EN DE ES PT FR CZ IT NL PL
Privacy Cookie Notice Additional Website Data Processing European Economic Area (EMEA) California (CCPA/CPRA) US Data Transfer Statement
Asia-Pacific (APAC)

Arthrex EMEA Privacy Notice

Introduction

The Arthrex group companies in the EMEA region (listed here, hereinafter: "Arthrex") provide this Privacy Notice to inform you about how we process and use your personal data and on the specific rights you have in connection with your personal data ("Privacy Notice").

We are committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation, the UK-GDPR, the Swiss Datenschutzgesetz (DSG) and all other applicable privacy laws in the EMEA region.

Please read this Privacy Notice carefully to understand your rights regarding your personal data. Additional information is provided on the Arthrex Privacy Portal. More detailed information about processed categories of personal data, specific purposes and legal basis are also provided at the moment of data collection in the specific privacy notices related to the processing at hand.

  1. Data Controller

The specific Arthrex company that you are interacting with, is the data controller responsible for the processing of your personal data. If you have any questions or concerns about the processing of your personal data, you can contact the Arthrex Group DPO at: privacy@arthrex.com

  1. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Web browsing usage data (eg, website visits, IP address, device information, browser type, logs)
  • Data collected from users via web forms, telephone, sales channels or email communication (eg contact information such as name, email address, employer, phone number, billing address, professional information such as field of expertise)
  • Marketing preferences and feedback (eg survey results)

  1. Purposes and Legal Basis for Processing

We may process your personal data for the following purposes:

  • To provide and maintain our products or services as agreed upon
  • To process payments and fulfil orders
  • To communicate with you, respond to inquiries, and provide support
  • To personalize and improve our products, services, and user experience
  • To send marketing communications with your consent
  • To comply with legal obligations
  • To prevent fraud and ensure network and information security

The legal basis for processing your personal data may include the necessity of processing for the performance of a contract, compliance with legal obligations, consent, and legitimate interests pursued by Arthrex as the data controller.

Legitimate interest of Arthrex as the controller may be a legal basis for internal data transfer, corporate management, security, fraud prevention, compliance, the central coordination of sales, business and administration-related activities, corporate planning, IT administration or other administrative purposes.

If a statutory legal basis does not exist, Arthrex may request for you to separately consent to the processing of your personal data. Such consent may be withdrawn at any time with effect for the future.

For the purposes described above, Arthrex will generally not use fully automated decision making. If automated decision making is used in individual cases, Arthrex will inform you separately, in accordance with the legal requirements.

  1. Recipients of Personal Data

We may share your personal data with the following recipients:

  • Our affiliated companies or subsidiaries with the Arthrex Group,
  • Service providers acting as data processors contracted by Arthrex,
  • Additional third-party service providers who assist us in delivering our products or services (eg payment processors, shipping companies),
  • Government authorities or law enforcement agencies when required by law.

We will only share your personal data with service providers who have implemented appropriate data protection measures and with whom we have contractual agreements ensuring the confidentiality and security of your personal data.

  1. International Data Transfers

In certain cases, we may transfer your personal data to countries outside the European Economic Area (EEA). When such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data, such as standard contractual clauses approved by the European Commission as the main transfer mechanism, and additional safeguards implemented through technical and organizational measures.

As Arthrex is part of an international group of companies headed by Arthrex Inc., 1370 Creekside Blvd., Naples, Florida 34108, USA as the parent company, located in the USA, it is possible that in certain processing activities your personal data may be transferred globally within the Arthrex group. Such transfers will be conducted strictly on a need-to-know basis.

  1. Data Retention

We will retain your personal data for as long as necessary to fulfil the purpose for which it was collected, including any contractual, legal, accounting, or reporting requirements. The criteria used to determine the retention period will take into account the nature of the data and the purposes for which it is processed. If your personal data is no longer required to meet legal retention obligations under applicable local law or the legitimate interest of Arthrex, your personal data will be deleted or anonymized.

  1. Your Rights

You may exercise your privacy rights, as set forth below:

  • Right to request and access information (based on the categories of the personal data processed, the purposes of the processing, any recipients of such personal data, the personal data retention period, etc).
  • Right to request that inaccurate or incomplete personal data be rectified or supplemented
  • Right to request that personal data be deleted, provided that:
  • personal data is no longer required for the intended purpose and/or is being unlawfully processed, or
  • you withdraw consent (unless there is another legal ground for the processing of such personal data), or
  • you object to the processing of your personal data based on legitimate interest and there are no overriding legitimate interests for the processing, or
  • personal data has been unlawfully processed, or
  • personal data has to be erased for compliance with a legal obligation
  • Right to demand, under certain circumstances, the restriction of data processing where deletion is not possible or the deletion obligation is disputed
  • Right to data portability
  • Right to object when we process your personal data to safeguard legitimate interests. You can object to this processing if, based on your specific circumstances, there are grounds against us processing your personal data. In such cases, Arthrex will stop processing your personal data unless we have overwhelming and compelling interests to protect such personal data
  • Right to not be the subject of automated decisions
  • Right to submit a complaint with a data protection supervisory authority within the jurisdiction in your domicile or with general personal jurisdiction over Arthrex regarding the processing of your personal data. A list of the supervisory authorities in EEA can be found here and for Switzerland here.

Last updated: June 2024

Technical and Organizational Measures
FAQ
Contact Us