Axonics Privacy Policy
Last updated: March 31, 2024

Introduction
Axonics, Inc. and its subsidiaries, partners, and affiliates (“Axonics”, “we”, “us” or “our) conducts business around the world, including within the United States, Canada, the European Union, United Kingdom, Australia, and New Zealand. We understand the importance of privacy to our customers, visitors, suppliers, business partners, employees, and other individuals (“you”, the “user”, or “data subject”). We are committed to protecting and respecting your privacy.

Some of the information we collect through this Site or through use of our Services may be “Personal Data” as defined below. This Axonics Privacy Policy (“Policy”) applies only to information collected through the website on which it is posted (“Site”) as well as any other applications (apps), events, newsletters, communications, or services provided by or on behalf of Axonics that link to or reference this Policy (“Services”). It does not apply to third-party platforms, to other Axonics-operated websites or other Axonics-operated platforms where it is not linked or referenced. This Policy may be supplemented or amended from time to time by additional privacy notices (“Privacy Notices”), provided at the time we collect your information. For example, certain pages of this Site may contain Privacy Notices providing more details about the information we collect on those pages, why we need that information, and choices you may have about the ways we use that information. In other cases, specific Privacy Notices may apply to applications, may be required to comply with the privacy laws of one of the countries, provinces, or states in which we do business.

Among other things, this Policy describes:

  • What information we may collect about you
  • How and on what basis we may use the information we collect
  • How we may collect your Personal Data
  • How long we keep your Personal Data
  • How we may share the information we collect
  • How we protect your information
  • How you can access and control your information
  • How you can contact us

If you have a disability, you may request access to this Policy in an alternative format by contacting legal@axonics.com.

What is Personal Data?
Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Your acknowledgment of this Policy
By using this Site, including your choices regarding cookie settings, or using the Services, you are acknowledging and agreeing to the collection, use, disclosure, and transfer of your information as described in this Policy (and any additional Privacy Notices that apply to you). If you do not agree to the collection, use, disclosure and transfer of your information as described in this Policy (and any Privacy Notices that apply to you), you may not use this Site or the Services. If you have questions about this Policy, or any Privacy Notice, please contact us using the information provided below.

Where any of your Personal Data is processed based on your express consent, you may revoke your consent to the collection, use, disclosure, and transfer of your information as described in this Policy (and any Privacy Notices that apply to you) by contacting us directly.

Complete agreement for use of the Site
This Policy is part of the Terms of Use that govern your use of this Site. A link to our Terms of Use is also provided through the Privacy Policy link near the bottom of each page of this Site.

Except as written in any other disclaimers, policies, or other notices on this Site, this Policy and the Terms of Use are the complete agreement between you and Axonics with respect to your use of this Site. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use. There may be additional terms that apply to particular materials on or sections of this Site.

Changes to this Policy
Axonics reserves the right to update or modify this Policy and any Privacy Notice, at any time and without prior notice, by posting the revised version of the Policy or Privacy Notice on this Site. These changes will only apply to the information we collect after we have posted the revised Policy or Privacy Notice on this Site.

Your use of this Site or the Services following any such change constitutes your agreement that all information collected from or about you after the revised Policy is posted will be subject to the terms of the revised Policy. You may access the current version of this Policy at any time by clicking on the link marked “Privacy Policy” near the bottom of each page of the public areas of this Site.

How do we collect your Personal Data?
How we collect Personal Data will depend upon the nature of your dealings with us. We collect and use non-Personal Data differently from Personal Data. When it is reasonable and practical to do so, we will generally collect your Personal Data directly from you. We may also collect Personal Data from third parties, including in the course of providing products to you such as from our distributors, your healthcare practitioners, your caregiver/family member, guardian, publicly available information and databases supplied by third parties.

If you are one of our suppliers, distributors or a healthcare professional that uses our products, your Personal Data may be collected from you, your employer, other employees, or third parties. Similarly, if you are a prospective employee, we may also collect information through third parties such as recruiters.

If you choose not to provide some Personal Data to us, this may affect our ability to provide products or services to you.

Information We Collect
Generally, Personal Data we may collect includes but is not limited to:

  • Name and contact details;
  • Details of your company, industry, role, and accreditations;
  • Information from your visits to our websites, including the IP address, type of browser, device (including unique device identifiers) and operating system you use, network information, access times, pages viewed, links clicked on, cookie information;
  • Details of products you have inquired about, including any additional information necessary to respond to your inquiries;
  • Information that you provide to us directly through one of our websites, apps, or that you email to us; and
  • Information you provide in customer surveys, interviews, or case studies.

It is important that the Personal Data we hold about you is accurate and current. Please let us know if your Personal Data changes.

Product User Data
If you are someone who uses our products, including clinical trial participants: we may collect additional specific information about your use of our products and yourself, such as your gender, date of birth, your medical history and conditions, treatment, device information, family and social history, medical inquiries you or your physician make, and adverse events you report. We may receive some of this information from third parties, such as our distributors or your health care professional. Some of this information may be, but is not always, anonymized, or de-identified. If you are a clinical trial participant, your information will be used in accordance with the informed consent and applicable law.

Suppliers, Customers or Other External Stakeholder Data
If you are a supplier, customer, distributor, or a healthcare professional that uses our products: we may collect additional specific information including information about your professional details, practice specialty and areas of interest, membership of professional associations, product usage and your dealings with us.

If you are an employee, contractor or applicant: we may collect additional specific information including your gender, date of birth, contact details, information collected in our employment records, including tax file number, job application, reference checks, curriculum vitae/resume, records of training, documentation of performance appraisals and disciplinary matters,

employment terms, and medical condition or history. We may receive some of this information from third parties such as recruiters or from reference checks.

Personal Data You Manually Provide through this Site
Axonics collects the information you manually provide (e.g., using your keyboard, mouse, or touchscreen) when you use this Site. For example, we collect the information you provide if you choose to complete a questionnaire, contact us with questions, or otherwise interact with this Site. Some of the information you may choose to manually provide will be Personal Data including but not limited to:

  • Contact data: such as name, title, address, phone number, mailing address, and email.
  • Other identifiers: such as various types of personal health information (e.g., health insurance information, medical information, and the like), online identifiers, and other similar identifiers.
  • Communication data submitted by you: such as questions and feedback.
  • Demographic data: such as language, age, and gender.
  • Marketing preferences: such as e-mail subscription and frequency preferences.

Information Automatically Collected through this Site
Axonics collects information through this Site that is sent to us automatically by your web browser or mobile device. This information may include but is not limited to:

  • Product use and application data (including date and time of your visit)
  • IP address
  • The browser you are using (including name and version)
  • Your location and other geographic data, if you are sharing that information
  • The website you came from and the website you visit after leaving
  • Pages viewed on the Site
  • Links clicked on the Site
  • Time spent on a particular page of the Site or the Site as a whole
  • Site data used to facilitate the use of the Site such as login and technical data

The information we receive may depend on your browser or device settings as well as your cookie settings. The information we receive from your web browser and device typically is not, in and of itself, personally identifiable. However, we may combine it with other information that either does, or may, identify you.

Information Collected by Cookies and Other Technologies through this Site
We may use “cookies” and other technologies to collect information and support certain features of this Site. For example, we may use these technologies to:

  • Collect information about the ways visitors use this Site—which pages they visit, which links they use, and how long they stay on each page
  • Support the features and functionality of this Site—for example, to save you the trouble of reentering information already in our database or to prompt the settings you established on previous visits
  • Personalize your experience when you use this Site; and
  • Improve our marketing efforts, including through use of targeted advertising.

The information we may collect using cookies and similar technologies is not, in and of itself, personally identifiable, but we may link it to Personal Data that you provide. If you do not wish to receive cookies, you may choose to reject cookies in your cookie settings when you visit our Site. You may also set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept cookies when you visit this Site, you may be unable to use all of the functionality of this Site if you or your browser rejects cookies.

Information Collected by Third-Party Cookies through this Site
In addition to the cookies Axonics delivers to your computer or mobile device through this Site, certain third parties (Tracking and Performance Cookies) may deliver cookies to you for a variety of reasons. For example, we may use a web analytics tool that helps us understand how visitors engage with our Sites.

Other third parties may deliver cookies to your computer or mobile device for the purpose of tracking your online behaviors over time and across nonaffiliated websites and/or delivering targeted advertisements either on this Site or on other websites.

You have choices about the collection of information by third parties on our Sites. You may use the cookie pop-up banner on the Site to decline non-essential cookies. Additionally, you may download an Opt-out Browser Add-on to opt-out of Google Analytics by clicking here. Similarly, to opt-out of cookies used for interest-based advertising by similar services globally, click here or here.

You will be directed to an industry-developed website that contains mechanisms for choosing whether each listed entity may collect and use data for online behavioral advertising purposes. It may be that some of the third parties that collect interest-based information on this Site do not participate in the industry-developed opt-out website, in which case the best way to avoid third-party tracking of your online behaviors may be through your browser settings and deletion of cookies. Please note that the industry-developed opt-out mechanisms are device and browser specific. If you wish to opt-out from having interest-based information collected by participating entities across all devices and browsers, you need take the steps outlined above from each device and browser.

Our Legal Basis for Processing Personal Data
We may process the Personal Data we collect/receive as permitted by law. Generally, this will be based on one of the following.

  • Legitimate interest. We can process your Personal Data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests. We may use your Personal Data to help us provide you with our services and give you the most appropriate information, products and services and provide you with the best experience when dealing with us.
  • Consent. In some cases, we will process your information with your consent. For example, if you sign up for email communications, provide your phone number for phone communication, or you may be providing special categories of Personal Data such as your health information. Please note that we may have a different legal basis for processing (e.g., legitimate interest) in some cases so that consent is not needed. When our use and sharing is not readily apparent when you provide your information, we aim to provide additional information at the time we collect the information regarding our purposes and use of the information. In most cases, we will seek your consent before we process health information about you.
  • To fulfill our obligations to you under a contract. If you purchase a product from us, we may process your personal data to fulfill our contract with you.
  • As required by law. Where we are required to comply with our legal obligations, or to establish and defend our legal rights, or to prevent and detect crimes such as fraud.

How We Use Your Information

Collected through this Site
We may use the information we collect through this Site for various purposes, including but not limited to:

  • To provide you with access to this Site.
  • To respond to your requests.
  • To personalize your access to our Site.
  • To develop records (including records of your Personal Data).
  • To contact you with pertinent information about products, clinical trials, or important safety information, and about products and services of ours and of others.
  • For analytical purposes and to research, develop, and improve programs, products, services, and content.
  • To remove your personal identifiers. Once we have de-identified information, it may be considered non-Personal Data and if so, we may treat it like other non-Personal Data.
  • To enforce this Policy and other rules about your use of this Site.
  • To protect someone’s health, safety, or welfare.
  • To protect our rights or property.
  • To comply with a law or regulation, court order or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities.

Collected through our Services
Generally, the purpose for which we collect Personal Data will be apparent from the way in which we collect it or will be disclosed before or at the time of collection. We may use your information, including Personal Data to:

  • Provide you and your healthcare professionals with product support.
  • Respond to and fulfill queries and requests you, your healthcare professional and our distributors and suppliers may make.
  • Administer, improve, and promote our products.
  • Analyze the performance of our products.
  • Improve our services and services of our third-party suppliers and distributors.
  • Monitor the safety of our products; record, analyze, report, and respond to medical queries, complaints and safety reports as required by regulatory bodies and other relevant companies which market and sell our products.
  • Notify you of matters concerning the safety of our products which we consider you should be notified of, or as may be required by law or regulation.
  • Generate and maintain customer lists for our own market research and to enable us or our distributors to undertake marketing to you and others.
  • Perform clinical trials and other research organized by us which you have agreed to be involved in.
  • Administer patient support, health awareness/management programs, or other similar programs organized by us.
  • Organize and administer conferences, symposia, seminars, or other events and meetings.
  • Generate and maintain our investor information to comply with legal requirements and to enable reporting to investors.
  • Provide you with information such as our press releases.
  • To maintain our register of shareholders and investor communication lists and to make offers and communicate with our shareholders and investors.
  • Comply with applicable laws, regulations, guidance, codes of conduct, product approvals, license requirements and ethical requirements including to comply with demands or requests made by regulators, governments, courts, and law enforcement authorities.

How We Share Your Information
Our headquarters are in the United States. We may disclose your information to other companies, or to databases or servers overseas which may be provided to us by our third-party service providers. As a result, your Personal Data is sometimes shared with others and transferred and processed outside of your home country. We may share your Personal Data with:

  • Other companies within our group.
  • Third parties with whom we have a business relationship, including distributors, agents, suppliers, healthcare professionals, and advisors. This would also include companies that provide technology services to us, our professional advisors, and auditors.
  • Governments, regulators, courts, and law enforcement authorities.
  • Other third parties in connection with any reorganization or sale of all or any part of our business.

We will not sell or otherwise distribute Personal Data about you to any person, except as provided in this Policy and in accordance with applicable law and regulation. The circumstances in which we may disclose that information include where:

  • We may share your information with selected third-party service providers in connection with our business operations, for example, email or cloud service providers.
  • We expressly tell you at the time you supply the information, or it is expressly permitted under any agreement with you.
  • The information is aggregated and/or no longer personally identifiable.
  • It is necessary to provide you with the products which you have requested.
  • It is requested by third parties for use in the ordinary operation of our business. We will only disclose your Personal Data to reputable third parties and only on a confidential basis.
  • Disclosure is in response to demands or requests made by regulators, governments, courts, and law enforcement authorities.
  • Permitted or required by law, regulation, or applicable guidance.

How We Protect your Information
Axonics seeks to use commercially reasonable measures to protect Personal Data. Although we seek to protect your information against unauthorized use or disclosure, we cannot guarantee the security of information provided over the Internet or stored electronically, whether by us or a third party.

Transfer and Storage of your Personal Data
We may store, collect, transfer, and process your Personal Data in a country other than your country of residence. These countries may include the United States, Australia, New Zealand, the United Kingdom, or countries in the European Union. The data protection and other laws of countries to which your information may be transferred may be different in your country.

For Residents of the European Union and United Kingdom: The European Commission has the power to determine, on the basis of the General Data Protection Regulation (“GDPR”), whether a country outside the European Union offers an adequate level of data protection by making an ‘adequacy decision’. The European Commission has adopted an adequacy decision for the U.S. called the EU-U.S. Data Privacy Framework. However, with respect to any transfers of information from the EU, we may rely on other legal bases to lawfully transfer personal data. Although the security of data transferred through the internet cannot be completely guaranteed at all times, we strive to implement appropriate measures to protect and secure your Personal Data when it is transferred outside of your home country, including as determined appropriate: encryption in transit, encryption at rest, and secure sockets layer (SSL).

Retention of Your Information
We aim to keep Personal Data as long as determined necessary to support legitimate business purposes and to comply with legal and regulatory requirements. We may also maintain your information as required to comply with any contract of which we are a party.

Children’s Privacy
This Website is not targeted to children under the age of 18 and we do not knowingly collect or solicit Personal Data about such children. If we discover that a child has provided us with Personal Data online through this Website, we will delete this information promptly. If you believe we may have received Personal Data from a child under the age of 18, please contact us immediately.

Your Rights

Marketing Email Opt-Out
You may revoke your consent for the receipt of marketing communications that we send to you at any time by using the “unsubscribe” functionality included in our emails to you or by contacting us directly. You should note that this will not affect all communications from us, such as notices we are legally obligated to provide or if we are responding to an email you send us.

Data Subject Rights
Your rights will vary depending on which laws apply, and different laws may apply depending on where or your data is located. You may make a request to exercise any rights that you may have, and we will take reasonable steps to comply with any laws that apply. Your rights may include:

  • Know or be informed. You may have the right to know about and confirm the existence of Personal Data about you, how we use or share it, what categories of Personal Data we process, our purposes of processing, and categories of parties we disclosed Personal Data to.
  • Access and portability. You may have the right to access your Personal Data, specific pieces of information, and know of any third parties to whom your Personal Data was disclosed. You may have a right to obtain a copy of your data, including in a machine-readable format.
  • Correction. You may have the right to correct or amend your data if it is incomplete, inaccurate, or outdated.
  • Deletion or elimination. You may have the right to request your Personal Data be deleted or eliminated. Subject to applicable law, we may de-identify this data in certain circumstances. Please email dataremoval@axonics.com to have your data removed from our systems.
  • Restriction. You may have a right to restrict processing of your data in some circumstances.
  • Objection and opt-out. You may have the right to object to or opt-out of processing of Personal Data about you in certain circumstances.
  • Consent and cancelation of consent. You may have the right to consent, and to withhold or cancel that consent, for some practices, including processing of sensitive Personal Data or data on children, or where we use consent as our lawful basis for processing or transfer.
  • Non-discrimination. We will not discriminate against you for exercising your rights. This does not necessarily include, where permitted by applicable law in your jurisdiction, cases where a difference in price or services offered is reasonably related to the value provided by Personal Data you provide, or where you consent to participate in a voluntary program offering incentives (such as a loyalty program).
  • Appeal. You may have the right to appeal decisions we make about the exercise of your rights. To submit an appeal to a decision we made about the exercise of your rights, you may send an email to legal@axonics.com. Please enclose a copy, or otherwise specifically reference our decision on your data subject request, to allow us to address your appeal. We will make reasonable efforts to comply with applicable law when we respond to your appeal.
  • Make a complaint. You may have the right to complain to regulators, such as your state attorney general, local data protection agency or authority, or other public bodies responsible for data protection and privacy enforcement. For more information, if you are in the European Economic Area (EEA), please contact your local Supervisory Authority in the EEA.

Submitting a Request or Inquiry
If you want to submit a request or inquiry to us regarding privacy rights you may have, you or your Authorized Agent can contact us using our contact information below. You do not have to create an account with us to submit a request. We will make reasonable efforts to respond to your request according to the process described below:

  • Your request will be confirmed within ten days of receipt and we will aim to respond within 45 days unless shorter periods are required by law. If we need more than 45 days, we will notify you that your request is being delayed.
  • We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. In the process of verifying your request, we may contact you to ask for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose. Once we have received and verified the requested information from you, we will contact you with our response to your request, including any data, if applicable. If we do not hear from you or if we are unable to verify your identity for the request, we will contact you to inform you that we cannot process your request because we cannot verify your identity.
  • We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
  • We will respond to reasonable requests in accordance with applicable law and subject to legal and contractual restrictions. We will not discriminate against you for exercising these rights.
  • There may be times where we cannot comply with your request. For example, if such disclosure would interfere with the privacy of others or if it would result in a breach of confidentiality. We will provide an explanation for our refusal to grant access.
  • California residents, please also see the respective Privacy Addendum for further details.

Data Subject Rights Contact
Axonics, Inc.
Legal Department
26 Technology Drive
Irvine, CA 92612 USA
1-877-929-6642
legal@axonics.com

Links to Other Websites
This Policy applies only to the Axonics-operated websites on which it is posted. Axonics and its affiliates may operate different websites for different purposes and in different countries, where different laws may apply. If you visit another Axonics website, please take a moment to review the privacy policy posted on that site to learn what information may be collected through that site and how it is processed. This Site may also contain links to websites that are not operated by or on behalf of Axonics or its affiliates. These links are provided for your reference and convenience only and do not imply any endorsement of the products sold or information provided through these websites, nor any association with their operators. Axonics does not control these websites and is not responsible for their data practices. Any information you provide to third parties on their websites is covered under their privacy and data collection policies and is not covered by this Policy. We recommend you review the privacy policy posted on any site you visit before using the site or providing any Personal Data.

Contact Us
If you have any questions regarding this policy or about our privacy practices or need to contact us for purposes related to this Policy, please contact us.

Email: legal@axonics.com

Mail: Axonics, Inc. 26 Technology Drive Irvine, CA 92618 Attn: Legal

Further Information on Privacy If you are a resident of the UK or EU, you can contact your local Information Commission Office or local supervisory authority.

Further information may be obtained on privacy issues in Australia by visiting the Australian Information Commissioner’s website at https://www.oaic.gov.au/. The Australian Information Commissioner’s hotline on 1300 363 992 or, if calling from outside Australia, +61 2 9942 4099.

State Privacy Notice Addendums

If you are a resident of one of the following states, you may have the rights set forth in the applicable section.

If there are any conflicts between the applicable section and any other provision of this Privacy Policy and if you are a resident of the state, the portion that is more protective of Personal Information will control to the extent of the conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us via the contact information provided below.

Addendum: California Residents Privacy Notice
Effective March 31, 2024

If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights.

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), defines Personal Information as information that identifies, relates to, or could reasonably be linked with you or your household.

Please note that we may process Personal Information of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Information as a service provider, you should contact the entity that collected your Personal Information in the first instance to address your rights with respect to such data.

If there are any conflicts between this section and any other provision of this Privacy Policy and if you are a California resident, the portion that is more protective of Personal Information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us via the contact information provided below.

Categories of Personal Information we collect and share
We may collect Personal Information as defined by the California Consumer Privacy Act. See the chart below for categories of Personal Information from our California consumers:

  • Collected within the last twelve (12) months from the sources listed in the Privacy Policy.
  • Shared within the last twelve (12) months with the third parties described in our Privacy Policy.
Category Examples Collected Shared
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES NO
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. YES NO
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES NO
G. Geolocation data Physical location or movements. YES NO
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO NO
I. Professional or employment-related information. Current or past job history or performance evaluations. YES NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO NO

The examples provided above come from the CCPA and other statutes, as noted. They are reproduced here for your convenience to help you understand the types of information that are considered within each category. It is not meant to imply that we collect all such information listed in the examples. We only collect the specific pieces of Personal Information described in our Privacy Policy (defined as “Personal Data”).

Sensitive Personal Information We May Collect and Our Purposes for Collection and Use
The CPRA’s definition of sensitive personal information includes the following types of information:

  • Social security number, driver’s license number, state identification card number, or passport number;
  • A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • Biometric information processed for the purpose of identifying a consumer; and
  • Health and medical information.

Right to Limit the Use of Sensitive Personal Information
California residents have the right to limit the use of sensitive personal information in some circumstances. Axonics only collects sensitive personal information, as defined by applicable California law, with your consent and only uses the sensitive personal information for the use disclosed at the time of collection. Axonics does not use sensitive personal information for inferring characteristics about you. Axonics will only use your sensitive personal information to provide you with the services you requested. Axonics does not share your sensitive personal information with third parties.

You can find a list of the categories and specific types of sensitive personal information that we collect in the chart above. We only collect and use sensitive personal information to provide you with products and services.

Use and sharing of personal information
We may use or disclose the Personal Information we collect for business or commercial purposes as described in the Privacy Policy. Including that we disclose your Personal Information for a business purpose to the following categories of third parties:

  • Third-party vendors and service providers as described in our Privacy Policy;
  • All other third parties described in our Privacy Policy.

We may share your Personal Information. You have the right to opt-out of sharing or selling of your Personal Information.

Your rights

By law if you are a resident of California, you have the following rights:

  • The right to notice. You must be properly notified which categories of Personal Information are being collected and the purposes for which the Personal Information is being used.
  • We may share or sell your Personal Information (as the terms “sale” and “share” are defined in the CCPA). You have the right to opt-out of sale or sharing of your Personal Information as described below.
  • The right to know about your Personal Information. You have the right to request and obtain from us information regarding our collection, use, and disclosure of the following data within the past twelve (12) months:
    • The categories of Personal Information collected
    • The sources from which the Personal Information was collected
    • The business or commercial purpose for collecting or selling the Personal Information
  • Categories of third parties with whom we share Personal Information
  • The specific pieces of Personal Information we collected about you
  • The right to delete Personal Information. You have the right to request that we delete the Personal Information that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Information to provide you with the Site or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
  • The right not to be discriminated against. We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Site as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or

levels of quality of the goods or services you receive related to the value of Personal Information that we receive from you.

Exercising your rights

To exercise the rights described above, you or your Authorized Agent (defined below) may make a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

You may submit a Valid Request by e-mail (legal@axonics.com) or toll-free telephone call (1-877-929-6642)

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may also authorize someone other than yourself (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this.

Do Not Sell or Share My Personal Information
We may sell or share Personal Information when the Service Providers we partner with (for example, our advertising partners) use technology on the Site in a way deemed a “sale” of Personal Information as defined by the California Consumer Privacy Act (CCPA). “Sale” and “sharing” includes only disclosures that are defined as a “sale” or “sharing” by the CCPA.

If you wish to opt out of the use of your Personal Information for interest-based advertising purposes and these potential sales as defined under the CCPA, you may do so by following the instructions below.

Website If you want to stop the use of third-party cookies for interest-based advertising, you may follow the instructions in the “Cookies” section of our Privacy Policy. Please note that this opt-out is specific to the browser you use. You may need to opt out on every browser that you use and anytime you clear your browser’s cache.

Mobile Devices Your mobile device may give you the ability to opt out of the use of information about the apps you use to serve you ads that are targeted to your interests:

  • “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
  • “Limit Ad Tracking” on iOS devices

You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)
Our Site does not respond to Do Not Track (“DNT”) signals. However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

California’s Shine the Light law
Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.

If you’d like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us using the contact information provided in this Policy.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if you are a California resident, you can contact us using the contact information provided in this Policy and include the email address associated with your account.

Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Addendum: Washington My Health My Data Act (“MHMDA”)
Effective March 31, 2024

Categories of Consumer Health Information We Collect and Share
If you are a Washington resident, this addendum applies to you and you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights.

“Consumer Health Data” is used in this addendum as it is defined in the Washington My Health My Data Act (MHMDA). It generally includes any information that is linked or reasonably linkable to a Washington resident and that identifies that individual’s past, present, or future physical or mental health status. Excluded from Consumer Health Data are certain types of health information, such as when we must collect, use, and disclose health information to meet our regulatory obligations or as part of a clinical trial. We do not collect, share, or sell Consumer Health Data unless we have your consent.

See the chart below for categories of Consumer Health Data we may collect and process about you, if you give us your consent.

Category of Consumer Health Data Purpose for Processing Data Source of Information Shared/Recipients
Individual health conditions, treatment, diseases, or diagnosis
Dynamics interventions
Health-related surgeries or procedures
Use or purchase of prescribed medication
Bodily functions, vital signs, symptoms
Diagnoses or diagnostic testing, treatment, or medication
To provide consumers information and education about Axonics’ products and help connect them to a provider that can provide them diagnosis and treatment options. Consumer opt-in through Survey submission form
  • Service providers (e.g., call center)
  • Health care providers selected by the consumer
Genetic data N/A N/A N/A
Precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies (geofencing) N/A N/A N/A
Data that identifies a consumer seeking healthcare services To provide consumers information and education about Axonics’ products and help connect them to a provider that can provide them diagnosis and treatment options. Self-reported via Survey submission form
  • Service providers (e.g., call center)
  • Health care providers selected by the consumer

Exercising Your Rights Under MHMDA
As a resident of Washington, you have the right to:

  • Confirm whether Axonics is collecting, sharing, or selling Consumer Health Data concerning you and to access such data, including:
    • A list of all third parties and affiliates with whom Axonics has shared or sold the Consumer Health Data
    • Access an active email address or other online mechanism that you may use to contact these third parties
  • Withdraw consent from Axonics to collect and share your consumer health data
  • Request to have Consumer Health Data concerning you deleted and exercise that right by informing Axonics of your request for deletion
  • Appeal if Axonics does not address an attempt to exercise one or more of these rights to your satisfaction

You may request that Axonics take the actions outlined in the paragraphs above to exercise your rights under MHMDA by submitting a request, at any time, to Axonics. Axonics must respond within forty-five (45) days unless an extension is requested (for up to 45 additional days).

Questions?

We are here to help answer any questions you may have about Axonics Therapy.