Privacy Policy

Last updated: April 2026

Mainstay Medical’s products, therapies, and services, including the ReActiv8® neurostimulation system and this website (“Website”) (collectively hereinafter “Mainstay Products & Services”), are owned and operated by Mainstay Medical International plc, a private limited company incorporated under the laws of Ireland under registered number 516089 (registered address at Clonmel House, Forster Way, Swords, Co. Dublin), and its subsidiaries Mainstay Medical Limited (including United States subsidiary, MML US, Inc., a Delaware corporation) and Mainstay Medical Distribution Limited (collectively “Mainstay”, “we”, or “us”). This Privacy Policy (the “Policy” or “Privacy Policy”), together with our Terms of Use and any other materials referred to in either document, provides an explanation of how we may collect, use, or process information about you, including personal and technical data, any other information that you choose to provide to Mainstay.

If you are located in the European Economic Area (EEA), please also review the European Supplemental Notice below.
If you are located in California (and certain other states) in US, please also review the California and Other State Residents notice below.

Please read the following carefully before using or submitting any personal information.

We take the privacy and security of your data seriously, utilize industry-standard privacy and security measures for data protection, and respond promptly to your issues and concerns. Our goal is to be clear and transparent about our privacy and security practices, and we will inform you promptly about important news or incidents that may affect your information. We will never sell your personally identifiable data, and will only share your data with third parties when you authorize us, or under the circumstances described in this Privacy Policy. Using any of the Mainstay Products & Services means that you have reviewed this Privacy Policy (and our Website Terms of Use) and agree to accept all applicable terms and conditions. If you do not agree to any part of this Privacy Policy or the Terms of Use, please discontinue using Mainstay Products & Services (and immediately inform your physician and/or health care provider). If you have any questions, you may contact us at ContactUs@mainstaymedical.com.

Data Protection Laws and Regulations

Our legal basis for collecting and processing personal information is for legitimate business purposes, in accordance with applicable laws, based on our interest in helping individuals who may find benefit from Mainstay Products & Services including the use of the ReActiv8 neurostimulation system. Mainstay will only share or transmit your personal information on a need-to-know basis to parties authorized to view and/or use it for appropriate purposes, or parties to whom you have granted consent.

We only collect and use personal information where we have obtained the necessary consent and/or are in compliance with applicable laws and regulations, including but not limited to: (i) in the US, the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA); (ii) in the Europe, the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR and PECR, and the German Bundesdatenschutzgesetz (BDSG); and (iii) in Australia, the Australian Privacy Principles. We reserve the right to access and disclose personal data to comply with applicable laws and government requests and requirements, to operate our systems properly, to support patients utilizing Mainstay Products & Services, and to protect ourselves and our users/visitors. In operating and supporting Mainstay Products & Services, we may also share your information with contracted, third-party service providers and vendors to assist us in providing certain services. These may include our Mainstay subsidiaries, affiliates, IT service providers, and certain vendors. If your data needs to be disclosed, only the minimum necessary data will be shared and any such service providers or vendors with access to your data shall be subject to contractual obligations to ensure that your data is kept confidential and protected in accordance with applicable laws (under GDPR, this would include incorporating Standard Contractual Clauses in all applicable agreements).

Rules and guidance regarding personal data collected by Irish entities are available for review on www.dataprivacy.ie, the website of the Irish Data Protection Commissioner.

In the US, to learn more about HIPAA standards on data privacy and security as well as asking questions and filing complaints, users/patients may go to: https://www.hhs.gov/hipaa/index.html. [If you are located in California (and certain other states) in US, please also review the California and Other State Residents notice below.]

Under the GDPR in the European Economic Area, the data controller and processor is Mainstay Medical Distribution Limited of 77 Sir John Rogersons Quay, Block C, Grand Canal Docklands, Dublin 2, D02T804 Dublin, Ireland. [To learn more about GDPR regulations and to submit inquiries or complaints, see below European Supplemental Notice.]

In the UK, you have a right to file a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in the UK, the Information Commissioner’s Office can be contacted as follows:

Telephone: +44 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk
Web-form: www.ico.org.uk/concerns/
ICO Office: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF

In Australia, you may learn more about the Australian Privacy Principles, including how to submit questions or file complaints, by going to https://www.oaic.gov.au/privacy, or by contacting:

Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Enquiries Line: 1300 363 992
privacy@privacy.gov.au

Collection of Your Data

This Privacy Policy covers all personal and health information collected and used by Mainstay for Mainstay Products & Services. Each of Mainstay Products & Services will seek your consent or authorization (if applicable), and contains details of what you are agreeing to, how your information may be processed, and what information or communications you may receive from Mainstay.

With respect to the ReActiv8 neurostimulation system for Chronic Low Back Pain, we collect necessary personal and health data from you if/when you download and install any ReActiv8-related software or app on your computer, smartphone, or other device. When you create an account, we will collect your first and last name, email address, and related information. We may further collect your date of birth, gender, address, profile picture, physician’s information, etc. Based on your utilization of the ReActiv8 system, we may also collect your product serial nos. or other identifying information, dates and times of therapy use, your country of location (which is inferred from your IP Address), and regional settings (software/app version; time stamps / alerts; information about your device such as device type, mobile network information, and type of mobile browser; technical information about your device and your ReActiv8 utilization). When you sync your ReActiv8 system through the applicable software or app, data recorded on your device about your current and historical therapy information is transmitted from your device to Mainstay servers (hosted by a third party), which are located in Europe for patients residing in Europe and Australia, and in the United States (US) for US patients.

We also collect information you choose to share when visiting or using other Mainstay Products & Services, such as demographic information (for example, your name, address, age, region, background), insurance information, responses to a questionnaire or form, feedback about Mainstay products or services, information about your health, and/or actions you may have taken to address your condition (such as seeing a doctor, having physical therapy, or undergoing surgery). If you would like to be contacted by a Mainstay representative, hospital, or clinical specialist, you may choose to provide your name, telephone number, and email address to facilitate this through the Website or directly with a Mainstay representative.

If you provide Mainstay with your contact information, you are consenting to receiving information from Mainstay primarily via email (or by phone/text if you consent and, if appropriate, by US postal service) regarding Mainstay products and services. To ensure the privacy of our patients, users, and Website visitors, we will present a choice of how you may be contacted and also an ability to opt out of receiving certain communications (with the exception of necessary or required communications for your therapy or product use).

With respect to our Website, certain technical information while visiting our Website may be collected to improve your experience, making your navigation easier and more convenient and, if applicable, provide you with information that may be of interest to you. This is explained in more detail below.

Protection of Your Data

We will protect the privacy of user/patient information through appropriate use of security and technology, including physical and technological safeguards to protect your information, and we will ensure that any third-party service providers are contracted to have sufficient security measures as well. These measures include limiting access to personal information only to employees and authorized service providers who need to know such information for the purposes described in this Privacy Policy. While we strive to always protect our products, therapies, Website, and systems against unauthorized access, due to the inherent nature of the internet and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others (such as hackers).

Please know that the information you provide is completely voluntary and you have a choice on whether or not to disclose any information about yourself (although certain Mainstay Products & Services may require your consent and authorization prior to your utilization). Mainstay shall only use your information in accordance with this Policy, and in a manner consistent with applicable laws and regulations.

Other Company Websites

Please note that Mainstay Products & Services may contain links to other websites owned and operated by separate, third-party organizations. Mainstay is not responsible for the privacy practices of other companies whose websites are subject to separate privacy policies and terms of use. Please review the policies, terms and conditions of these other websites to make sure you are comfortable visiting/using them. Because we do not control these third parties’ cookies, tracking technologies, or how they may be used, you should contact the responsible provider directly if you have any questions.

How We May Use Your Information

We may use the personal and health information that you provide through Mainstay Products & Services for appropriate, lawful purposes only, including the following:

Therapies and Services. To facilitate, manage, and maintain the safe and appropriate use of Mainstay Products & Services, including the ReActiv8 system and any associated software, apps, or platforms; also to improve, enhance, or modify our products and services, including through data analysis.
Mainstay Operations.To share with our affiliates (including related organizations) to provide Mainstay Products & Services. This may include companies that are contractually engaged by us to provide, for example, cloud data storage, software hosting, data processing, order fulfillment, and email management. These companies are obligated by contract to safeguard any personal information they receive from us (or directly from you). Examples of our business partners include Microsoft, Salesforce, and additional parties we may work with from time to time.
Criteria for Therapy. To provide general guidance on whether you may meet the initial criteria for Mainstay therapy products (specifically the ReActiv8 implantable neurostimulation system).
Marketing. To provide you with product and service news, updates, offers, proposals, and educational information (to the extent permitted by the applicable data and privacy laws in your country), either directly or through marketing companies and similar organizations with whom Mainstay has partnered.
Product/Technical Updates.To provide important or necessary product or service updates, including technical updates, bulletins, and notices, product recall or field actions, important check-ins and status checks for new product users, and other communications relevant to your beneficial use of Mainstay Products & Services.
Protection of You and Mainstay.To keep Mainstay Products & Services (and your data) safe and secure, and to protect our rights, privacy, safety, and/or property, including those of our affiliates or other parties; to protect our operations or those of any of our affiliates; to enforce this Privacy Policy; and to allow us to pursue available remedies or limit the damages that we may sustain.
Compliance with Law.To comply with applicable laws and regulations in your country, including when requested by law enforcement, government authorities, or regulatory agencies, or when we determine that a disclosure of information is necessary and appropriate under the circumstances.
Provider/Hospital Locator. If you are interested, to help you connect with the nearest physician, hospital, other provider.
Your Questions/Requests.For specific information you have requested from us, including answering questions or providing additional data about Mainstay Products & Services.
For European residents, please review the European Supplemental Notice below.
If you are located in California (and certain other states) in US, please also review the California and Other State Residents notice below.

De-identified Information

In certain cases, we may redact or delete information from your personal information to make it non-identifiable or tabulate/combine de-identified information into aggregated form; we may use such de-identified and/or aggregate data (which is anonymous and cannot identify you) for all legitimate business purposes, such as research and development, product improvements, publications and documents, business operations and process improvements, and marketing purposes.

We may also share de-identified or aggregated demographic information about you and other visitors with outside parties, such as our business partners, national associations, and other contracted parties. Such aggregate or anonymous information does not consist of personal or identifiable information (and is not considered “Protected Health Information” (PHI) under HIPAA, or personal data under GDPR), and cannot be used to identify or locate you individually in any way.

Website Cookies Policy

When you visit our Website and have accepted our cookies policy, we (and our service providers) may use cookies (small data files stored on your computer and used to provide you with a more personal, interactive experience) to automatically collect the following information:

Technical information, including your IP address, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times and download errors.
Information about your visit, including how you were directed to our Website.
Length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse movements) and methods used to browse away from the page.

Among the different types, we may use session cookies (which expire after you close your web browser), persistent cookies (which stay on your computer until you delete them), or other automatic data collection technologies. Cookies allow us to collect technical information such as browser type, time spent viewing our Website, webpages visited, language preferences, and other anonymous web traffic data and statistical information. We and our service providers also use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. Cookies further allow us to select which of our promotional content or offers are most likely to appeal to you, and we may display them while you navigate our Website. Some of the information we gather through cookies may be considered personal information in that we may view your online activities over time and across third-party websites (sometimes referred to as behavioral tracking).

If you do not want information collected through such cookies, you may opt out or decline to accept our cookies policy (you may also erase cookies from particular websites through your browser settings). There are some limited types of essential cookies that are required for appropriate Website operations on your device or computer, which cannot be declined. Also, if you do not accept cookies, it is possible that you may experience some inconvenience when using our Website in terms of design, efficiency, and your individual preferences. (Separately, although we would like to honor web browsers set with a “Do Not Track” signal, our Website currently does not respond to such a signal.)

Choice/Opt-Out

If you wish to remove your contact information from our database so as not to receive future communications from us, you can opt out by making a specific request in a message to ContactUs@mainstaymedical.com. (Please also contact this email address if you wish to correct or update any information.) In most cases, communications sent to you (in particular email communications) will also contain an opt-out feature towards the bottom of the message. You may use that link to also express your preference to stop receiving that type of communication. For users of certain Mainstay Products & Services (including the ReActiv8 system), certain types of product-related communications may not be opted out of. These include technical updates, regulatory messages, safety-related messages, and other relevant communications related to the product and its effective utilization.

Information Storage & Transmission

All information you provide is stored on secure servers and/or cloud storage systems through contracted information technology companies. Where we have given you (and where you have chosen) a password which enables you to access our products, therapies, software/apps, or certain parts of our Website, you are responsible for keeping this password confidential. We ask that you keep your password secure and protected at all times.

Please note that the transmission of information via the internet is not always completely secure. For example, we cannot guarantee the security of your data transmitted from your computer, smartphone, or other device to our server, cloud storage, or Website. Once we have received your information, we will use all reasonable security measures and procedures to prevent unauthorized access, and take all steps reasonably necessary to ensure your data is protected in accordance with this Policy.

The data that we collect from you may be transferred across country borders (for example, from Europe, Germany or Australia to the United States), and it may also be processed by staff operating in the US or another country who are Mainstay employees or contractors. Such transfers of information to another country shall be done for compliance or regulatory purposes, including to provide adequate technical and product support. By agreeing to this Privacy Policy and voluntarily submitting your personal data, you agree to the storage, transfer, and processing described above, including the transfer of your data to the US or another country to the extent necessary. (If necessary in certain countries, Mainstay shall obtain explicit consent from individuals prior to transferring data across country borders.)

For European residents, please review the European Supplemental Notice below.
If you are located in California (and certain other states) in US, please also review the California and Other State Residents notice below.

Minors

If you are aged 18 or under, please obtain your parent’s/guardian’s permission before you provide any personal information to Mainstay. Users without this consent are not allowed to provide us with personal information.

Mainstay complies with its labeling and regulatory approvals in all applicable countries and territories, and will only market and promote our products to approved patient groups. Under no circumstances, however, will Mainstay knowingly market, promote, or recommend any products or services to any persons under the age of 13, nor will we knowingly collect any personal information from persons under 13. If you are under the age of 13, please immediately stop using Mainstay Products & Services, and speak to your parent or guardian about obtaining information.

Time Period for Keeping Data

We retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, regulatory, post-approval monitoring, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal data, we consider the following criteria:

Our legal obligations to retain the personal data under applicable laws (e.g., Medical Device Regulation imposes us to keep some data for 15 years for conformity purposes);
Applicable legal holding and/or limitation periods for the establishment, exercise or defense of any potential legal claims.

When we no longer require the personal data we have collected about you, we will either delete or irreversibly anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Notification of Changes

This Privacy Policy may be updated from time to time, so we recommend that you check the Policy each time you submit personal information to Mainstay. The date of the most recent revisions will appear at the top of this webpage. If you do not agree to these changes, please do not continue to use any of Mainstay Products & Services to submit your personal or health information. If significant or material changes are made to the Privacy Policy, we will notify you by placing a prominent notice in our Mainstay Products & Services as applicable.

Your Data Rights

You have various rights in connection with our processing of your personal information. Your data rights include the following:

Access. You have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form.
Rectification. You have the right to correct or amend any incomplete or inaccurate personal information that we process about you.
Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal or regulatory obligation, or to establish, exercise, or defend legal claims.
Restriction. You have the right to restrict our processing of your personal information where you believe such data is inaccurate, the processing is unlawful, or that we no longer need to process such data for a particular purpose. Where we are not able to delete the data due to legal or other obligations or because you do not wish for us to delete it, we will mark such personal information to limit its processing for particular purposes in accordance with your request (or otherwise restrict its processing).
Objection. Even when there is legal justification for the processing of your personal information, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing that override your interests and rights, or if we need to continue processing the data because of legal or regulatory reasons.
Withdrawing Consent. Where we process certain personal information on the basis of your consent, you have the right to withdraw your consent.

If you wish to exercise one or more of the above rights, please send your request to ContactUs@mainstaymedical.com, and include your name, email, and mailing address, as well as your specific request and any other information we may need to process your request.

How to Contact Us

If you have any other questions about this Privacy Policy and/or about the privacy policies and practices of our contracted service providers, please send a message to ContactUs@mainstaymedical.com or you may mail a letter to:

Attn: Legal Department
Mainstay Medical International plc
2159 India Street Suite 200
San Diego, California 92101
United States

EUROPEAN SUPPLEMENTAL NOTICE

The information provided in this European Supplemental Notice applies only to individuals located in the European Economic Area and who use Mainstay Products & Services.

1. Who is the Controller?

Mainstay Medical International plc, a private limited company incorporated under the laws of Ireland under registered number 516089 (registered address at Clonmel House, Forster Way, Swords, Co. Dublin), is the controller and processor of your personal data for purposes of European data protection legislation (i.e., the General Data Protection Regulation (“GDPR”)).

Mainstay’ Data Protection Officer can be contacted at:

By e-mailing: ContactUs@mainstaymedical.com
Or by writing to:

Attn: Legal Department
Mainstay Medical International plc
2159 India Street Suite 200
San Diego, California 92101
United States

We have appointed the following representatives in Europe – you can also contact them directly should you wish:

Our Representative in the European Union (EU). Our EU representative appointed under the GDPR is European Data Protection Office (EDPO). You can contact EDPO regarding matters pertaining to the GDPR:

by using EDPO’s online request form: https://edpo.com/gdpr-data-reques/
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

2. What Are Our Legal Bases for Processing Personal Data?

Processing activity	Purpose	Legal ground
Provision of Service & Customer service	To facilitate, manage, and maintain the use of our products and services To appropriately address complaints, inform customers of relevant product or service updates, helpful information, tips and reminders To contact the customer in connection with the provision of the product or service, including sending important information regarding the product or service, such as technical notices, manufacturing news, updates and alerts, relevant data privacy or security events, or changes to our terms and conditions	Necessary for contract performance (art. 6.1(b) GDPR) Consent in case of health-related data (art. 9.2(a) GDPR) exceptionally, necessary to protect the vital interests of the data subject (art. 9.2(c) GDPR)
Product improvement	To develop and/or improve products and services To enhance or modify our services (e.g., by identifying usage trends)	Legitimate interest (art. 6.1(f) GDPR) Consent in case of health-related data (art. 9.2(a) GDPR)
Marketing	Data analysis To send emails and notices to our customers regarding opportunities relating to our products and services	Consent (art. 6.1(a) GDPR)
Internal business purposes	Ensure access to and maintenance of our products and services and ensure their proper functioning; Audit; Fraud monitoring and prevention	Legitimate interest (art. 6.1(f) GDPR) Consent in case of health-related data (art. 9.2(a) GDPR)
Compliance with our regulatory and legal obligations	To comply with our legal and regulatory obligations, such as post-marketing authorization’s obligations.	Legal obligations (art. 6.1(c) GDPR) Necessary for reasons of public interest in the area of public health in case of health-related data (art. 9.2(i) GDPR)

3. Your rights

You have the following rights in relation to the personal data we hold about you:

Right of access: You can ask us to provide you with information about our processing of your personal data and give you access to your personal data;
Right to rectification: If the personal data we have about you is inaccurate or incomplete, you are entitled to request to have it rectified;
Right to erasure: You can ask us to delete or remove personal data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request;
Right to restrict processing: You can ask us to suspend the processing of your personal data if, (i) you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Right to object: Where we are relying on a legitimate interest for data processing but there is something about your particular situation, you have the right to object to processing if you believe it impacts on your fundamental rights and freedoms;
Right to data portability: You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
Right to withdraw consent at any time: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent;
Right to Lodge a Complaint with a Supervisory Authority: You may submit a complaint about our use of your personal data or our response to your requests regarding your personal data. To do this, you may contact us or submit a complaint to the Supervisory Authority in your jurisdiction:

For individuals in the EEA – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where certain exemptions apply.

In order to exercise your rights, please contact Mainstay in writing by one of the methods set out under “Contact Us” above.

4. How Do We Protect Personal Data if we transfer it internationally?

We may, where permitted or required by applicable law or regulation, transfer your personal data to recipients outside of your country. In such circumstances, the processing of your personal data will involve a transfer of your personal data outside of your country where privacy laws may not be as protective as those in your country. Where we transfer your personal data outside your country and we are legally required to implement a transfer mechanism, we will take steps to transfer your personal data in accordance with applicable law.

Mainstay may transfer your personal data to the US (supported through transfer mechanism, or EU Standard Contractual Clauses).

You may contact us in writing by one of the methods set out under “Contact us” above if you would like further information on the specific mechanism that we use when transferring your personal data outside of Europe.

CALIFORNIA AND OTHER STATE RESIDENTS

We collect information about individuals in a variety of ways. This section only applies to residents of certain US States, including California, whose personal information is subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”) or the equivalent laws in certain other US States. This section does not always apply, and does not apply to information we collect about employees and job applicants. If you would like to know if the rights apply to you, please contact: ContactUs@mainstaymedical.com.

Below is a summary of the personal information we may collect from you when you access or use our Mainstay Products & Services, and the categories of third parties with whom we may share consumer personal information.

Categories of Personal Information We Collect	Categories of Third Parties With Whom We May Disclose Personal Information for a Business Purpose
Identifiers such as real name, postal address, country of origin, IP address, email address, account name, date of birth, other similar identifiers.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms Mainstay and affiliated parties Third-party applications (if applicable) Law enforcement or other authorities for legal compliance Entities involved in corporate reorganization, merger, or acquisition and their representatives
Characteristics of protected classifications under California, other US State Privacy Laws, or Federal Law, such as age and gender.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms Mainstay and affiliated parties Health care professionals Third-party applications (if applicable) Entities involved in corporate reorganization, merger, or acquisition, and their representatives
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consumer history.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms Mainstay and affiliated parties Third-party applications (if applicable) Entities involved in corporate reorganization, merger, or acquisition and their representatives
Internet or other electronic network activity information, including status/HTTP status code, operating system, browsing software version, device ID, browsing history, search history, and interactions with websites, applications, or advertisements.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms Entities involved in corporate reorganization, merger, or acquisition and their representatives
Geolocation data, such as your precise or approximate location derived from information from your mobile device.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms
Inferences drawn from collected information to create a profile about consumer-reflecting preferences, characteristics, psychological trends, behavior, attitudes, intelligence, abilities, and aptitudes.	Software, development, maintenance, data storage, and web analytics service providers; service providers and distributors involved in providing the Platforms Mainstay and affiliated parties Third party applications (if applicable) Entities involved in a corporate reorganization, merger, or acquisition and their representatives

How Long We Keep Personal Information: We keep your personal information for as long as needed or permitted. We may remove personal information for inactive accounts from our database, subject to any applicable legal or regulatory obligations. Similarly, we may delete personal information at any time and without providing a reason.

Your Rights: Subject to certain legal limitations and applicable exceptions, residents of certain US States, including California, may exercise the following rights via mail at: ContactUs@mainstaymedical.com.

Right to Know.You have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting the personal information, and the categories of third parties with whom we have shared your personal information (“Categories Report”). You may also request information about the specific pieces of personal information we have collected about you (“Specific Pieces Report”).
Right to Delete.You have the right to request that we delete personal information that we have collected from you.
Right to Opt Out.To the extent we share your personal information for marketing purposes, you may contact us at ContactUs@mainstaymedical.com to request that we stop doing so. We do not sell any personal information (including information about minors).
Right to data portability.You have the right to request your data in a readily useable format that allows you to transmit the information from one company to another.

Verification: In order to exercise your rights, we will need to obtain information to verify your identity. If you are submitting a request on behalf of a household, we will need to verify each member of the household in the manner set forth in this section. For a Specific Pieces Report, we will request personal information sufficient to verify your identity to a reasonably high degree of certainty and seek a signed declaration, under penalty of perjury, that you are who you say you are.

Authorized Agents: If you are an authorized agent, we will request written and signed authorization from the consumer and will seek to verify the consumer as described above, or we will accept a legal Power of Attorney under the California Probate Code (or equivalent law). At a minimum, we will require evidence of your (the agent’s) identity (via passport or driver’s license submission), proof of registration with the California Secretary of State (or State equivalent), and at least one of the following proof of your legal authority to act on the behalf of the individual who is the subject of this request:

Written authorization signed by the consumer,
Certified copy of a Power of Attorney granted under Probate Code, or legal equivalent, or
Evidence of parental responsibility.

Timing: We will respond to Requests to Delete and Requests to Access within 45 days unless we need more time in which case we will notify you and may take up to 90 days total to respond to your request.