STATEMENT OF PRIVACY PRINCIPLES (2017–2018)
In this Statement of Privacy Principles, we describe how Medtronic processes personal information. Preservation of, and respect for, our customers', business colleagues and vendors', and patients' trust is critical to our continued success. We will always process personal information:
- Confidentiality and fairly
- Appropriately, according to the statements we make
- Lawfully, in accordance with applicable data protection laws, directives, regulations and principles
Who is Medtronic?
Medtronic is the name we use to refer to our whole business, including Medtronic, Inc., a corporation based in the United States of America, and any of the companies that it controls such as its subsidiaries and affiliates. When we use the words we or our, we mean Medtronic.
When do these Privacy Principles apply?
These Privacy Principles apply when we process personal information collected from nations in Europe. These Privacy Principles apply to data when we collect it directly from the person who the data identifies, and also when we collect data from one person (or company) that identifies another person. Therefore, when we use the word "you", "me", and "I" in this Statement of Privacy Principles, we mean the individual whose personal information we are processing, whether we collect that information directly from the individual or indirectly from someone else.
This Statement of Privacy Principles does not apply when we process information
- about our employees in the scope of their employment relationship with us
- that does not identify you as an individual person, including to personal information (which we define below) that we have de-identified, so that it no longer can be used to identify you
What is data processing?
Data processing is any set of operations involving personal information, whether or not by automatic means, including collecting, using, disclosing, adapting, altering, correcting, retrieving, combining, blocking, erasing, transferring, destroying, recording, organising, storing, and using personal information.
What is personal information?
Personal information is information relating to you that we can use to specifically identify you, such as your:
- telephone number
- e-mail address
- date of birth
- social security number or other national identifier
- account number
- Any other information that identifies or could identify you and relates to you
Some kinds of personal information are sensitive information. Sensitive information is defined below. In this Statement of Privacy Principles, when we use the phrase personal information, we include sensitive information unless we specifically state otherwise.
When and how does Medtronic collect personal information?
Medtronic may collect personal information in a variety of ways. For example:
- In some places on our web sites you have the opportunity to send us personal information about yourself. For example, you may fill out a registration form, a survey or an e-mail form. You also may choose to allow us to personalise your visits to the web sites, in which case we will ask you for certain personal information to make your visits to our web sites more helpful to you. When this information is combined with the non-personal information that we collect through cookies, we will be able to tell that you have visited our web sites before.
- We may collect personal information from you when you contact us for information, products, or services.
- We may collect personal information about you in the course of engaging in commercial transactions with our customers, vendors, and other business contacts.
How does Medtronic process personal information?
We may process your personal information (other than sensitive information, which is discussed separately below):
- to respond to your requests and enquiries
- to perform a contract or for contract negotiations with or about you
- to develop records, including records of your personal information
- to contact you by mail (or in other ways with your permission) with information that might be of interest to you, including information about clinical trials and about products and services of ours and of others
- for analytical purposes and to research, develop and improve programs, products, therapies, services and content
- to remove your personal identifiers (your name, e-mail address, social security number, etc). In this case, you would no longer be identified as a single unique individual. Once we have de-identified information, it is non-personal information and is not subject to this Statement of Privacy Principles
- to personalise your access to our web sites, for example, by telling you about new features that may be of interest to you
- to enforce this Statement of Privacy Principles and otherwise protect our rights or property
- to protect your vital interests or someone else's health, safety or welfare
- to comply with a law or regulation, court order, or other legal obligation
- for our other legitimate interests, unless such processing will unfairly prejudice your rights or freedoms
- in other ways to which you consent
What is sensitive information?
Some types of personal information are sensitive information. Sensitive information is personal information revealing or relating to your health (such as your device serial number, or the date of an implant), your racial or ethnic origin, religious or philosophical beliefs, sex life, political affiliation, or trade union membership.
Will Medtronic collect or process sensitive information any differently than other personal information?
Medtronic will only collect and process your sensitive information:
- in ways for which you have given your explicit consent
- to protect your vital interests, in cases where your explicit consent cannot be given or reasonably requested
- according to national law
- where the processing is necessary for medical purposes and we are, under the circumstances, under a duty of confidentiality equivalent to the duty of confidentiality of a health professional
- to establish, exercise, or defend a legal claim
- We may collect sensitive information about patients from our customers, vendors, or other business contacts when we provide therapy or technical support for our products or services to you
- We may collect sensitive information about patients when we receive questions and suggestions about our products and services
- We may collect sensitive information as required by the U.S. Food and Drug Administration, European, and other governmental authorities in order to assure safe and effective use of our products and services
- We may collect sensitive information about participants in clinical trials, studies, and other research initiatives
- We may collect sensitive information directly from you, when you voluntarily provide it to us
Will Medtronic ever use personal information to contact me with marketing messages?
If applicable law requires that we receive your explicit consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your explicit consent. We may periodically contact you by e-mail, by fax, by mail, or by telephone to provide information regarding programs, products, services and content that may be of interest to you, unless you advise us that you do not wish to receive marketing or market research communications from us.
What if I no longer wish to receive marketing messages from Medtronic?
If you wish to stop receiving marketing or market research communications from us, or would like us to stop processing your personal information in any other way, you can contact us as described at the bottom of this Statement to let us know what types of communications you wish to stop receiving. In addition, if you have received, or in the future receive, an e-mail from us, each e-mail we send includes an easy, automated way for you to cease receiving e-mails from us.
Does Medtronic ever share personal information with third parties?
Medtronic will not share your personal information with an unrelated third party without your permission, except as otherwise provided in this Statement of Privacy Principles.
In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. For example, we may use different vendors or suppliers to ship our products. In these cases, we provide the vendor or supplier with information to process your order such as your name and mailing address. In all cases in which we share your personal information with a third party, we will not authorise them to keep, disclose or use your information with others except for the purpose of providing the services we asked them to provide.
We will not sell, exchange or publish your personal information, except in conjunction with a corporate sale, merger, dissolution, or acquisition.
We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law, or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting web sites visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).
We may disclose your personal information to third parties if we feel that the disclosure is necessary to:
- enforce this Statement of Privacy Principles
- protect our rights or property
- protect someone's health, safety or welfare
- comply with a law or regulation, court order, or other legal process
Will Medtronic ever transfer personal information about me to countries other than the country where I am located?
Medtronic may transfer information out of the country in which it was collected to any country or territory in the European Economic Area and to any other country that is recognised by the European Union as having adequate privacy protections. We will transfer information to other areas only if:
- the transfer is necessary for the performance of a contract between you and Medtronic or for pre-contractual measures taken in response to your request; or
- if you consent to the transfer; or
- if the data will be adequately protected in the other country, by contract or other protection
Medtronic has arrangements with all of its offices and affiliates that assure that personal information transferred among Medtronic companies is adequately protected, including transfers of personal information (which may include sensitive information) to Medtronic companies in the United States of America.
What happens if the Statement of Privacy Principles changes?
If we decide to make a significant change to this Statement of Privacy Principles, we will describe any major changes in this section of the Statement. You can always find the most current copy of this Statement and its history on the website for your country, or contact us at the address below.
What about the security of personal information?
We use reasonable physical, administrative, and technical safeguards to protect your personal information from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. We also restrict access to your personal information to those employees and contractors who need to know that information to do their jobs. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
How long will Medtronic maintain my personal information?
We will not keep information for any longer than is required. In many cases, personal information must be kept for considerable periods of time in order to make it available as and when questions or disputes arise. Retention periods will be determined for each personal information that is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity.
We will continue to treat your personal information in accordance with this Statement of Privacy Principles so long as we retain it.
Are there any additional privacy principles relating to Medtronic web sites?
Links. Our web sites may contain links to web sites operated by other parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of web sites operated by others. We are not responsible for the performance of web sites operated by third parties or for your business dealings with them.
Our web sites also may contain links to other web sites operated by Medtronic. This Statement of Privacy Principles applies only to web sites for Medtronic companies located in Europe, and there may be slight variations in the Statement as posted in specific countries in Europe. Therefore, whenever you follow a link from this web site to another web site, even to another site operated by Medtronic, we recommend that you review that web site's privacy practices.
We will continue to treat your personal information in accordance with this Statement of Privacy Principles so long as we retain it.
How to contact Medtronic
We strive to keep our records of your information accurate. If you ever notice that your information is not complete, accurate or current, or if you have questions or comments about this Statement of Privacy Principles, please contact us at:
Croxley Green Business Park
Version: March 2015