This policy is applicable to Medtronic Bangladesh Private Limited.
1. Commitment to Privacy
Medtronic Bangladesh Private Limited (hereinafter referred to “we”, “us” and “Medtronic”), are bound by the data privacy principles, contained in the Constitution of Bangladesh, along with the Information Communication Technology Act 2006 and Digital Security Act 2018 . We are also bound by various other legislations some of which are the Penal Code 1860, Contract Act 1872, the Consumers’ Rights Protection Act, 2009 (hereinafter together referred as Bangladesh Privacy Laws). The object of the Bangladesh Privacy Laws is to protect the confidentiality of individual’s Identity Information and the privacy of individuals by regulating the way in which such personal Identity Information is managed.
Broadly, “Identity Information” means such information which consists of information relating to any external, biological or physical information or any other information which singly or jointly can identify a person or a system, his/her name, address, date of birth, mother’s name, father’s name, signature, National identity, birth and death registration number, finger print, passport number, bank account number, driver’s license, E-TIN number, Electronic or digital signature , username, credit or debit card number, voice print, retina image , iris image , DNA profile, security related questions or any other identification.
Individual’s Identity Information does not include any information which is furnished under the Right to Information Act, 2009 or any other law for the time being in force.
Medtronic is committed to protecting the individual’s Identity Information it collects and regularly monitors its systems and procedures to ensure compliance with the Bangladesh Privacy Laws and this Policy. This Policy has been framed to ensure that reasonable security practices have been put in place to protect individual’s Identity Information from unauthorized access, damage, use, modification, disclosure or impairment. This Policy outlines the way in which Medtronic deals with the individual’s Identity Information it collects and uses in Bangladesh. Medtronic complies with all applicable data privacy laws in Bangladesh.
Medtronic collects individual’s Identity Information that is reasonably necessary for or directly related to our functions and activities as a provider of medical devices with your valid written consent. In some cases, we are required to collect individual’s Identity Information in order to comply with our obligations such as responding to safety concerns about our products.
Medtronic may collect Identity Information about you through our interactions with you. Where Medtronic collects Identity Information from or about you, we will inform you about the purpose and use of the collected information, the intended recipients of such information and if it is collected or transferred by/ to third parties the name and address of such third party collecting and retaining the information.
If you are a patient, additional Identity Information we may collect includes:
▪ Details of your health care professional; ▪ Your implantation details and history; ▪ Product performance, service and reliability data; ▪ Product data, such as model and usage of your device; ▪ Credit related information, if applicable
Individual’s Identity Information may be collected by Medtronic in the course of:
▪ If you are a patient or healthcare professional, providing technical assistance about our products or services; ▪ Responding to product complaints; and ▪ Participation in Medtronic sponsored programs, including educational programs and research grants
Medtronic will prior to collection of your Identity Information provide you an option to not provide the information sought to be collected. You will also have an option to withdraw your consent (in writing), which you may have earlier granted to Medtronic.
3. Use and Disclosure
Medtronic will collect and use your Identity Information, with your valid written consent, for the purpose for which it is collected, which inter alia may include the following:
▪ In the course of the sale, distribution or provision of medical devices that have been requested by health care providers; ▪ In the course of supporting healthcare professional in ongoing care, if you are a patient; ▪ Administering training programs, clinical trials or other similar programs in which you agree to be involved; and ▪ Compliance with regulatory requirements, such as maintaining a record of medical queries, complaints, adverse events and recalls relating to our products.
We may also use your Identity Information to:
▪ Provide healthcare providers with updated product or safety information with respect to Medtronic medical devices; ▪ Send healthcare providers materials on our activities and products or developments in medical technology that Medtronic believes may be of interest to them; ▪ Manage, plan and arrange meetings between the healthcare provider and Medtronic representatives; and ▪ Generate customer lists for the purposes of market research.
When dealing with individual’s Identity Information, such as your health information, Medtronic will seek your written consent before using such Identity Information. In only such circumstances where required by law to disclose information or in the event where the Government of Bangladesh has requested such information for the purpose of verification of identity or for prevention, detection, and investigation of cyber incidents and the like, will we disclose your health information without your consent.
4. Cross Border Data Transfer
As part of a group of companies located in many different countries, we may disclose some Identity Information of yours to a Medtronic company or database overseas. The countries to which we are likely to disclose Identity Information include the United States, Singapore, Italy, Switzerland, and the Netherlands. In disclosing data offshore, Medtronic ensures that the use and disclosure of the individual’s Identity Information transferred is dealt with in accordance with this policy and the safeguards under Bangladesh Privacy Laws.
5. Transfer of Data to Third Parties
Medtronic will not sell or publish your Identity Information to any third party for any purpose. In the event your Identity Information is transferred to third parties in connection with our business operations or if it is necessary for the purpose of performance of a lawful contract, such transfer will only happen if you have consented to the transfer and only when such third parties have ensured that reasonable security procedures are in place for protection of such Identity Information.
All such third parties are required by Medtronic to process the individual’s Identity Information disclosed to them only for the purposes expressly authorized by Medtronic and are required by Medtronic to meet our standards of data protection and comply with the safeguards under Bangladesh Privacy Laws.
6. Data Security
Medtronic has put in place reasonable security procedures and safeguards to protect individual’s Identity Information we hold from misuse, loss, unauthorized access, modification or disclosure. Medtronic holds the Identity Information you provide to us in an electronic form on computer servers, which are password protected for limited access and are located in controlled facilities. However, Medtronic may also hold Identity Information in physical form, such as in paper hard copies. While Medtronic cannot guarantee against any loss, misuse or alteration to data, we take reasonable steps to prevent such occurrences.
Access to the individual’s Identity Information is restricted to those employees who need to use the data, who have been trained to handle such data properly and observe strict standards of confidentiality.
Medtronic destroys or permanently de-identifies individual’s Identity Information that we no longer need, where permitted.
7. Access, Correction, and Complaints
You have the right, in most cases, to access your Identity Information at any time. Medtronic takes reasonable steps to ensure that any information we hold about you is up-to-date, accurate and complete. If you wish to access or correct Identity Information we hold, or you have any questions about this Policy, please contact Medtronic’s Privacy Officer at privacyISC@medtronic.com, setting out a full description of the request.
If you have a complaint about how we have handled your Identity Information or consider that we may have breached our obligations under the APPs, please write to our Privacy Officer at privacyISC@medtronic.com or at:
Medtronic Bangladesh Private Limited
#606, Level 6, Shanta Western Tower, 186 Bir Uttam Mir Sawkat Road, Tejgaon Industrial Area, Dhaka -1208
Email: privacy ISC@medtronic.com
We will respond to your complain within a reasonable period, usually within 30 days.
7. Retention of your IDENTiTY Information
Medtronic will retain your Identity Information no longer than it is required for the purposes for which the information may lawfully be used or is otherwise required under any law in force. In many cases individual’s Identity Information must be kept for considerable periods of time in order to make it available as and when questions or disputes arise. Retention periods will be determined for each information that is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity.