Privacy and Cookie Policy Statement  


Privacy Policy

Your privacy is important to us. This privacy statement explains what personal data Osso VR ("Osso VR", "we", "us", "our") collects from you, when you use our websites that link to this Privacy Policy (each, a “Site”), our products and software applications (each, a “Product”), and our training simulations and other services that we provide via the Site and Products (collectively, the “Services”) and how we use that data.

  1. Principles

    • We are committed to complying with applicable data protection laws and principles, which means that your personal data will be:

      • Processed lawfully, fairly and in a transparent way

      • Collected for specific, legitimate purposes stated in this policy

      • Relevant and limited to what is necessary for those purposes

      • Accurate and kept up to date, as needed

      • Kept for no longer than is necessary for those purposes; and

      • Processed in a reasonably secure means

  2. Purpose of data collection

    • Osso VR collects personal data to deliver our Site, Products and Services, including providing the training experiences, feedback , performance analyses and metrics enabled by the Products.

    • Osso VR, with its primary place of business located at 615 S Eldorado St. #4 San Mateo, CA 94402, acts as the data controller for personal data you’ve provided, and for personal data collected by Osso VR in accordance with the terms of this Privacy Policy.

  3. The types of personal data we obtain throughout your use of our Services and Products is as described herein.

    Information you voluntarily provide

    We collect personal data you voluntarily provide to us in connection with the Site, Products and Services. For example, we collect the personal data you provide during account registration, such as:

    • Your first and last name

    • Your email address

    • Your profession

    • Your medical specialty

    • Your organization

    • Your profile password

    • This basic information is necessary to complete your user registration

    • If you decline to provide this information, you may not be able to create an account and use our services.

    • Osso VR reserves the right to confirm the accuracy of registration data using third party sources, including your sponsoring organization, or other data in the public domain.

    Information Automatically Collected.

    We may automatically collect certain personal data when you use our Site, Products and/or Services, as described below:

    • Like many online service providers, we may collect certain log file information when you use our Site, Products and/or Services. For example, we may collect your IP address, as well as information about your device, including the model, platform, locale code and UUID (universally unique identifier). This information can assist us in maintaining and improving our services, including during customer support diagnostics.

    • Usage and participation data

      • When you use our Services, we record your training and test runs, generate performance metrics, and monitor feature usage and participation on our platform. This includes, but is not limited to, page visits, training content viewed, procedure durations, scores, functional assessments and progress snapshots. We may share this data with the organization that provides access to our Products and Services on your behalf (e.g. your employer) and, if the training procedure you have used and/or participated in has been created by and/or sponsored by one of our partners (a “Sponsoring Partner”), we may share the results of such training with such partner.

    • Third party aggregate data

      • We and our partners may use digital properties to improve aggregate analytics, such as Azure analytics, and Google Analytics.

  4. Cookies

    We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site/Product(s)/Services.

    We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Site and (2) third party cookies, which are served by service providers on our Site, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.

    • Cookies We Use:

  • Disabling Cookies

    You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

    Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.

    If you do not accept our cookies, you may experience some inconvenience in your use of our Site. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Site.

5. How Osso VR uses Personal Information

Osso VR uses your personal data for the following reasons:

  • To operate effectively as a business and perform essential business operations, including providing and improving our Products.

    • We develop products to assist medical professionals, including surgical training content and resources tailored to a users’ specific role, stage of training, location and medical specialty. To enhance your productivity on our Product, we provide personal performance assessments, and try to recommend the most relevant content based on your profile and recent activities. To support and guide your training, we provide assessments and performance data to your sponsoring partner(s), which may include your faculty, senior residents, employer, or medical device company.

    • To ensure your experience with our products is optimal, we continuously assess, update and optimize our platform’s user experiences and we may use the personal data we collect to perform such assessment, updates and optimization.

    • We may use your personal data to restrict access to certain content, based on location or custom organizational agreements. 188864358 v5

    • Product issues, identified by users and communicated through customer support, are diagnosed and resolved using personal data collected from your interactions on our Products.

    • Decisions on product development and evaluations of product performance are based on business intelligence and analysis of user personal data.

    • We engage in research, and collaborate with others to improve and validate the Osso VR surgical training platform, such as validation studies examining the efficacy of Osso VR as a surgical training tool. These studies may include performance metrics from the personal data collected during customer training runs.

  • To deliver communications of personal interest including performance assessments and reports, product and content releases, training prompts and in response to product queries or support requests.

    • Osso VR may send communications to you via the email address provided by you during the registration process and through notifications delivered to your device. Osso VR may send you communications related to product and content releases and updates, and equipment maintenance. We send such communications so you are aware of changes we are making to content, product features, or new releases, which could affect your experience of our core services.

  • To inform Sponsoring Partner of engagement and interactions on branded content hosted on our platform.

    • Some surgical content on our platform may be created in partnership with a Sponsoring Partner, for example training on a surgical procedure using a branded device.

    • We share aggregated engagement metrics, such as metadata, with our Sponsoring Partners to allow them to track the quantity of users viewing and interacting with their content. Metrics may be aggregated, such as by profession, medical specialty, location and hospital affiliation. Additionally, we share aggregate performance assessments and metrics related to content branded under a Sponsoring Partner’s name or marks. Sponsoring Partners use metrics for product development, improving delivery of content and training for medical professionals as well as other purposes.

  • To enable your participation in an educational course, training or conference offered by a sponsoring partner

    • If you run our Product using equipment from the Sponsoring Partner (for example, at an educational course, training or conference), we will share performance training information associated with your name and email address, so the Sponsoring Partner can optimize their provision of educational resources based on proficiency data and usage metrics.

  • To track and report your performance on relevant Osso VR training tools to a Sponsoring Partner, including the curriculum owner, and residency program director.

    • If you accept an electronic invitation to use a sponsored curriculum, you grant Osso VR permission to share your Osso VR profile and relevant activity metrics on the Products with the Sponsoring Partner(s) who created or sponsored such curriculum. Sponsoring Partners may include, but are not limited to academic institutions, hospitals, and medical device companies. Activity metrics are related to platform content which belongs to the curriculum. You have the right at any time to opt out of a sponsored curriculum by providing written request to privacy@ossovr.com.

  • We may create anonymous data from personal data we receive about you and other individuals whose personal data we collect.

    • We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyses usage patterns in order to make improvements to our Site, Products and Services.

    • We may share anonymous data with Sponsoring Partners and other third parties for legitimate business purposes.

6. Sharing Your Personal Data

We may share your personal data as follows, and as otherwise described herein:

  • Third Parties Who Provide Your Access to the Services. We may share your personal data with the third party(ies) that provide access to the Product(s) and Services on your behalf, such as your employer or academic institution.

  • Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their service to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data.

  • Sponsoring Partners. As described above, Sponsoring Partners may create and/or sponsor the creation of certain curricula, training programs and other training materials (collectively, “Sponsored Programs”), which we may host and provide via our Products and Services. We may share the results you obtain from any Sponsored Program with the relevant Sponsoring Partner.

  • Affiliates. We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Privacy Policy. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.

  • Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition or bankruptcy transaction or proceeding.

  • Other Disclosures. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Privacy Policy; and (d) to protect our rights, privacy, safety, or property, and/or that of you or others.

7. Sharing Your Personal Data

  • In this section, we have summarized rights that you may have under data protection laws. The information we provide in this section is a brief summary. You should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

  • Your principal rights under EU data protection law include:

    • Access: You can request more information about the personal data we hold about you. You can also request a copy of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:

      • We may ask you to verify your identity, or ask for more information about your request; or

      • Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.

    • Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.

    • Objection: You can contact us to let us know that you object to the collection or use of your personal data for certain purposes.

    • Erasure: You can request that we erase some or all of your personal data from our systems. There are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

    • Restriction of Processing: You can ask us to restrict further processing of your personal data.

    • Portability: You have the right to ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.

    • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Products. Withdrawal will not affect the lawfulness of processing before the withdrawal.

    • Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority of your country or EU Member State.

  • You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

    • Our training simulations provide data and feedback to sponsoring partners, which those partners can use as an element of their overall evaluations of proficiency.

  • To contact us in relation to any of these requests, please use the email address privacy@ossovr.com.

8. Sharing Your Personal Data

  • Osso VR retains personal data for as long as necessary to provide our Products and Services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyze the data for the purpose it was collected (as described in section 3). Moreover, we are required to maintain appropriate business records, including records of assessments used for training and compliance.

9. Sharing Your Personal Data

  • Osso VR is committed to protecting the security of your personal data by endeavoring to use reasonable and appropriate technologies and processes to avoid unauthorised access or disclosure.

  • We utilize cloud storage services, like Microsoft Azure, for data storage and processing purposes. Our storage containers and databases may be located in data centers and systems around the world, including in the US or Europe.

  • We have offices in United States of America and Canada.

  • We recommend you take every precaution in protecting your Personal Data when you are on the Internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.

10. Changes to this Privacy Policy and Further Information

  • We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at www.ossovr.com/privacy. If we make a change to this policy that, in our sole discretion, is material, we will notify you via application notification or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy.

  • If you would like further information about privacy at Osso VR, please contact us at privacy@ossovr.com