varies depending on how you interact with us, please see sections above for an explanation of the data we collect and may have collected over the past 12 months.

Right to delete. Subject to certain conditions and exceptions, you may have the right to request that we delete your personal information.

Right to correct. Subject to certain conditions and exceptions, you may have the right to request that we correct inaccuracies in your personal information. You may be able to correct certain inaccuracies yourself through your account.

Right to restrict. Subject to certain conditions and exceptions, you may have the right to request that we restrict our use of your personal information if it contains sensitive data or identifiers (“sensitive personal information”). Our collection, use and disclosure of sensitive personal information is generally limited to what is reasonable and proportionate for the following purposes:

  • to perform the services or provide the goods as reasonably expected by you
  • to detect security incidents that compromise the availability, authenticity, integrity and confidentiality of sensitive personal information that is stored or transmitted
  • to resist malicious, deceptive, fraudulent or illegal actions directed at Expedite and to prosecute those responsible for those actions
  • to ensure the physical safety of you and others
  • for short-term, transient uses
  • to verify your information, provide customer support or provide similar services
  • to maintain the quality and safety of a service or device that is owned, manufactured by, manufactured for or controlled by Expedite.

Right to opt-out of sales and sharing. You may have the right to opt-out of the "sale" and "sharing" of your personal information, as those terms are defined under applicable laws. The California Consumer Privacy Act (CCPA [as defined below]) defines a "sale" as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and "sharing" broadly includes disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. While we do not "sell" personal information to third parties in exchange for monetary compensation, we may "share" the following categories of personal information for advertising purposes: identifiers and internet or other electronic network activity information to third-party advertising networks, analytics providers and social networks for purposes of marketing and advertising for products and services we believe may be of interest to you. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under 16 years old.

To opt-out from the sharing of personal information, click "Do Not Sell or Share My personal information" on the bottom of the applicable website home page. Submitting an opt-out request will only opt you out of disclosures that are considered "sales" or "sharing," but not out of other disclosures, such as to our service providers.

Right to non-discrimination. We will not discriminate against you for exercising any of the rights described in this section.

Exercising your data rights

Because Expedite values your privacy, we strive to honor requests to exercise your privacy rights regardless of whether a particular statute obligates us to do so. However, we make no warranties about our willingness or ability to honor requests in the absence of an applicable legal requirement.

Exercise of certain rights may also be limited in some circumstances, such as where honoring a request may restrict our ability to serve you. We reserve the right to verify the authenticity of your request before acting on it and any right to decline a request to the extent permitted by applicable law.

To submit a request to exercise any of these rights:

Verification. Before responding to your request, we must first verify your identity. You must provide us with your first name, last name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity or, where necessary, to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us. We may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Businesses operating as an authorized agent on behalf of an individual must provide both of the following:

  1. Certificate of good standing with its state of organization.
  2. A written authorization document, signed by the individual, containing the individual’s name, address, telephone number and valid email address and expressly authorizing the business to act on behalf of the individual.

Individuals operating as an authorized agent on behalf of another individual must provide one of the following:

  • A notarized power of attorney signed and dated by the individual naming the authorized agent as the individual’s representative.
  • A written authorization document, signed by the individual, containing the individual’s name, address, telephone number and valid email address and expressly authorizing the individual to act on behalf of the individual.

We reserve the right to reject:

  • authorized agents who have not fulfilled the above requirements
  • automated requests where we have reason to believe the security of the requestor’s personal information may be at risk.

Response timing and format. We will respond to your request as required under applicable privacy laws. If we deny the request, residents of certain jurisdictions may appeal our decision by sending an email to privacy@resmed.com.

You may request a copy of this Privacy Notice. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically by contacting us at privacy@resmed.com and we will reply promptly to your request.

Additional California disclosures

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act provides California residents with the aforementioned rights. The CCPA and other California laws may also provide additional rights, including the following:

  • Response timing. For requests to exercise privacy rights initiated by California residents, we will acknowledge receipt of your privacy request within 10 days. We will endeavor to respond to your request within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing. If we cannot respond to your request, either fully or partially, we will also explain our reasoning. Where permitted under the CCPA, we may charge you a reasonable fee to process your request.
  • Shine the light. California's "shine the light" law permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not disclose personal information to third parties for their direct marketing purposes.
  • California recognizes the universal opt-out signal known as Global Privacy Control (GPC). GPC is a proposed specification that allows you to make a single opt-out of the sale or share of your personal information to the extent that a particular website and browser are able to recognize the signal.
  • Do not track. Our websites and services do not recognize or respond to any signal, which your browser might transmit through the "Do Not Track" feature that your browser might have. However, you can set your preferences for cookies on our websites as described above.

External links

If any part of the Site provides links to third party websites, such websites do not operate under this Notice. We recommend you review the privacy notices of these third parties to understand why they process your Personal Data.

Updates to this Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. You can see when this Privacy Notice was last updated by checking the “last update” date displayed at the top of this Privacy Notice.

How to contact us

If you have any questions, concerns or complaints about this Notice or the way we process your Personal Data, or if you want to exercise your rights as described above, please contact our Privacy Office as follows. You can also learn more about ResMed and ResMed’s privacy practices by visiting ResMed’s website and Privacy Policy.

9001 Spectrum Center Blvd, San Diego, CA 92123
Email: privacy@resmed.com