Privacy Shield Data Transfer Commitment
ARTHREX complies with the Privacy Shield Principles for onward transfers of personal data from the EU and Switzerland, including onward transfer liability provisions, relating to transfers of data to a third party acting as an agent on its behalf.
This EU-U.S. and Swiss-U.S. Data Transfer Commitment covers both “Personal information” which means any information from which an individual can be directly or indirectly identified, as well as “Sensitive Personal Information” which means Personal Information revealing an individual’s racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional or trade organization or union, physical or mental health including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior. In addition for Switzerland, the definition of sensitive data includes ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
With respect to personally-identifiable information received or transferred following the Privacy Shield Framework, ARTHREX in subject to the investigatory regulatory enforcement powers of the Federal Trade Commission (FTC). In certain situations, ARTHREX may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions as described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, individuals may invoke binding arbitration when other dispute resolution measures have been exhausted.
To learn more about the Privacy Shield Program, and to view ARTHREX’s certification, please visit: https://www.privacyshield.gov/
For more information, please also see the following links:
- European Commission Model Contracts/Standard Contractual Clauses: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
- EU General Data Protection Regulation (GDPR): http://ec.europa.eu/justice/data-protection/reform/index_en.htm
How we collect information
ARTHREX collects information that is voluntarily provided to us via our Site. The goal of our Site is to assemble and analyze medical and health information in order to facilitate treatment, medical research, and product improvement. We share data from our Site for these purposes, but we do so with respect for medical privacy and in compliance with medical privacy law and medical ethics. ARTHREX collects personally identifying information that is specifically and voluntarily provided by visitors. Such information may consist of, but is not limited to, your name, e-mail address, street address and telephone number so that we may enhance your Site visit or follow up with you after your visit. If you are a physician, we may gather information from you as part of the registration process and your ongoing use of the Site. This may include your contact information as well as detailed information about the medical procedures you perform that you choose to voluntarily provide to us. If you are a patient, personally identifying information about you, including personally identifying health information, is collected in the manner specified in any applicable Subject Information and Consent Form, and it may include your contact information as well as specific information about your treatment that you provide to us. We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, or sexual orientation), except for the medical and health information that we collect with your express consent to collect such information.
The information described in the preceding paragraph may also be collected in person from, for example, attendees of seminars and medical meetings. In-person information may be collected either electronically or in paper form.
Cookies and Web beacons
“Do Not Track” Disclosure
ARTHREX does not permit third parties to track consumer behavior over time across third party sites or services when you use our Site. Cookies can be rejected by amending your cookie preferences through your browser settings, but you may be denied access to some parts of the Site if your browser rejects cookies. To find out more about cookies, including how cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
How we use personally identifying information
ARTHREX may contact you regarding products and services (such as seminars and webinars) offered by ARTHREX and its trusted affiliates, business partners, and independent contractors. We may also use information we collect in accordance with uses that are communicated to the users at the time of collection. We may also use information collected through our Site for research regarding the effectiveness of our Site and related marketing, advertising and sales efforts.
Personally identifying information about patients, including personally identifying health information, is also used consistent with the purposes described in any applicable Subject Information and Consent Form completed by the patient. For example, such information is shared with the patient’s physician, used for research, and aggregated so that medical providers can compare medical outcomes over a broad patient population and for use in clinical studies that may be published. If you have voluntarily provided personally identifying information, we may, from time to time, send you mail or e-mail regarding products and services that may be of interest to you. We strive to ensure that our marketing activities comply with applicable law. You may at any time request that we discontinue sending you such materials by following the “Unsubscribe” instructions in the communication or by contacting us at firstname.lastname@example.org or directly via ‘Your Profile’ on Arthrex.com.
Disclosure of personally identifying information to third parties
ARTHREX may use independent companies or other third parties and individuals as agents, consultants, contractors, vendors and service providers. All agents, consultants, contractors, vendors and service providers are required to comply with ARTHREX’s privacy practices and policies and are permitted to use personally identifying information only for the purpose of performing services on behalf of ARTHREX. A company that processes personally identifying information on behalf of ARTHREX is allowed to do so only if it guarantees to provide the technical and organizational security measures required for processing personally identifying information.
ARTHREX may share personally identifying information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when ARTHREX believes in good faith that disclosure is legally required or otherwise necessary to protect ARTHREX’s rights and property, or the rights, property or safety of others.
Personally identifying information about patients, including personally identifying health information, may be disclosed consistent with the Research Subject Information and Consent Form completed by the patient. For example, we will disclose your personally identifying health information to your surgeon for purposes of treatment and research. Consistent with the Research Subject Information and Consent Form, we may also disclose anonymized information for publication of outcomes of clinical trials.
ARTHREX will offer an individual the opportunity to choose (opt-out) whether personally identifying information about them will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by them, unless such choice is not required by law.
For Sensitive Personal Information, ARTHREX will seek affirmative or explicit (opt-in) consent before the Sensitive Personal Information is disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Personally identifying information may be transmitted internationally for the purposes identified above. This may include transfer to countries without data protection rules similar to those in effect in your country of residence. By providing information to ARTHREX through this Site, you are consenting to such transfers.
ARTHREX will make reasonable efforts to ensure that personally identifying information is accurate and updated, adequate, relevant, not excessive for the purposes for which the personally identifying information is processed and kept only for the period necessary for permitted purposes.
How you can correct, access, and update your information
Individuals can update, correct, and access the personally identifying information about them that ARTHREX processes, and may be able to correct, amend, or delete that information where it is inaccurate, except where, and to the extent permitted by applicable law, the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. Users who choose to register may access their user profile, correct and update their details, or unsubscribe at any time. Visitors who have any problem accessing their profiles, or would like to request a copy of their personally identifying information should contact email@example.com or follow the link provided on the Contact Arthrex link on the Site.
How we protect your information
How you can help protect your information
If you are using a feature of the Site for which you registered and chose a password, we recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. You should also remember to sign out of the registered page by closing your browser window when you have finished your work to ensure that others cannot access personally identifying information.
Links to other sites
The Site may contain links to other sites, including those of our business partners. ARTHREX is not responsible for the privacy practices or the content of these other sites. Visitors will need to check the privacy statements of these other sites to understand their policies.
Children's Privacy Protection
United States Site
Ideas and laws about medical privacy vary around the world. While we make efforts to honor the laws and wishes of all users, our Site operates under the laws and medical ethics of the United States of America.
California Information-Sharing Disclosure
California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by e-mail to AskCompliance@arthrex.com with “California Privacy Rights” in the subject line.
Inquiries and Enforcement of Compliance
Patricia Hilbrands, Privacy Officer
1370 Creekside Blvd.
Naples, Florida 34108
ARTHREX has further committed to refer unresolved privacy complaints under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks to an independent recourse mechanism:
American Arbitration Association: International Centre for Dispute Resolution
Last Updated: April 12, 2017