Resmed.com Privacy Policy

Resmed Corp., its brands, affiliates and subsidiaries (“Resmed,” “we,” “our” or “us”), including but not limited to Resmed SaaS Holdings and its affiliates such as MatrixCare Inc. and Brightree LLC, is committed to protecting the privacy and security of your personal information. This Privacy Policy (“Policy”) describes how Resmed collects, uses, discloses and processes the personal information described in this Policy, and the rights and choices individuals have regarding such personal information.

By using our services or website, you agree that your personal information will be handled as described in this Policy. Your use of our services, and any dispute over privacy, is subject to this Policy and our Terms of Use available at www.resmed.com/en-us/terms-of-use/.

Your Privacy Rights: Please review our Privacy Rights section. This Privacy Rights section applies to residents of California and other states which have passed data privacy, artificial intelligence and biometric information laws that provide residents with specific rights regarding their personal information. The Privacy Rights section provides additional details about our privacy practices related to your personal information as required by the applicable privacy rights in your state of residence. Some portions of the Privacy Rights section apply only to residents of particular states. In those instances, we have indicated that such language applies only to those residents.

Specific State Consumer Health Data Rights: Please see our Consumer Health Data Privacy Notice, available at https://www.resmed.com/en-us/consumer-health-data/, for information about rights you may have as a Washington or Nevada resident relating to your Consumer Health Data.

Table of contents

1. Scope of this policy
2. Personal information we collect
3. How we may use personal information
4. How we may disclose personal information
5. Our use of cookies and other tracking mechanisms
6. How we retain your personal information
7. Managing your preferences and choices
8. External links and features
9. Your privacy rights
10. Children’s privacy
11. Data Privacy Framework
12. Changes to this policy
13. Contact us

 

1. Scope of this policy

This Policy applies to personal information we collect when you visit our website, www.resmed.com (the “website”), use our products and services that include a link to this Policy, subscribe to receive marketing communications from us or otherwise interact with us, including through social media (collectively, the “services”).

For purposes of this Policy, “personal information” means information that identifies, describes or is reasonably capable of being associated with you or your household.

This Policy is intended for North American users. If you are not a North American user, refer to the Resmed Privacy Policy applicable to your region. For North American users, the website and services are hosted primarily on servers located in the United States. Your personal information may be processed in the United States.

Additional disclosures. Depending on how you interact with us, we may provide you with other privacy notices that include additional details about our privacy practices. For example, a separate privacy notice may apply to job applicants or to employees and other workers in the context of our working relationship with them. Users affiliated with our current, former and prospective healthcare professional customers, vendors and business partners should consult our Healthcare Professional Customer Privacy Notice. Additionally, in the context of protected health information, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we generally act as a business associate subject to the direction of a covered entity (for example, a healthcare provider); therefore, if you are a healthcare patient receiving care from a healthcare provider, you should consult the applicable covered entity’s privacy notice for additional information about the collection, use and disclosure of any protected health information.

2. Personal information we collect

As further described below, we collect personal information directly from you, automatically through your use of the services and from other third-party sources. To the extent permitted by applicable law, we may combine the information we collect from publicly available or third-party sources.

Personal information collected directly from you. While the personal information we collect varies depending on your use of our services, your consents and preferences, and our interactions with you, in general, we may collect the following personal information directly from you:

• Contact information. and similar identifiers. When you contact us, including when you sign up to learn more about Resmed, create an account or join the Resmed community, we collect your full name, email address, country of residence, demographic information and other information you choose to provide.
• Health information. Information related to your health, such as medical condition, sleep therapy and device usage. This may include biometric or physiological data that you provide to Resmed via the services or your interactions, applications or communications.
• Personal characteristics. Information relating to person-specific attributes or preferences, such as age, gender, weight, behavior, exercise, personal history, account history or purchase history.
• Audio, electric, visual or similar information. Includes audio, electronic, visual or similar information, photographs and images that you provide us, call recordings (for example, customer support calls) and other visual or similar information you provide through our services.
• Communications and interactions. When you email, call, contact us, submit questions, interact with us or otherwise speak to a member of our team, we collect and maintain a record of your contact details, communications and our responses. If you speak with us by phone, we may collect call recordings for quality assurance and training purposes.
• Surveys. If you participate in our voluntary surveys or studies, we collect information, such as preferences, demographic information (for example, age or gender and medical history), research data, and your responses, feedback or any other information you authorize the collection of or choose to provide.
• Preferences and feedback. If you participate in one of our questionnaires, we collect your responses, feedback and other information about your use of the services, such as your communications preferences and other preferences and feedback you choose to provide.
• Events and other requests. We also collect personal information related to your participation in our events and other requests that you submit to us related to our services. For example, if you register for, or attend, an event that we host or sponsor, we may collect information related to your registration and participation in the event.

Personal information collected automatically. When you use our services, we and our providers automatically collect certain personal information through the use of cookies, pixel tags and other similar technologies. The personal information we may automatically collect includes:

• Device and browsing information. We collect information, such as IP address, unique ID, device type, general location information (such as region, which may be derived from your IP address), browser type, browser language, domain names, access times, date and time stamps, operating system, scrolling activity, internet service provider and other similar device and browsing information.
• Activities and usage. We also collect activity information, such as information related to how you interact with the services, including page views, links and items clicked, features used, time spent within the services and other activity and usage information.
• Location information. If you choose to enable location-based sharing with us through your device settings, we may collect precise location information, such as GPS coordinates to provide content that is more relevant to your location and to otherwise improve your interactions with our services.

To the extent permitted by law, we may combine this information with other information that we have collected about you. For more information about our use of cookies and other similar technologies, see “Our use of cookies and other tracking mechanisms“.

Personal information we collect from other sources. We may also collect or obtain personal information about you through our affiliates, business partners and from other third-party sources, such as public databases, data analytics providers, internet service providers, operating systems and platforms, application providers, and vendors and service providers who provide services on our behalf.

3. How we may use personal information

We may use the personal information we collect for the following purposes:

• Operate our business. To provide and operate our services, communicate with you about your use of the services, conduct business, provide any related troubleshooting, security, monitoring, fraud prevention, technical support or similar support.
• Communicate with you. To respond to your communications, inquiries and to fulfill your requests, such as to send you requested materials and newsletters, and information and materials regarding our products and services. We also use this information to send administrative information to you, such as information regarding the services and changes to our terms, conditions and policies.
• Marketing and promotions. For marketing and promotional purposes. For example, to send you marketing communications and information about our services, Resmed events, technologies and new offerings, including via email and SMS in compliance with applicable laws and in accordance with your preferences that we believe may be of interest to you.
• Customization and personalization. To personalize your experience within the services by presenting products and offers tailored to you.
• Research and development. To conduct research, analysis and development, including activities designed to improve our products, services and websites (for example, data analytics, comparative analysis and machine learning) and to recruit you as a candidate for studies related to our products and services and to contact you about participation in our studies, events or similar offerings.
• Surveys and feedback. To administer surveys, studies and questionnaires, such as for market research, product improvement or user satisfaction purposes.
• Promotions and contests. To allow you to participate in sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your personal information, so we suggest that you read these rules carefully.
• Planning and managing events. To plan for events, studies and for other event management purposes, including registration, attendance, connecting you with other event attendees and contacting you about relevant events, studies or offerings related to your use of the Services.
• Audits and assessments. To conduct financial, tax and accounting audits, audits and assessments of our operations, privacy, security and financial controls, risk and compliance with legal obligations, our general business, accounting, record keeping and legal functions and to maintain appropriate business records and enforce company policies and procedures.
• Compliance and legal process. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
• Auditing, reporting and other internal operations. For our business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities and for internal quality control and training purposes.
• General business and operational support. To assess and implement mergers, acquisitions, reorganizations, bankruptcies and other business transactions, such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping and legal functions.

4. How we may disclose personal information

We may disclose the personal information we collect for the purposes described above and as follows:

• Affiliates, subsidiaries and business partners. We may share your personal information with our affiliates or subsidiaries and any company owned or controlled by Resmed. Resmed also partners with other businesses to offer products and services and we may disclose your personal information to those business partners.
• Vendors and service providers. We may disclose your personal information to vendors and service providers who perform functions and provide services on our behalf. These vendors and service providers are contractually required to keep your personal information safe and confidential and to use your personal information for the sole purpose of performing the services we asked them to provide. These vendors and service providers may include website hosting and IT providers, marketing and marketing research providers, customer support, data hosting, analytics and storage providers, analysis and processing providers, email solution providers, auditors, consultants and legal counsel.
• Marketing and analytics providers. We may also disclose your personal information, such as device and browsing, and activities and usage information, with marketing and advertising networks, data analytics providers and other companies who provide marketing or analytics services on our behalf. For more information, see “Our use of cookies and other tracking mechanisms.”
• Business transfers. If we or our affiliates are or may be acquired by, merged with or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the personal information we have collected from you with or to the other company. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transaction, such as a financing or restructuring, to lenders, auditors and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
• Compliance and legal obligations. We may disclose your personal information if we are required to do so by law or subpoena, or if we reasonably believe such action is necessary to comply with the law and the reasonable requests of regulators, law enforcement or other public authorities. We also may disclose the information we collect to comply with a judicial proceeding, court order or other legal process, including responding to national security or law enforcement disclosure requirements.
• Aggregate and de-identified information. We may disclose aggregate or de-identified information about users with third parties for marketing, analytics, research and development (for example, data analytics, comparative analysis, and machine learning) or other purposes.
• Other disclosures. We may disclose personal information to others and in ways not described above as necessary to provide the services or after we notify you and/or obtain your consent to the extent required by applicable law.

5. Our use of cookies and other tracking mechanisms

We, and our service providers, use cookies, pixels, tags and other similar tracking mechanisms to automatically collect information about browsing activity, type of device and similar information within our services. We use this information to, for example, analyze and understand how you access, use and interact with us through our services, and to identify and resolve bugs and errors in our services and to assess, secure, protect, optimize and improve the performance of our services.

Cookies. Cookies are alphanumeric identifiers we transfer to your device’s hard drive for tracking purposes. Some cookies allow us to make it easier for you to navigate our service, while others are used to enable and optimize certain service functions, support the security and performance of the service or allow us to track activity and usage data within our service. For more information on how we use cookies, please read our Cookie Notice.

Pixel tags. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our service to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded so we can track response rates and gauge the effectiveness of our communications.

Third-Party analytics and tools. We use third-party tools, such as Google Analytics, which are operated by third-party companies. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our services to provide us with reports and metrics that help us evaluate usage of our services, improve our sites and enhance performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Do not track. Please note that our services do not recognize or respond to any signal which your browser might transmit through the “Do Not Track” feature that your browser might have. However, you can set your preferences for cookies on our websites as discussed below.

6. How we retain your personal information; De-identification and Re-identification

We retain your personal information for as long as needed, or permitted, based on the reason why we obtained it (consistent with applicable law). When deciding how long to keep your information, we consider whether we are subject to any legal obligations (for example, any laws that require us to keep records for a certain period of time before we can delete them) or whether we have taken any legal positions (for example, issued any legal holds or otherwise need to preserve the information). Rather than delete your data, we may also de-identify it by removing identifying details. If we de-identify the data, we will not attempt to re-identify it.

7. Managing your preferences and choices

We make available several ways for you to manage your preferences and privacy choices, as described below:

• Cookie settings.To prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. You can also delete cookies. The “Help” portion of the toolbar on most browsers will show you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie or how to delete cookies. Depending on your jurisdiction, Resmed and/or this website may also provide a built-in cookie management functionality that allows you to customize your cookie settings. Changing your cookie settings may impact the functionality of certain features.
• Surveys. You have the choice to participate in our surveys, contests or sweepstakes. This also includes the choice to opt-out at any time.
• Marketing communications. You may consent or withdraw your consent to our use of your personal information for marketing at any time by following the instructions to unsubscribe included in each marketing-related email sent to you or through the following link: Subscription Center. If you opt-out of receiving marketing-related emails from us, we may still send you administrative messages relevant to any specific services you may have signed up for.

8. External links and features

Our services may contain links to third-party websites or features. Any access to and use of such linked websites or features is not governed by this Policy but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties, including their collection of your personal information. You should review the privacy policies and terms for any third parties before proceeding to those websites or using those features.

9. Your privacy rights

Residents of certain North American jurisdictions have passed data privacy laws that provide residents with specific rights regarding their personal information. We describe these rights and how to exercise them, if applicable. This does not apply to our handling of personal information that is exempt under such privacy laws, including, but not limited to, publicly available information, information governed by the HIPAA or de-identified or aggregated information.

Understanding your rights

Right to know/request access. You may have the right to know what types of personal information we collect. Regarding personal information we have collected about you in the prior 12 months, and subject to certain conditions and exceptions, you may request:

• the categories of personal information we collected about you
• the categories of sources from which we collected your personal information
• the business or commercial purposes for collecting, selling or sharing your personal information
• the categories of third parties to whom we have disclosed your personal information
• the specific pieces of your personal information collected.

Our collection, use and disclosure of your personal information varies depending on our interactions or relationship with you. For general information about our collection, use and disclosure of personal information in the last 12 months, see “Personal information we collect,” “How we may use personal information,” and “How we may disclose personal information“.

Right to delete. Subject to certain conditions and exceptions, you may have the right to request that we delete your personal information.

Right to correct. Subject to certain conditions and exceptions, you may have the right to request that we correct inaccuracies in your personal information. You may be able to correct certain inaccuracies yourself through your account.

Right to restrict. Subject to certain conditions and exceptions, you may have the right to request that we restrict our use of your personal information if it contains sensitive data or identifiers (“sensitive personal information”). To submit a request to withdraw your consent or opt-out of the processing of your sensitive personal information, please contact privacy@resmed.com.

Our collection, use and disclosure of sensitive personal information is generally limited to what is reasonable and proportionate for the following purposes:

• to perform the services or provide the goods as reasonably expected by you
• to detect security incidents that compromise the availability, authenticity, integrity and confidentiality of sensitive personal information that is stored or transmitted
• to resist malicious, deceptive, fraudulent or illegal actions directed at Resmed and to prosecute those responsible for those actions
• to ensure the physical safety of you and others
• for short-term, transient uses
• to verify your information, provide customer support or provide similar services
• to maintain the quality and safety of a service or device that is owned, manufactured by, manufactured for or controlled by Resmed.

Right to opt-out of sales and sharing. You may have the right to opt-out of the “sale” and “sharing” of your personal information, as those terms are defined under applicable laws. While we do not “sell” personal information to third parties in exchange for monetary compensation, we may “share” the following categories of personal information for purposes of cross-context behavioral advertising or targeted advertising, as those terms are defined under applicable laws: identifiers and internet or other electronic network activity information to third-party advertising networks, analytics providers and social networks for purposes of marketing and advertising for products and services we believe may be of interest to you. We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under 16 years old.

To opt-out from the “sharing” of personal information, see the Global Privacy Control section below and/or click “Do Not Sell or Share My personal information” on the bottom of the applicable website home page. Submitting an opt-out request will only opt you out of disclosures that are considered “sales” or “sharing,” but not out of other disclosures, such as to our service providers.

Profiling. We do not process personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, as the term “profiling” is defined under applicable laws.

Right to non-discrimination. We will not discriminate against you for exercising any of the rights described in this section.

Global Privacy Control. California, Colorado, Connecticut, Oregon and Texas recognize the universal opt-out signal known as Global Privacy Control (GPC). GPC is a proposed specification that allows you to make a single opt-out of the “sale” or “sharing” of your personal information to the extent that a particular website and browser are able to recognize the signal. At Resmed, we strive to honor the GPC as a valid request to opt-out of the sale or share of your personal information to the extent applicable.

To turn on the GPC signal, you can download one of the supported browsers or extensions. You may visit https://globalprivacycontrol.org/#download for a list of the available browsers or extensions. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Exercising your rights

To submit a request to exercise any of your rights under this notice, please Complete an online request form at https://www.resmed.com/DataRequest.

Because Resmed values your privacy, we strive to honor requests to exercise your privacy rights regardless of whether a particular statute obligates us to do so. However, we make no warranties about our willingness or ability to honor requests in the absence of an applicable legal requirement.

Exercise of certain rights may also be limited in some circumstances, such as where honoring a request may restrict our ability to serve you. We reserve the right to verify the authenticity of your request before acting on it and any right to decline a request to the extent permitted by applicable law.

To submit a request to exercise any of these rights:

• Call us at 1 (800) 424-0737
• Complete an online request form at https://www.resmed.com/DataRequest.

Verification. Before responding to your request, we must first verify your identity. You must provide us with your first name, last name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity or, where necessary, to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us. We may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Businesses operating as an authorized agent on behalf of an individual must provide both of the following:

1. Certificate of good standing with its state of organization.
2. A written authorization document, signed by the individual, containing the individual’s name, address, telephone number and valid email address and expressly authorizing the business to act on behalf of the individual.

Individuals operating as an authorized agent on behalf of another individual must provide one of the following:

• A notarized power of attorney signed and dated by the individual naming the authorized agent as the individual’s representative.
• A written authorization document, signed by the individual, containing the individual’s name, address, telephone number and valid email address and expressly authorizing the individual to act on behalf of the individual.

We reserve the right to reject:

• authorized agents who have not fulfilled the above requirements
• automated requests where we have reason to believe the security of the requestor’s personal information may be at risk.

Response timing and format. We will respond to your request as required under applicable privacy laws. If we deny the request, residents of certain jurisdictions may appeal our decision by sending an email to privacy@resmed.com and we will respond to your request.

Additional California disclosures

Shine the light. California’s “shine the light” law permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not disclose personal information to third parties for their direct marketing purposes.

10. Children’s privacy

Our services are not intended for, or directed to, children, and we do not knowingly collect personal information from children under the age of 16. If you’ are under 16 years of age or otherwise considered a minor under the laws of your country of residence, please do not use or access our services at any time or in any manner. If we learn that we have received information directly from a child who is under the age of 16, we will delete such information from our systems. If you are a parent or legal guardian and become aware that your child has provided us with personal information without appropriate consent, please contact us by sending an email to privacy@resmed.com.

11. Data Privacy Framework

Under certain circumstances, as described in Resmed’s Data Privacy Framework Policy, Resmed relies on the EU-US Data Privacy Framework (the “DPF”), the UK Extension to the DPF, and the Swiss-U.S. Data Privacy Framework for data transfers from the EU, UK and Switzerland to the United States. In such circumstances, Resmed complies with the DPF, the UK Extension to the DPF, and the Swiss-U.S. Data Privacy Framework, as set out in Resmed’s Data Privacy Framework Policy.

12. Changes to this policy

The Policy is current as of the Effective Date set forth above. We may change, update or modify this Policy from time to time, so please be sure to check back periodically. We will post any updates to this Policy here. If we make any changes to this Policy that materially affect our practices regarding our use of the personal information we have previously collected from you, we will endeavor to provide you with notice.

13. Contact us

If you have any questions or concerns about this Policy, please contact us using the information below:

Privacy Office
Resmed Corp.
9001 Spectrum Center Blvd, San Diego, CA 92123
Tel: +1 (800) 424-0737
Email: privacy@resmed.com

Exercising your rights: If you would like to exercise any of your rights under this Policy, please complete an online request form at https://www.resmed.com/DataRequest.

RH-1111039/27 2025-01