Aruene Corporation dba eNeura Inc. (“eNeura”, “We”, “Us”) understands the sensitivity of information about your health and the importance of protecting your privacy.  Your confidence in our ability to protect your information is paramount.

This policy (together with our terms of website use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  We may collect personal data from you through our site (www.eNeura.com or www.eNeura.co.uk) (our site) and other online resources (such as e-mail).

We treat your personal data:

• confidentially;
• in accordance with this policy; and
• in accordance with the Data Protection Act 1998 (the Act) which regulates the collection, storage, processing, access and transfer of personal data.

For the purpose of the Act, the data controllers are:

eNeura (UK) Ltd., 6^th Floor, One London Wall, London EC2Y 5EB, United Kingdom;

and

eNeura Inc., 101 W. Dickman Street, Ste 900, Baltimore, MD 21230, USA.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

EU-U.S. DATA PRIVACY FRAMEWORK

eNeura complies with the EU-US Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Aruene Corp and eNeura (UK) Ltd (a wholly owned subsidiary of Aruene Corporation) has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdome (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in the privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, eNeura is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

https://www.dataprivacyframework.gov/s/european-individuals/

INFORMATION WE MAY COLLECT FROM YOU

You can access most of the pages on our site without giving us your personal information and we only collect personal data about you if you choose to give it to us.    We may collect and process the following data about you:

• Information that you provide by filling in forms on our site. This includes information and sensitive personal data concerning health matters (such as your STMS device number) provided when requesting further services. We may also ask you for information when you report a problem with our site.
• Information you provide, such as name, date of birth, mailing and email addresses, phone contact information, as well as personal health information required for prescription order fulfilment.
• Information you provide regarding your personal migraine medical history. This information is used by our Clinical Education Specialists to help assist you in the use of the STMS device and to provide feedback to your prescribing clinician. It is also de-identified for internal research purposes to monitor the effectiveness of STMS.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of your visits to our site including, but not limited to, traffic data, location data and other communication data and the resources that you access.

IP ADDRESSES AND COOKIES

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

• to estimate our user/patient numbers and usage pattern.
• to store information about your preferences, and so allow us to customise our site according to your individual preferences.
• to speed up your searches for information and results.
• to recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (the EEA), such as the United States, whose data protection laws differ from those of the EU and UK.  It may also be processed by staff operating outside the EEA, who works for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of technological support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy, including ensuring that appropriate protections are in place to require the relevant data processor in any destination outside of the EEA to maintain protections on the data that are equivalent to those that apply in the UK.

All information you provide to us is stored on our secure servers.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

USES MADE OF THE INFORMATION

We use information held about you in the following ways:

• To provide you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
• To build a database and to analyse that database as part of our ongoing research into migraine treatment
• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To notify you about changes to our service.

DISCLOSURE OF YOUR INFORMATION

We may disclose your personal information to any member of our group from time to time, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, as well as our Representative.

Your name, mailing address. phone number and email address, if required, will be disclosed to our shipping vendors if you elect to fill a prescription for an STMS device.  You cannot opt-out of this disclosure to our shipping vendors.

We may disclose your personal information to other third parties only with your prior consent as indicated by your signature on an authorization/consent form when you submit the personal information to us in writing, or if you actively opt-in if the information is provided via an online program.  Instances where your personal information may be disclosed to third parties include:

• in the event that we wish to further analyse the data you submit via a headache diary with our panel of medical experts and/or your medical advisors as part of your ongoing treatment.
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of website use; or
• to protect the rights, property, or safety of eNeura, our registered users, or others.

We may disclose your de-identified sensitive information to third parties:

• with your express consent at the time the information is provided.
• in the event that we wish to share our data with academic or research-based institutions for use in relevant studies. In these instances, we will inform you in advance in writing, and you will have the opportunity to opt-in or opt-out of the study via email to customercare@eNeura.co.uk or via an online portal.  The information that will be used will be made anonymous and will be disclosed confidentially.
• in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• if eNeura or substantially all of its assets are acquired by a third party, in which case personal data held by it about its registered users will be one of the transferred assets.
• Note that eNeura may be required to release personally identifiable information of EU individuals in response to legal requests by public authorities, including meeting national security and/or law enforcement requirements.
• to the extent provided in theEU-U.S. DPF, eNeura may be liable in cases of onward transfer of EU personal data to non-agent third parties.

We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than that for which it was originally collected or subsequently authorized.

To limit the use and disclosure of your personal information, please submit a written request to customercare@eneura.co.uk.

YOUR RIGHTS

You have the right to ask us not to:  disclose your sensitive information with third-parties; use your sensitive information for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice; process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

OPT-IN/OPT-OUT

You may opt-in/out of these marketing programs by checking the appropriate box(es) on the patient registration form. You may also exercise the right to Opt-In or Opt-out of these programs at any time by contacting us via email at customercare@eNeura.co.uk.

ACCESS TO INFORMATION

The Act gives you the right to access, correct or delete information held about you. Your right of access can be exercised in accordance with the Act. To access the detailed information we hold about you, contact Customer Care at e-mail customercare@eNeura.co.uk.  We will provide you a copy of the information we hold about you within 30 days.

We will take reasonable steps to permit individuals to correct, amend, or delete information that is inaccurate, incomplete, or has been processed in violation of the EU-U.S. DPF Principles (except when the burden or expense of providing access, correction, amendment or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of the persons other than the individual requesting the data would be violated.)

 PRIVACY COMPLAINTS BY EUROPEAN UNION AND UNITED KINGDOM CITIZENS:

In compliance with the EU-U.S. DPF Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information.  European Union and United Kingdom citizens with inquiries or complaints regarding this privacy policy should first contact us at:

Aruene Corp. dba eNeura Inc.
Attn: Customer Care
101 W. Dickman Street, Ste 900
Baltimore, MD 21230 USA

Or email:  customercare@eNeura.co.uk

eNeura has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. EU-U.S. DPF organizations must respond with 45 days of receiving a complaint.   If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

AS A LAST RESORT, AND IN LIMITED SITUATIONS, EU AND UK INDIVIDUALS MAY SEEK BINDING ARBITRATION BEFORE THE DATA PRIVACY FRAMEWORK PANEL TO BE CREATED BY THE U.S. DEPARTMENT OF COMMERCE AND THE EUROPEAN COMMISSION.

See  https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

LIMITATION ON APPLICATION OF PRINCIPLES

Adherence by us to these Privacy Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

MINORS

Our site is intended for use by adults.  We will not collect any personal data from a person we know to be under the age of 18 without the prior, written consent of that person’s parent or adult legal representative, who will have the right to request access to, or deletion of, the information provided by the child.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page.  If we make a change to this policy that, in our sole discretion, is material, we will notify you via email to the email address associated with your eNeura customer account.  Any changes to this policy will become effective on the date indicated on the bottom, left side of each page of the policy.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to customercare@eNeura.co.uk, or write to us at the following address:

Aruene Corp. dba eNeura Inc.
Attn: Customer Care
101 W. Dickman Street, Ste 900
Baltimore, MD 21230 USA

 

LBL-0035 REV P, 01/2024