For individuals outside the U.S., if you are within the European Economic Area, United Kingdom, and Switzerland, you can read this version of the Privacy Policy. For individuals within other jurisdictions, you may refer to this version of the Privacy Policy.Cornerstone Robotics Limited and affiliated companies (hereafter referred to as “Cornerstone Robotics”, “we”, “our” or “us”) is committed to protecting and respecting the privacy of your personal data. This Privacy Policy (the “Policy”) explains how we will collect, store, use, and share (“process”) your personal data when you visit our website (the “Website”).

We process your personal data only as described in the Policy. If you have any questions regarding the Policy, please reach out to us according to the information listed below.

Please note, the Website may involve integrations with websites and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not us and subject to the third party’s privacy policy. Please read their privacy policies or other documentation. Our linking to another site or service doesn’t mean we endorse that third party.

1.        Collection and Use of Personal Data

The Website does not collect sensitive personal data categories which require special protection, such as race, ethnicity, religious beliefs or personal health data.

2.        Cookies and Other Similar Technologies

We use cookies and other similar technologies to operate the Website and deliver essential functions. 

For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Policy.

3.        How We Disclose Information We Collect

We will only share your personal data for lawful, legitimate, necessary, specific, and explicit purposes, and we will only share the personal data required to provide the Services. We require our partners, through agreements, to retain your personal data only for the necessary period and to implement adequate security measures to protect data security. Some or all of your personal data may be disclosed, for the purposes listed below and on a strict need to know basis.

• Affiliates and corporate partners

For proper business administration and service maintenance, we share the specified personal information above within our network of affiliated entities, adhering strictly to applicable legal frameworks.

We may share your personal information if our company goes through business changes like mergers, acquisitions, or financial reorganizations. If this happens, we’ll do our best to let you know before your data comes under new privacy and security rules.

• Law enforcement agencies, public authorities or other judicial bodies and organizations

We may share personal information when legally required or when we genuinely believe it’s necessary to:

Meet legal requirements or respond to official requests;

Enforce our rules and policies, including investigating potential breaches;

Identify and resolve security risks, fraud, or technical problems;

Protect the rights and safety of our company, users, others, or the public, as allowed by law (such as sharing data with other organizations to prevent fraud).

4.        Security and Retention of Your Personal Data

We are dedicated to implementing appropriate safeguards to ensure the confidentiality of your personal information. Through comprehensive technical and organizational security measures, we protect your data against accidental or intentional destruction, loss, modification, unauthorized disclosure, or access. These measures include, but are not limited to, strict access controls at our data centers.

We adhere to retention policies for the personal data we collect to ensure that it is not retained longer than necessary for the intended purpose. Your personal data will be securely deleted or anonymized once it is no longer required for the purposes specified in the Policy. The retention period typically corresponds with the duration of your engagement with our services. Nevertheless, we may preserve certain personal data when necessary to comply with legal and regulatory obligations, respond to official inquiries from competent authorities, protect our legal rights and interests, or serve other legitimate business purposes.

In determining appropriate retention periods, we carefully evaluate multiple factors including the specific nature of the personal data and related processing activities, the timeframe and extent of your service usage, as well as our legitimate business interests and legal responsibilities. This assessment ensures we maintain your information only for as long as reasonably required.

5.        International Transfers of Personal Data

As a global enterprise, our servers are deployed across multiple countries and regions to support reliable and efficient service delivery. Consequently, your personal data may be accessed by our affiliates and corporate partners in various locations, to fulfill the purposes set forth in the Policy. 

In the event of an international transfer of personal data, when required by applicable laws, we will provide an adequate level of protection for your personal data using various means, including implementing Standard Contractual Clauses or data transfer agreements that comply with applicable laws between our affiliates and third parties or any other lawful approach that permits the lawful transfer of personal data from those countries. You can obtain more details of the protection given to your personal data when it is transferred outside of the United States by contacting us.

6.        Your Rights Regarding Your Personal Data

We respect your rights regarding personal information, some of which are as described below. Should you wish to inquire about or exercise these rights, please contact us. We will respond to your request within the time limit required by applicable legislation upon identification verification (if necessary).

• Right to access. Request details about what personal data we process about you and obtain a copy.

• Right to rectification. Ask us to update inaccurate information or complete partial data where appropriate.

• Right to erasure. Request removal of your data, though we may retain it when required by law.

• Right to restriction of processing. In certain cases, you may ask us to restrict how we use your information, though legal exceptions may apply.

• Right to data portability. Obtain your data in a usable digital format or request direct transfer to another provider when technically possible (applies to automated processing based on consent or contracts).

• Right to object. Challenge our use of your data when processed for legitimate business interests, subject to legal exceptions.

• Right to withdraw consent. Revoke previously given permissions at any time, without affecting prior lawful processing.

7.        Protection of Minor's Information

We highly value the protection of minor’s information. We do not knowingly collect information from or direct any marketing toward individuals under 16. If you are a minor, you should read the Policy under the guardianship and guidance of your guardian and submit your personal information with the guardian's express consent and guidance.

If we discover that we have collected the personal information of a minor without the prior consent of the verifiable parent or legal guardian, we will make efforts to delete the relevant data as soon as possible.

8.        Additional U.S. State Disclosures

We collect personal data from and about you in the preceding 12 months as described in Section 1 above. We disclose personal data with third parties for business purposes in the preceding 12 months as below:

To the extent provided by local law and subject to applicable exceptions, you may have the following rights:

• Opt-out of marketing communications. We may provide marketing information through in-app notifications, email, and SMS. If you do not wish to receive these notifications, you can disable them in your device settings.

• Limit the Use of Sensitive Personal Data. We do not use your sensitive personal data. You have the right to request limitation of use and disclosure of your sensitive personal data, subject to certain exceptions.

• Do Not Sell or Share My Personal Data. Based on the definition of “sell” and “share” by California law, we do not believe that we engage in such activity and have not engaged in such activity in the past 12 months from the effective date of this Policy.

• Appeal. You may appeal our refusal to take action on a request by contacting us. If your appeal is denied and you are a California resident, you may contact the California Attorney General about the results of the appeal by submitting a complaint.

• Direct Marketing. We do not disclose personal data to third parties for their direct marketing purposes.

9.        Update to The Policy

You are encouraged to review the Policy every time you use the Website. In order to provide you with better service, we will update the provisions of the Policy based on relevant laws and regulations, which constitute an integral part hereof. If these updates result in substantial reduction or significant changes of your rights hereunder, we will notify you by prominent notifications, push messages or other means before they take effect; your continued visit of the Website indicates that you have thoroughly read, understood and agreed to be bound by the revised the Policy. To safeguard your legitimate rights and interests, we encourage you to regularly check the Policy on the settings page of our platform.

10.     Contact Us

Cornerstone Robotics Limited is a company dedicated to delivering accessible surgical systems that allow patients around the world to benefit from the highest standards of care. For more information about your data subject rights, or how we process your personal data, please contact us by the information below:

Address: Unit 1109-1113, 11/F, Building 19W, Science Park West Avenue, Hong Kong Science Park, NT, HK

Tel: +852 3619 1979

Fax: +852 3705 2450

Email: compliance@csrbtx.com