Arthrex EMEA Privacy Notice

Introduction

The Arthrex group companies in the EMEA region (listed here and in the Appendix below, hereinafter: "Arthrex") provide this Privacy Notice to inform you about how we process and use your personal data and on the specific rights you have in connection with your personal data ("Privacy Notice").

We are committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation, the UK-GDPR, the Swiss Datenschutzgesetz (DSG) and all other applicable privacy laws in the EMEA region.

Please read this Privacy Notice carefully to understand your rights regarding your personal data. Additional information is provided on the Arthrex Privacy Portal. More detailed information about processed categories of personal data, specific purposes and legal basis are also provided at the moment of data collection in the specific privacy notices related to the processing at hand.

  1. Data Controller

The specific Arthrex company that you are interacting with, is the data controller responsible for the processing of your personal data. If you have any questions or concerns about the processing of your personal data, you can contact the Arthrex Group DPO at: privacy@arthrex.com

  1. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Web browsing usage data (eg, website visits, IP address, device information, browser type, logs)
  • Data collected from users via web forms, telephone, sales channels or email communication (eg contact information such as name, email address, employer, phone number, billing address, professional information such as field of expertise)
  • Marketing preferences and feedback (eg survey results)

  1. Purposes and Legal Basis for Processing

We may process your personal data for the following purposes:

  • To provide and maintain our products or services as agreed upon
  • To process payments and fulfil orders
  • To communicate with you, respond to inquiries, and provide support
  • To personalize and improve our products, services, and user experience
  • To send marketing communications with your consent
  • To comply with legal obligations
  • To prevent fraud and ensure network and information security

The legal basis for processing your personal data may include the necessity of processing for the performance of a contract, compliance with legal obligations, consent, and legitimate interests pursued by Arthrex as the data controller.

Legitimate interest of Arthrex as the controller may be a legal basis for internal data transfer, corporate management, security, fraud prevention, compliance, the central coordination of sales, business and administration-related activities, corporate planning, IT administration or other administrative purposes.

If a statutory legal basis does not exist, Arthrex may request for you to separately consent to the processing of your personal data. Such consent may be withdrawn at any time with effect for the future.

For the purposes described above, Arthrex will generally not use fully automated decision making. If automated decision making is used in individual cases, Arthrex will inform you separately, in accordance with the legal requirements.

  1. Recipients of Personal Data

We may share your personal data with the following recipients:

  • Our affiliated companies or subsidiaries with the Arthrex Group,
  • Service providers acting as data processors contracted by Arthrex,
  • Additional third-party service providers who assist us in delivering our products or services (eg payment processors, shipping companies),
  • Government authorities or law enforcement agencies when required by law.

We will only share your personal data with service providers who have implemented appropriate data protection measures and with whom we have contractual agreements ensuring the confidentiality and security of your personal data.

  1. International Data Transfers

In certain cases, we may transfer your personal data to countries outside the European Economic Area (EEA). When such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data, such as standard contractual clauses approved by the European Commission as the main transfer mechanism, and additional safeguards implemented through technical and organizational measures.

As Arthrex is part of an international group of companies headed by Arthrex Inc., 1370 Creekside Blvd., Naples, Florida 34108, USA as the parent company, located in the USA, it is possible that in certain processing activities your personal data may be transferred globally within the Arthrex group. Such transfers will be conducted strictly on a need-to-know basis.

  1. Data Retention

We will retain your personal data for as long as necessary to fulfil the purpose for which it was collected, including any contractual, legal, accounting, or reporting requirements. The criteria used to determine the retention period will take into account the nature of the data and the purposes for which it is processed. If your personal data is no longer required to meet legal retention obligations under applicable local law or the legitimate interest of Arthrex, your personal data will be deleted or anonymized.

  1. Your Rights

You may exercise your privacy rights, as set forth below:

  • Right to request and access information (based on the categories of the personal data processed, the purposes of the processing, any recipients of such personal data, the personal data retention period, etc).
  • Right to request that inaccurate or incomplete personal data be rectified or supplemented
  • Right to request that personal data be deleted, provided that:
  • personal data is no longer required for the intended purpose and/or is being unlawfully processed, or
  • you withdraw consent (unless there is another legal ground for the processing of such personal data), or
  • you object to the processing of your personal data based on legitimate interest and there are no overriding legitimate interests for the processing, or
  • personal data has been unlawfully processed, or
  • personal data has to be erased for compliance with a legal obligation
  • Right to demand, under certain circumstances, the restriction of data processing where deletion is not possible or the deletion obligation is disputed
  • Right to data portability
  • Right to object when we process your personal data to safeguard legitimate interests. You can object to this processing if, based on your specific circumstances, there are grounds against us processing your personal data. In such cases, Arthrex will stop processing your personal data unless we have overwhelming and compelling interests to protect such personal data
  • Right to not be the subject of automated decisions
  • Right to submit a complaint with a data protection supervisory authority within the jurisdiction in your domicile or with general personal jurisdiction over Arthrex regarding the processing of your personal data. A list of the supervisory authorities in EEA can be found here and for Switzerland here, as well as in the Appendix to this Privacy Notice below

Last updated: September 2023

Appendix

Arthrex EMEA Group Companies

 Name

 

Address

 

 Supervisory Authority

Arthrex GmbH

Erwin-Hielscher-Str. 9
81249 München
Germany

 

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach

poststelle@lda.bayern.de

Arthrex Italia SRL

Viale Certosa 233
20151 Milano
Italy

Garante per la protezione dei dati personali
Piazza Venezia 11
00187 Roma, Italy

segreteria.stanzione@gpdp.it

Arthrex S.A.S.

Parc de Crécy
1 Avenue Charles de Gaulle
69370 Saint-Didier-au-Mont-d’Or
France

Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris Cedex 07, France

https://www.cnil.fr/en/contact-cnil

Arthrex Ltd

Unit 1 Bessemer Park
Shepcote Lane
Sheffield
S9 1DZ
United Kingdom

 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

SK9 5AF, United Kingdom

dpo@ico.org.uk

Arthrex BV

Technologiepark Satenrozen
Satenrozen 1A
2550 Kontich
Belgium

 

Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Rue de la Presse 35 – Drukpersstraat 35
1000 Bruxelles – Brussel, Belgium

contact@apd-gba.be

Arthrex Austria GesmbH

 

IZ NÖ Süd
Straße 15, Objekt 77/1
2355 Wiener Neudorf
Austria

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
dsb@dsb.gv.at

Arthrex Sverige AB

 

Virkesvägen 2, 5tr
120 30 Stockholm
Sweden

 

Integritetsskyddsmyndigheten
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm, Sweden
Email: imy@imy.se

Arthrex Shared Service Center EMEA d.o.o.

 

Slavonska avenija 1B
10000 Zagreb
Croatia

 

Croatian Personal Data Protection Agency
Selska Cesta 136
10000 Zagreb, Croatia
azop@azop.hr

Arthrex s.r.o.

Ve Žlíbku 2402 / 77a
193 00 Praha 9 - Horní Počernice
Czech Republic

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7, Czech Republic
posta@uoou.cz

Arthrex Swiss AG

Hühnerhubelstraße 60
3123 Belp
Switzerland

Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1
CH - 3003 Berne, Switzerland
info@edoeb.admin.ch

Arthrex Nederland B.V.

Papendorpseweg 75
3528 BJ Utrecht
Netherlands

Autoriteit Persoonsgegevens
Hoge Nieuwstraat 8
P.O. Box 93374
2509 AJ Den Haag/The Hague, Netherlands

https://autoriteitpersoonsgegevens.nl/

Arthrex Danmark A/S

 

Islands Brygge 43
2300 København S
Denmark

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark

dt@datatilsynet.dk

Arthrex Polska SP. z.o.o.

Ul. Karczunkowska 42
02-871 Warsaw
Poland

Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
00-193 Warsaw, Poland
kancelaria@uodo.gov.pl dwme@uodo.gov.pl

Arthrex España, S.L.U.

Calle Gobelas, 41 planta 2
28023 Madrid
Spain

Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan, 6
28001 Madrid, Spain
internacional@aepd.es

MedArthrex Unipessoal Lda

Edifício Tecnologia 2.1
Taguspark – Parque de Ciência e Tecnologia
2740-122 Porto Salvo
Portugal

Comissão Nacional de Proteção de Dados - CNPD
Av. D. Carlos I, 134, 1º
1200-651 Lisboa, Portugal
>geral@cnpd.pt

Arthrex Adria d.o.o.

 

Ulica grada Vukovara 269G
10000 Zagreb
Croatia

Croatian Personal Data Protection Agency
Selska Cesta 136
10000 Zagreb, Croatia
azop@azop.hr

Arthrex Norway AS

 

O.H. Bangs vei 70
1363 Høvik
Norway

Datatilsynet
P.O. Box 458 Sentrum
0150 Oslo, Norway
postkasse@datatilsynet.no

Arthrex Finland Oy

Valimotie 21
00380 Helsinki
Finland

Office of the Data Protection Ombudsman
P.O. Box 800
FI-00531 Helsinki
tietosuoja@om.fi