Privacy Notice of Arthrex, Inc.
ARTHREX, Inc., along with its subsidiaries and affiliates (together “ARTHREX”), is strongly committed to maintaining the privacy of users of our website(s) and associated products and services (collectively, the “Site”) and others who entrust ARTHREX with their personally identifying information. This Privacy Notice describes the practices that ARTHREX follows with respect to the collection, use, storage and disclosure of Personal Data and personally identifying information we receive from individuals, such as health care professionals, participants in clinical trials research/observation studies, applicants, employees, agents, consultants, contractors, vendors, service providers, business associates and other users of our Site. We take the notion of informed consent seriously, and we want anyone who submits information to ARTHREX to be comfortable with our policies. If you choose to register or submit information to our Site, or otherwise provide information to ARTHREX by any means, you accept and consent to the practices described in this Privacy Notice. If you have any questions about this Privacy Notice or your use of our Site, feel free to contact our Webmaster at firstname.lastname@example.org.
Privacy Shield Data Transfer Commitment
ARTHREX, including its U.S. subsidiaries (Arthrex California Inc., Arthrex California Technology, and Arthrex Manufacturing Inc.), relies on and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce as well as the Model Contracts/Standard Contractual Clauses set forth by the European Commission and the Swiss Federal Data Protection and Information Commissioner, respectively, regarding the collection, use and retention of all personally identifying information that it processes and that is transferred from countries in the European Economic Area and Switzerland to the United States, both in electronic or paper form, including Personal Data and Sensitive Personal Data (defined below). ARTHREX has certified that it adheres to the data protection principles of: notice, choice and consent, onward transfer, security, data integrity, access and enforcement. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
ARTHREX complies with the Privacy Shield Principles for onward transfers of personal data from the EU and Switzerland, including onward transfer liability provisions, relating to transfers of data to a third party acting as an agent on its behalf.
This EU-U.S. and Swiss-U.S. Data Transfer Commitment covers both “Personal Data,” which means any information from which an individual can be directly or indirectly identified, as well as “Sensitive Personal Data,” which means personal information revealing an individual’s racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional, or trade organization or union, physical or mental health including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences, and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior. In addition, for Switzerland, the definition of sensitive data includes ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
With respect to Personal Data received or transferred following the Privacy Shield Framework, ARTHREX is subject to the investigatory regulatory enforcement powers of the Federal Trade Commission (FTC). In certain situations, ARTHREX may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions as described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, individuals may invoke binding arbitration when other dispute resolution measures have been exhausted.
To learn more about the Privacy Shield Program, and to view ARTHREX’s certification, please visit: https://www.privacyshield.gov/.
For more information, please visit the following links:
- European Commission Model Contracts/Standard Contractual Clauses: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
- EU General Data Protection Regulation (GDPR): http://ec.europa.eu/justice/data-protection/reform/index_en.htm
How We Collect Information
ARTHREX collects information that is voluntarily provided to us via our Site. The goal of our Site is to assemble and analyze medical, health and business information in order to facilitate treatment, medical research, and product improvement. We share data from our Site for these purposes, but we do so with respect for data privacy and in compliance with applicable privacy law and data ethics. ARTHREX collects Personal Data that is specifically and voluntarily provided by users. Such information may consist of, but is not limited to, your name, e-mail address, street address and telephone number so that we may enhance your Site visit or follow up with you after your visit. If you are a physician, we may gather information from you as part of the registration process and your ongoing use of the Site. This may include your contact information as well as detailed information about the medical procedures you perform that you choose to voluntarily provide to us. If you are a patient, Personal Data about you, including personally identifying health information, is collected in the manner specified in any applicable Subject Information and Consent Form, and it may include your contact information as well as specific information about your treatment that you provide to us. If you are an applicant for employment, we may collect Personal Data about you as it relates to the recruitment, application and hiring process. In addition, including if you are an employee, agent, contractor or other user, we may monitor detailed performance, security and usage data. We do not usually seek Sensitive Personal Data (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, or sexual orientation), except for the medical and health information that we collect with your express consent to collect such information.
The information described in the preceding paragraph may also be collected in person from, for example, attendees of seminars and medical meetings. In-person information may be collected either electronically or in paper form.
Cookies and Web Beacons
“Do Not Track” Disclosure
ARTHREX does not permit third parties to track consumer behavior over time across third-party sites or services when you use our Site. Cookies can be rejected by amending your cookie preferences through your browser settings, but you may be denied access to some parts of the Site if your browser rejects cookies. To find out more about cookies, including how cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
Our information collection and disclosure practices will continue to apply as described in this Privacy Notice, regardless of any “Do Not Track” signals that are sent by certain browsers. To opt-out of these types of third-party advertising cookies or to learn more about online advertising, visit the Network Advertising Initiative (NAI) website by clicking here.
How We Use Personal Data
ARTHREX may contact you regarding products and services (such as seminars and webinars) offered by ARTHREX and its trusted affiliates, business partners and independent contractors. We may also use information we collect in accordance with uses that are communicated to the users at the time of collection. We may also use information collected through our Site for research regarding the effectiveness of our Site and related marketing, advertising and sales efforts.
Personal Data about patients, including personally identifying health information, is also used consistent with the purposes described in any applicable Subject Information and Consent Form completed by the patient. For example, such information is shared with the patient’s physician, used for research, and aggregated so that medical providers can compare medical outcomes over a broad patient population and for use in clinical studies that may be published. If you have voluntarily provided personally identifying information, we may, from time to time, send you mail or email regarding products and services that may be of interest to you. We strive to ensure that our marketing activities comply with applicable law. You may at any time request that we discontinue sending you such materials by following the “Unsubscribe” instructions in the communication or by contacting us at email@example.com or directly via ‘Your Profile’ on Arthrex.com.
Disclosure of Personal Data to Third Parties
ARTHREX may use independent companies or other third parties, including individuals, agents, consultants, contractors, vendors and service providers for purposes of providing services to ARTHREX, such as IT and security service providers, hosting service providers, analytics service providers, and cloud storage providers. Personal Data may be transferred to such third parties or another ARTHREX company only when reasonable and appropriate steps have been taken to maintain the required level of data protection as provided in this Privacy Notice, including the provision of notice and choice where appropriate. All agents, consultants, contractors, vendors and service providers are required to comply with ARTHREX’s privacy practices and policies and are permitted to use Personal Data only for the purpose of performing services on behalf of ARTHREX. A company that processes Personal Data on behalf of ARTHREX is allowed to do so only if it guarantees to provide the technical and organizational security measures required for processing Personal Data.
ARTHREX may share Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when ARTHREX believes in good faith that disclosure is legally required or otherwise necessary to protect ARTHREX’s rights and property, or the rights, property or safety of others.
Personal Data about patients, including personally identifying health information, may be disclosed consistent with the Research Subject Information and Consent Form completed by the patient. For example, we will disclose your personally identifying health information to your surgeon for purposes of treatment and research. Consistent with the Research Subject Information and Consent Form, we may also disclose anonymized information for publication of outcomes of clinical trials and patient-reported outcome measures.
ARTHREX will offer an individual the opportunity to choose (opt-out) whether Personal Data about them will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by them, unless such choice is not required by law.
For Sensitive Personal Data, ARTHREX will seek affirmative or explicit (opt-in) consent before the Sensitive Personal Data is disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Personal Data may be transmitted internationally for the purposes identified above. This may include transfer to countries without data protection rules similar to those in effect in your country of residence. By providing information to ARTHREX through this Site, you are consenting to such transfers.
ARTHREX will make reasonable efforts to ensure that Personal Data is accurate and updated, adequate, relevant, not excessive for the purposes for which the Personal Data is processed, and kept only for the period necessary for permitted purposes.
How You Can Access, Update and Correct Your Information
Individuals can access, update and correct the personally identifying information about them that ARTHREX processes, and may be able to correct, amend or delete that information where it is inaccurate, except where, and to the extent permitted by applicable law, the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. Users who choose to register may access their user profile, correct and update their details, or unsubscribe at any time. Visitors who have any problem accessing their profiles or who would like to request a copy of their Personal Data should contact firstname.lastname@example.org or follow the link provided on the Contact Arthrex link on the Site.
How We Protect Your Information
The security of Personal Data is important to ARTHREX. ARTHREX takes reasonable steps, consistent with generally accepted industry standards, including technical, administrative and physical safeguards, to protect the Personal Data that ARTHREX processes from loss, misuse and unauthorized access, disclosure, alteration and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via email. We have no way of protecting that information until it reaches us. Once we receive your transmission, we make our best effort to ensure its security on our servers. Internally, we will restrict access to your Personal Data to those who need access to the information in order to do their jobs. We will review our security arrangements from time to time as we deem appropriate. If we make changes to this Privacy Notice, we will post the changes on this page so that you always will know what information we collect, how we use it, and when and how we will disclose it.
How You Can Help Protect Your Information
If you are using a feature of the Site for which you registered and chose a password, we recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. You should also remember to sign out of the registered page by closing your browser window when you have finished your work to ensure that others cannot access Personal Data.
Links to Other Sites
The Site may contain links to other sites, including those of our business partners. ARTHREX is not responsible for the privacy practices or the content of these other sites. Visitors will need to check the privacy statements of these other sites to understand their policies.
Children's Privacy Protection
ARTHREX understands the importance of protecting children's privacy in the interactive online world. The Site covered by this Privacy Notice is not designed for or intentionally targeted at children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone younger than 13 years of age.
United States Site
Ideas and laws about medical privacy vary around the world. While we make efforts to honor the laws and wishes of all users, our global headquarters is located in the U.S. and operates under the laws and medical ethics of the United States of America.
California Information-Sharing Disclosure
California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by email to AskCompliance@arthrex.com with “California Privacy Rights” in the subject line.
Inquiries and Enforcement of Compliance
In compliance with the Privacy Shield, ARTHREX commits to resolve complaints about your privacy and our collection or use of your Personal Data. If you have any questions, comments or suggestions about this Privacy Notice or ARTHREX’s privacy practices, please contact ARTHREX at:
Jason Vendel, Sr. Mgr Global Compliance Operations ＆ Privacy
1370 Creekside Blvd.
Naples, Florida 34108
ARTHREX has further committed to refer unresolved privacy complaints under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks to an independent recourse mechanism:
American Arbitration Association: International Centre for Dispute Resolution
Changes to this Privacy Notice
ARTHREX periodically evaluates its privacy policies and procedures to implement improvements and refinements from time to time. Therefore, ARTHREX reserves the right to modify or amend this Privacy Notice at any time and for any reason. When this policy is amended, ARTHREX will revise the “last updated” date at the bottom of this policy. Please review this Privacy Notice periodically and especially before you provide personally identifiable information to us. For material changes to this policy, ARTHREX will notify individuals by placing a notice on this page. Your continued use of the Site after any changes to our Privacy Notice indicates your agreement with the terms of the revised Privacy Notice.
Last Updated: July 17, 2019