Privacy Policy

Please select the drop down arrow tab to view the policies. Privacy Policy
This privacy policy has been compiled to better serve those who are concerned with how their “Personally Identifiable Information” (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how SomnoMed collects, uses, protects or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from people that visit a SomnoMed blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information, health information or other details to help you with your purchase of products from us, or for SomnoMed to provide you with more information about our products.

When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter, fill out a form, use Live Chat, open a Support Ticket or enter information on our site.

How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To quickly process your transactions.
  • To ask for ratings and reviews of services or products
  • To follow up with them after correspondence (live chat, email or phone inquiries)

How do we protect your information?
Our website is scanned on a regular basis for security gaps and potential vulnerabilities in order to make your visit to our site as safe as possible. We use regular Malware Scanning.

Your personal information is maintained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order, enters, submits, or accesses their information in order to maintain the safety of your personal information. All transactions are processed through external service provider and are not stored or processed on our servers.

Do we use “cookies”?
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user’s preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings.  Look at your browser’s Help Menu to learn how to modify your cookies settings.

If you turn cookies off, some features will be disabled. However, you will still be able to place orders.

Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide you with advanced notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.

We use Google AdSense Advertising on our website.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

We have implemented the following:

  • Remarketing with Google AdSense
  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting
  • DoubleClick Platform Integration

We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie), or other third-party identifiers together, to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Opting out of Google Ads:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at:

According to CalOPPA, we agree to the following:
Users can visit our site anonymously.Once this privacy policy is implemented, a link will be added to our home page or on the first significant page after entering our website.
Our Privacy Policy link includes the word ’Privacy’ and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes by:

  • Visiting our Privacy Policy Page
  • Changing your personal information
  • Calling us at +1 888 447 6673
  • Logging into your account



Important Information for California Residents
This section applies only to California residents.  It explains how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information.  For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Information.  You can request the following information about how we have collected and used your Personal Information during the past 12 months: the categories of Personal Information that we have collected; the categories of sources from which we collected Personal Information; the business or commercial purpose for collecting and/or selling Personal Information; the categories of third parties with whom we share Personal Information; whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient; or whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
  • Access.  You can request a copy of the Personal Information that we have collected about you during the past 12 months.
  • Deletion.  You can ask us to delete the Personal Information that we have collected from you.
  • Opt-out of sales.  If we sell your Personal Information, you can opt-out.In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
  • Opt-in.  If we know that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent’s or guardian’s permission) to sell your Personal Information before we do so.
  • Nondiscrimination.  You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying

How does our site handle “Do Not Track” signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?
Yes, we allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Process orders and to send information and updates pertaining to orders.
  • Send you additional information related to your product and/or service
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails:
Email us at and we will promptly remove you from ALL correspondence.

Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.

SomnoMed, Inc.- North America
PLANO, TX 75024
United States

Rest Assure by SomnoMed App: Privacy Notice for Patient use.

Effective: October 2023

1.      About this Privacy Notice

SomnoMed (‘SomnoMed’, ‘we’ ‘us’, or ‘our’ refers to SomnoMed) is committed to protecting the privacy and security of your Personal Data . Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly. SomnoMed acts as the data controller pursuant to Art. 4 (7) General Data Protection Regulation (GDPR) therefore, we want to be transparent about the types of Personal Data we collect about you and how we use it. A “data controller” is an organisation or person that decides what data is processed. The data controller also decides how and why this needs to be done. The data controller is legally responsible for that data.

This Rest Assure Privacy Notice (Notice) explains how we collect, use and share any information we gather about you (Personal Data) through your use of the SomnoMed Rest Assure App (App).

It informs you about your rights and freedoms for our use of your Personal Data. This Notice also describes how we process your Personal Data. If you do not want SomnoMed to process any of your Personal Data through this Service, as described in this Notice, do not install and use this Service.

2.      Types of Personal Data we collect

We receive or collect information and personal data, as described in detail below, when we provide our Services, including when you download, install, access the App, or use our Services related to Rest Assure. Without this information, we may not be able to answer your questions or provide you with your preferred Rest Assure service.

When you use the App, we collect the following categories of Personal Data about you:

  1. Account data: E-Mail address, first name, last name.
  • Why we need it

We use your Account Data to create and manage your account for the Service as well as to provide you, your Sleep Physician and Sleep Dentist with objective data on your sleep, so they can monitor and improve your therapy.

  • Legal basis

The lawful basis we rely on are contractual necessity Art. 6 para. 1 lit. b) GDPR as well as your Consent pursuant Art. 6 para. 1 lit. a) GDPR is provided when you download the Rest Assure app and sign up for an account.

You can withdraw your consent at any time with effect for the future. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

  1. Identification data: First name, last name, date of birth, gender, and region of residence.
  • Why we need it

The data is required to register and create an account and to provide you, your Sleep Physician and Sleep Dentist with objective data on your sleep, so they can monitor and improve your therapy.

  • Legal basis

The lawful basis we rely on are contractual necessity as per Art. 6 para. 1 lit. b) GDPR and with respect to “gender” data we rely on your consent as the legal exception for processing your health data under Art. 9 para. 2 lit. a) GDPR.

You can withdraw your consent at any time with effect for the future. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

  1. Sleep-related health data collected through your therapy device: Usage hours, sleep hours, average breathing events per hour (surrogate AHI), your sleep position (on your back, side or front), your breathing events per hour while sleeping on your back supine (surrogate supine AHI), your sleep quality (on a scale of 1-10 provided by you), the date you started therapy with Rest Assure, the number of days of treatment you have had with Rest Assure, your Rest Assure device type and serial number and the number of times your sleep is interrupted during a sleep period.
  • Why we need it

To provide you, your Sleep Physician and Sleep Dentist with objective data on your sleep, so they can monitor and improve your therapy.

  • Legal basis

Sleep-related data is considered a ‘special category of personal data’ so, the lawful basis we rely on is your consent as the legal exception for processing your health data under Art. 9 para. 2 lit. a) GDPR.

You can withdraw your consent at any time with effect for the future. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.


  1. Sleep data
  • Why we need it

The Service enables us to collect information about your sleep patterns and disorders. Sleep-related data is considered health-related when it is used to analyse your state of health and to assess your health risks. This is the case, for example, where our analysis of your sleeping disorders is based on the high number of apneas per hour measured over a night or series of nights.

  • Legal basis

Under the GDPR, your sleep-related data is considered a ‘special category of personal data’, the lawful basis we rely on is your consent under  Art. 9 para. 2 lit. a) GDPR.

You can withdraw your consent at any time with effect for the future. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

  1. Customer service log data: Date and type of request from you for assistance with your Rest Assure device, docking station or app.
  • Why we need it

To provide you, your Sleep Physician and Sleep Dentist with objective data on your sleep, so they can monitor and improve your therapy and to support your requests for assistance.

  • Legal basis

The lawful basis we rely on is contractual necessity Art. 6 para. 1 lit. b) GDPR.

  1. Retrospective studies, research and assessments in Healthcare

SomnoMed does use data from the use of the Rest Assure device for retrospective studies, research and assessments in the Healthcare sector. This data may also result from your use of the Rest Assure device.

The data used is always de-identified and does therefore no longer count as personal data, because you as an individual cannot be identified.

  1. Cookie data:

The SomnoMed Rest Assure App does not set any Cookies.


3.      Why we process this Personal Data

  • To enable you to create your account and connect your therapy device to the Service;
  • To manage our relationship with you and provide you with support for the Service;
  • To allow your sleep physician and sleep dentist to see your therapy data;
  • To analyse your sleeping pattern and disorders;
  • To help you enhance the quality of your sleep;
  • To give you access to your sleep-related data at all times;
  • To administrate, maintain, improve and secure our Service;
  • To inform you about any technical updates to the Service or assist you with any technical difficulties that you have.

4.      Permissions

To scan the QR code supplied in the box with your Rest Assure device, and to connect your Rest Assure device to the Rest Assure App you may need to give permission for the Service (Rest Assure App) to use your phone’s other features (such as the camera, Bluetooth functionality on your phone and location services (Android phone users only).  The location services will be active on Android phones even when the app is closed or not in use, as the Rest Assure App uses this function to find your Rest Assure device.

5.        How we obtain your Personal Data

Most of the information we process is obtained directly through the SomnoMed Rest Assure device that monitors your sleep or provided by yourself, e.g., by setting up your Rest Assure profile.

In addition, we may obtain some Personal Data indirectly from our partners and other third parties, when you exercise your right to data portability, with a view of enabling us to provide you the services available on the App.

6.      Who we share your Personal Data with

We may disclose your Personal Data to the following categories of recipients:

We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.

Our third-party vendors, service providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Notice. This may include disclosures to third-party vendors based inside as well as outside the EU/EEA and other service providers we use in connection with the services they provide to us, including to support us in areas such as IT platform management or support services, infrastructure and application services, marketing and data analytics. When we utilize Sub-processors, we include terms in the contract between SomnoMed and the Sub-processor, which offer at least the same level of protection as this Privacy Notice.

Your sleep dentist (and their clinic or hospital) or medical practitioner (and their clinic or hospital) who may process your Personal Data to better follow up with your therapy and only when you have given your consent.

Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other person.

Our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose.

A potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer they must use your Personal Data only for the purposes disclosed in this Notice.

Recipient/Category of Recipient

Purpose of transfer/disclosure

Legal basis of the processing

Data transfer (country)

Microsoft Azure

Data Processor

MS Data Protection Addendum

HDS Certification Certificate 701569


Planet Innovation

IT Support Services

Legal agreement


SomnoMed Ltd

Data Controller

Intercompany agreement



7.      How we protect your privacy

We process Personal Data in accordance with the following data protection principles:

Fairness: We process Personal Data fairly. This means that we are transparent about how we process Personal Data.

Lawfulness: We process Personal Data only for lawful reasons.

Purpose limitation: We process Personal Data for specified explicit and legitimate purposes. We do not process it in a manner that is incompatible with those purposes unless permitted by applicable data protection laws.

Data minimisation: We process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for processing the data.

Data accuracy: We take appropriate measures to ensure the Personal Data we retain about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current as possible by informing us promptly of any changes or errors.

Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. Our measures provide a level of security appropriate to the risk of processing your Personal Data. In particular, we protect all data according to the varying levels of risks through physical measures (including secure areas), technical measures (such as encryption) and organisational measures (such as employee security through vetting and supervision).

Limited retention: We keep your Personal Data in a form that allows us to identify you for as long as necessary to achieve the purposes for processing your data. We do not store your data for longer unless we must comply with applicable laws.

8.      Data storage, retention and deletion

The Personal Data that we collect from you are stored in The Netherlands (a main system and backup system). We retain your identification data, contact details and account data for as long as you are using the service.

If you no longer want to use the Service, you may delete your account in the account settings of the Rest assure app. Upon deletion of your account, we will delete your personal data in our active database. Some of your Personal Data (as described above in the Section 2. Types of Personal Data we collect and why) must be stored by SomnoMed in an archive database for the periods listed below. Indeed, as the Data Controller, SomnoMed is legally required to comply with its legal obligation and these storage periods under applicable laws (including but not limited to Regulation (EU) 2017/745 of 5 April 2017 on medical devices). The access given to these archived personal data will be strictly restricted.

Besides the retention of your Personal data as described above SomnoMed is legally required to keep data resulting from your use of the Rest Assure Device for the following reasons and periods:

  • To improve the use, performance, and safety of medical devices, customer health data must be kept for a period of ten (10) years, as of the date of its reception by SomnoMed.
  • For the purposes of post-market surveillance, customer Personal Data must be kept for a period of ten (10) years after the medical device was last available on the market.
  • For the purposes of materiovigilance, customer Personal Data must be kept for a period of fifteen (15) years after the drug, medical device or product was taken off the market.

Furthermore, for the purposes of healthcare studies, assessments and research, personal data must be kept for a period defined by the specific study in question (subject to MR or CNIL approval).

9.      Technical and organisational measures

We use various data security and privacy measures to protect your Personal Data and comply with applicable data protection laws.

Your Personal Data is stored in a secure data centre, managed by a certified health data hosting service as required under the French Public Health Code (Article L.1111-8). Our subcontractor operates under our strict and precise instructions. The subcontractor is audited on a regular basis by SomnoMed and by independent third-party auditors, including penetration testing and certification audits. Our subcontractor is responsible for SomnoMed’s systems maintenance, physical security and network security.

All SomnoMed employees sign a confidentiality agreement and receive security and privacy training in various ways (for example, e-learning and privacy champion training). By implementing these trainings, SomnoMed demonstrates that our privacy and security processes are well understood and followed by all our employees who process European Personal Data.

We protect the confidentiality and integrity of your data by using encryption controls that secure the data at rest, in transit and in use. We use adequate cryptography policies to ensure the efficiency of the implemented controls.

We perform backups to ensure the availability of your data. The backup operations are monitored, secured and documented. Additionally, we implemented and tested a disaster recovery plan and a business continuity plan.

We protect against malware and malicious attacks through firewall solutions, antimalware/antivirus solutions, vulnerability scanning and system patching. We also use a secure disposal process to ensure the secure deletion of your data.

We limit system and application component access to authorised maintenance personnel, based on the cybersecurity principles of least privilege, need to know and segregation of duties. Rest Assure applies logical controls within the application, database and system tier to ensure that data from one organisation can never be viewed or altered by any other organisation.

We have an audit mechanism to review logs and detect malicious activities using the appropriate tools.

We use a change management procedure to ensure we perform a security check before we make any significant changes.

We implemented and tested a security incident response plan. We also use a security incident and events management tool to report any accesses to the system. We receive an alert if any forbidden action occurs so we can respond quickly with an effective action.

Despite the high standard of security measures we apply, it is impossible to guarantee an absolute level of security for data transmitted over the internet. If we have confirmation that your Personal Data was breached, we comply with any relevant legal provisions for the data security breach notification.

10.    Transfers of Personal Data outside the European Union (EU) and the European Economic Area (EEA)

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are a resident and that are located outside the EU/EEA. These countries may have data protection laws that are different to the laws of your country. Whenever your data is transferred outside the EU/EEA, we ensure that it is transferred to a third country that is deemed adequate by the European Commission or, where that is not the case, we take appropriate safeguards to ensure that your Personal Data remains protected in accordance with this Notice.

Transfers subject to appropriate safeguards (GDPR Article 46): We may also transfer your Personal Data to other entities of the SomnoMed group and to third-party service providers and partners who operate around the world. We rely on SomnoMed’s intragroup data transfer agreement for sharing your data with our group entities outside the EU/EEA. Every time we use a third-party service provider or supplier from outside the EU/EEA, we ensure that standard EU data protection clauses or similar mechanisms that are deemed to be appropriate safeguards pursuant GDPR Article 46 are in place with this third party (available upon request, see 15. Contact us).

11. Minors

The Rest Assure services we provide are not intended for individuals under 18 years of age. If you are under 18 years of age, do not use or download this Service.

12. Your data protection rights

You have the following data protection rights:

You may exercise your right of access, which includes the right to information to understand how SomnoMed processes your Personal Data and the right to instruct SomnoMed to provide you with a copy of the Personal Data that we retain. You can do this by contacting SomnoMed’s customer service team in your country of residence.

If you wish to correct or update any of your Personal Data, you can do so at any time by contacting SomnoMed’s customer service team in your country of residence.

You may erase your Personal Data by deleting your user account. You can delete your account in the Rest Assure patient app. When you delete your account, you cannot use the Service.

In addition, in certain circumstances, as stipulated in the applicable data protection legislation, you can object to the processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. You can exercise these rights by contacting SomnoMed’s customer service team in your country of residence.

If you have a complaint or concern about how we are processing your Personal Data, we will endeavour to address such concern(s). If you feel we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, contact your local data protection authority.

You can contact us any time to exercise any of the rights mentioned above (see 15. Contact us). We will respond to your request in accordance with applicable data protection laws.

We respond to all requests we receive from individuals wishing to exercise their data protection rights, in accordance with applicable data protection laws.

13. External links

If any part of this Service provides you links to third-party websites, such websites do not operate under this Notice. We recommend you examine the Privacy Notice posted on those websites to understand their procedures for collecting, using and disclosing Personal Data.

14. Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the ‘Effective’ date at the beginning of this Privacy Notice.

15. How to contact us

For any questions, concerns, or complaints about this Privacy Notice, or the way we handle your Personal Data, or if you wish to exercise any of your rights under this Privacy Notice, click here.

You can contact our Data Protection Officer by emailing: