Privacy Notice
Last modified: August 2025
1.Introduction
This Privacy Notice informs you of important information about how Pulmonx International Sarl and its affiliate companies (“we”, “us”, “our” or “Pulmonx”) processes personal data we collect directly or indirectly through the portals hosted at https://www.ukpatients.pulmonx.com, https://copdhilfe.de/, https://depatients.pulmonx.com, http://sepatients.pulmonx.com, https://emeapatients.pulmonx.com, https://itpazienti.pulmonx.com, https://frpatients.pulmonx.com, https://chpatienten.pulmonx.com, https://atpatienten.pulmonx.com, https://espacientes.pulmonx.com, dkpatienter.pulmonx.com; https://nlpatienten.pulmonx.com/
, together with any associated web pages (collectively, the “Website”). Please read this Privacy Notice carefully to understand our policies and practices regarding your personal data and how we will treat it. The Zephyr® Terms of Service, including definitions of certain capitalized terms, are available online at https://www.ukpatients.pulmonx.com/ and https://copdhilfe.de/ (“Terms”).
We may update this Privacy Notice from time to time in which case we will post such changes on our Website, however in the event of material changes including to the purpose, we will bring this to your intention, for example by emailing you using the contact details we have been provided with.
The words “Customer” or “you” refers to the customers using the Website.
This Privacy Notice describes the types of personal data we collect through the Website and our practices for collecting, using, maintaining, protecting, and disclosing that personal data. It does not apply to personal data collected by us offline or through any other means, including on any other website operated by us or any third party; including through any application or content (including advertising) that may link to or be accessible from the Website.
Pulmonx acts as a controller of the personal data of its Customers through the Website as set out in this Privacy Notice.
2.Personal Data We Collect About You and How We Collect It
We collect several types of personal data from and about Customers which falls into two key categories:
- Information by which you may be personally identified, such as your name, username / email address, first name, last name.
- Information about your internet connection, the browser or other equipment you use to access our Website, and usage details which may indirectly identify you.
We collect this personal data:
- Directly from you when it is provided by you to us, for example, when you contact us via our contact form or you sign up to receive newsletters and electronic information materials from us.
- Automatically as you navigate through the Website. Information collected automatically may include usage details, internet connection information, such as the IP address of your computer and/or Internet service provider, operating system, device, country, language and the date and time you access the site and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, for example, our business partners.
3.Personal Data You Provide to Us
Website: The personal data we collect on or through the Website comprises your name and contact details. If you are a healthcare professional, we also collect information about your hospital or practice name and your job title.
Lead ads: We collect and process certain personal data of interested parties via a contact form displayed on ads run on Meta services. The content and scope of the personal data requested in this form depends on the focus of the lead of the respective campaign, but it will most likely contain your name and your email address. Any personal data provided in this form will only be processed by us for the purposes pursued by the respective lead ad campaign. These purposes are clearly stated in the ad or on the form provided before the personal data is transmitted. Your personal data will not be forwarded to any third parties. Further information on data processing through lead ads can be found in Meta’s Privacy Policy.
Recruitment: If you decide to apply for a position with us, we will process the personal data we receive from you as part of the application process. This personal data includes your contact details, details in the letter of application, in particular your education and qualifications, curriculum vitae, references, correspondence and telephone or verbal details.
4.Personal Data We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information. We use automatic data collection to log information about your use of our Website, which is temporarily stored in association with your account. The log data is aggregated and used to improve the Website and to deliver a better and more personalized service.
The technologies we use for this automatic data collection may include cookies or similar technologies. A cookie is a small file placed on the hard drive of your computer. You can use the cookie preference tool presented to you in order to learn more about the functionalities of the cookies and select your preferences. You can also adjust your browser settings to manage how your browser deals with cookies.
5.Personal Data We Receive From Third Parties
Page Insights: We use a Facebook fan page at https://www.facebook.com/Zephyr.Valve and https://www.facebook.com/Zephyr.Ventil/ to provide visitors and interested parties with information about our company and our products. Meta Platforms Ireland Limited (“Meta”) provides us with insights for this fan page using a tool called Page Insights, which allows us to understand how users interact with our fan page. Page Insights can be based on personal data collected in connection with a visit to or interaction with our fan page and its content. Together with Meta, we act as joint controllers of Page Insights personal data and have entered into an agreement with Meta for this purpose. This can be found at https://www.facebook.com/legal/terms/page_controller_addendum.
6.How We Use Your Personal Data
We use personal data we hold about you for the reasons set out in the table below. Under data protection legislation applicable in certain jurisdictions, we may only process your personal data if we have a “legal basis” (i.e. a legally permitted reason) for doing so.
We may also use anonymised data for its own internal purposes including for research and development.
| Why we use your personal data | The legal basis for processing personal data |
To respond to your queries when you get in touch with us via our contact form on our Website or via Meta ads. | Consent which is collected when you reach out to us via the contact form or a Meta ad. |
To notify you about changes to our Website or any products or services we offer or provide through it which we think may be of interest to you. | It is necessary for the legitimate interests we pursue, in running and promoting our business. |
Analysing use of the Website and services for product improvement and performance monitoring, including Meta Page Insights. | |
To comply with applicable laws and defend our legal position (for example in record keeping and complaints management). | This is necessary to comply with our legal obligations, including obligations relating to the protection of personal data and our legitimate interests in managing our business and complaints. |
To provide you with newsletters and information materials. | Consent which is collected when you sign up to receive the materials or contact us via the contact form. |
To facilitate the recruitment and application process, and, if you are successful, for the establishment, implementation and termination of an employment relationship with our company. | This is necessary for the legitimate interests we pursue in hiring new talent.Germany: Section 26 BDSG for employment-related purposes. |
To contact you about future job advertisements and opportunities. | Consent which is collected specifically for this reason during the recruitment process. |
7.How Long We Keep Your Personal Data
We will keep personal data we collect only for:
- as long as it is necessary, and six years thereafter (if legally permissible) where the legal basis for the processing is that it is necessary for the performance of the contract between us;
- as long as it is necessary, and six years thereafter (if legally permissible) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- as long as it is necessary, where the legal basis for the processing is that it is necessary to comply with our legal obligations; or
- six years or until consent is withdrawn (whichever is sooner), where the legal basis is express consent.
The periods set out above apply unless we are required to hold personal data for longer periods in order to comply with our legal or regulatory obligations.
8.Disclosure of Your Personal Data
We may disclose (deidentified) aggregated personal data we hold about you, and information that does not identify any individual, without restriction, including pursuant to the uses discussed above. We may disclose personal data we hold about you as described in this Privacy Notice:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support the Website but they cannot use such personal data for their own purposes, only to provide the relevant services to us and Customers.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about Customers is among the assets which may be transferred.
- To any other person if we specifically disclose this to you on collection.
We may also disclose your personal data:
- To comply with any court order, law, legal process, or regulatory requirement including to respond to any government or regulatory request or support improvements to the Website.
- To enforce or apply our Terms and any other agreements with you.
- To conduct our business, including managing our contractual relationships, monitoring access to our Websites, and managing safety and security risks.
9.Data Security
We use appropriate organizational, technical and administrative measures to protect personal data within Pulmonx. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us in accordance with the “Contact Us” section below.
10.Overseas Transfers from the UK/EEA/Switzerland
We have affiliate companies in different territories. This means that, depending on your location, your personal data may be transferred to other countries which have different or lesser data protection legislation in place than your home territory.
Therefore, if we do transfer your personal data to countries outside the UK, the EEA or Switzerland we will take reasonable steps in accordance with applicable data protection legislation to ensure adequate protections are in place to ensure the security of your personal data, including:
- ensuring that we only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the relevant regulatory or administrative bodies or use of approved contractual clauses; and
- taking reasonable steps to ensure that any overseas recipient will deal with your personal data in a manner that is consistent with this Privacy Notice.
11.Your EU/UK/Swiss Privacy Rights
The rights that you have will depend on where you are located.
For the UK, the European Economic Area and Switzerland, the following rights are available to you although we would note that such rights are not absolute and may be subject to certain exceptions. You can exercise them by contacting us using the contact details in this Privacy Notice.
- You have the right to request access to information about personal data we hold about you, including: whether or not we hold your personal data; the extent of the personal data we are holding; and the purposes and extent of the processing.
- You have the right to have any inaccurate personal data we hold about you be corrected and/or updated. If any of the personal data that you have provided changes, or if you become aware of any inaccuracies in such personal data, please let us know in writing giving us enough personal data to deal with the change or correction.
- You have the right in certain circumstances to request that we delete all personal data we hold about you (the ‘right of erasure’). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the personal data for legal compliance purposes. If this is the case, we will let you know.
- You have the right in certain circumstances to request that we restrict the processing of your personal data, for example where the personal data is inaccurate or where you have objected to the processing.
- You have the right to request a copy of the personal data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you, we will let you know.
- You have the right in certain circumstances to object to the processing of your personal data. If so, we shall stop processing your personal data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests. If, as a result of your circumstances, you do not have the right to object to such processing, we will let you know.
- You have the right to make a complaint as set out in more detail below.
12.Contact Us
This paragraph applies to https://www.ukpatients.pulmonx.com: If you have questions, comments, or concerns about this Privacy Notice or our privacy practices, if you would like to request to update your personal data, other than as provided above, or if you would like to exercise your EU/UK/Swiss privacy rights, please send an email to info@getcopdhelp.co.uk, or write us at: Pulmonx UK Ltd, Suite 4, 7th Floor 50 Broadway, London SW1H 0DB, United Kingdom.
This paragraph applies to https://copdhilfe.de/: If you have questions, comments, or concerns about this Privacy Notice or our privacy practices, if you would like to request to update your personal data, other than as provided above, or if you would like to exercise your EU/UK/Swiss privacy rights, please send an email to info@pulmonx.de, or write us at: Pulmonx GmbH, Fürstenrieder Straße 263, 81377 München, Germany.
If you think we have breached applicable local privacy law, or you wish to make a complaint about the way we have handled your personal data, please contact us using the contact details above. We may ask you to put your complaint in writing and to provide relevant details.
You also have the right to lodge a complaint with a supervisory authority, which for:
- the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/;
- Switzerland is the Federal Data Protection and Information Commissioner (FDPIC / EDOEB). Please find the respective contact details under www.edoeb.admin.ch; and
- Germany is split among different supervisory authorities. Please find the respective contact details at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html. The lead supervisory authority for Pulmonx GmbH is the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – BayLDA), Promenade 18, 91522 Ansbach, Germany, phone: +49 (0) 981 180093-0. Further information about reporting concerns to the BayLDA is available at https://www.lda.bayern.de/de/index.html.
EMEA-EN-951-v3