Medtronic privacy notice - business to business

This privacy notice tells you how we use information that we collect about you in the specific situations concerning you or your company or institution’s commercial relationship with Medtronic as an actual or prospective business to business (B2B) partner, including as a: 

  • customer or purchaser of Medtronic goods or services;
  • supplier of goods or services to Medtronic; 
  • distributor, agents or sales intermediaries of Medtronic goods or services; or 
  • another contracting partner with Medtronic.

This privacy notice does not apply to situations where we have notified you that an alternative privacy notice applies or where Medtronic acts as the data processor (e.g. Medtronic may process Personal Data on behalf of some B2B partners in the course of delivering certain products or services). 

  1. Introduction
  2. Personal Data Categories 
  3. Purposes and Legal Basis for Processing
  4. How Long does Medtronic Keep Your Personal Data For? 
  5. Cross Border Data Transfers 
  6. Data Sharing
  7. Security of Your Personal Data
  8. Your Rights
  9. Contact Us

Introduction

Medtronic (hereinafter referred to as “we”), as a leading provider of healthcare products, services and solutions, may have a need to process certain information which can identify you (“Personal Data”) in the course of our commercial activities. This privacy notice describes Medtronic’s practices regarding our collection and use of your Personal Data in relation to the B2B scenarios described in this privacy notice. We encourage you to read this privacy notice carefully.

Personal data categories

In connection with our commercial relationship with you or your company or institution, Medtronic may process the following categories of Personal Data:

Contact and Account Log-in Details

When you come into contact with Medtronic for commercial purposes, we may collect Personal Data to facilitate our communication and negotiations with you such as: first name, last name, academic prefix or courtesy/honorific title, email address, telephone number, postal address/zip code, profession, therapy group, primary medical specialty, hospital/clinic name, city, and country of practice. If a platform is used to facilitate our dealings, commercial transactions or performance of our respective contractual obligations then we may also need to record your access credentials (e.g. for supplier replenishment request platforms or distributor stock management tools).

Due Diligence Information

Medtronic may conduct due diligence screening of business partners, including distributors, agents or sales intermediaries, to assess their integrity, quality, credibility and compliance with laws. In such circumstances, information about you and individuals who are current or former employees, officers, directors, partners or significant owners of your business may be collected including but not limited to: name, title, business contact details, address, nationality, passport number, company ownership details, beneficial or other interests in the business, ownership or interests in other businesses, current or former positions or associations with governmental, public or international organizations (including any family member positions or associations), establishments or operations in sanctioned countries, and details of any individuals listed on restricted parties lists. 

Repair/Maintenance Activities

Medtronic may process certain information in connection with repair or maintenance activities carried out or paid for by Medtronic including but not limited to details of B2B partner personnel submitting and performing repair/maintenance requests, and associated mileage and expenses, as applicable. 

Transparency and Compliance Reporting Information

Medtronic may collect certain information to track and manage reports of compliance violations, and to enable compliance with transparency requirements, in particular concerning payments to healthcare professionals and organizations. Such information may include: basic identity information, contact details, professional activities and affiliations, professional qualifications, amounts paid and products or services supplied, financial information (including bank account), physician number or nurses and allied professional number and tax ID number (if required by applicable law), and other relevant information included in compliance reports. 

Details Relevant to Contract Performance

We may process Personal Data in order to perform and administer our contract, including but not limited to: basic identity information, contact details, professional activities and affiliations, professional qualifications, financial information (which may include amounts owning, credit details if necessary for credit checks, or bank account or credit card information if relevant to the method of payment), details of goods provided/services performed, details of services performed by our B2B partner personnel, expenses incurred and relevant Personal Data appearing on invoices and shipping documentation. 

Meetings and Events (Including Remote Meetings that may capture Images/Video/Audio) 

Your commercial interactions with Medtronic may involve meetings or attendance at Medtronic organized events, including remote meetings and events that make use of a platform that will facilitate interactions by transmitting your audio, video and/or image to Medtronic or other participants.  You will be informed if Medtronic intends to actually capture and record any Personal Data in the form of photographs or audio or video recordings during such meetings for further use. 

Training/Education and Certification

Medtronic may engage in training, education and certification of third party business partners, including personnel of our distributors, agents, and repair centers. The personal information processed for this purpose may include: name, contact details, position, qualifications, organization, training completed and the outcome of any assessments carried out.  

Travel Information

To organize and facilitate in-person commercial meetings and events we may process additional Personal Data needed for travel and event management purposes such as: national ID/passport number and expiry date, nationality, dietary and travel preferences, logistics and travel details, expenses.

Professional Profiles 

Medtronic may also identify and compile available information regarding current and prospective B2B partners in order to assess the feasibility of any future contracting opportunities (this may include healthcare professional qualifications, specialties, publications and previous engagements). In order to manage our interactions, engagements and support services Medtronic may also create and maintain commercial, professional or interest-based profiles based on identified, inferred or derived characteristics, interests or key skills of current or prospective B2B partners.

Cookies and Website Analytics 

To the extent that our commercial interactions may make use of a Medtronic website, we may also use cookies and similar technologies to analyze website visits for purposes of developing and improving the website user experience and other notified purposes. For more information, please consult the cookie policy displayed on the relevant website. 

Additional Information

If you provide any additional information to Medtronic, we will process such data in accordance with this privacy notice.

Purposes and legal basis for processing

Contract

We may process your Personal Data for the purpose of entering into or performing a commercial agreement (or contract) with you and such serves as our legal basis for processing your Personal Data for the following purposes:

  • To enter into and perform the contract, including: to negotiate and agree on the contract terms, to send you relevant communications and to perform the essential elements of the contract (which may include accounting activities, shipment and tracking of goods, stock reporting, invoicing, payment processing, debt collection, and gathering feedback via surveys or interviews, as applicable).    

Legitimate Interests

When we process your Personal Data for carefully considered purposes based on the legitimate interests of Medtronic or another party, we do so, based on our assessment that such legitimate interests do not override your data protection rights. We may process your Personal Data for the following purposes, based on legitimate interests:

  • To conduct due diligence screening on our actual and prospective commercial partners;
  • To investigate and report any potential compliance violations;
  • To perform our contractual obligations in situations where you are not a party to the contract;
  • To assess and identify areas of optimization or improvement under our contract;
  • To measure the effectiveness of internal processes;
  • To optimise the experience and the services provided under our contracts, by tracking and managing individual and account-based processes;
  • To track and analyze performance under our contracts and gather relevant feedback (whether through surveys or otherwise) in order to assess key performance indicators, measure deliverables, measure customer satisfaction levels, identify areas of potential improvement or carry out market research;
  • To aggregate Personal Data to a level where you are no longer directly identifiable. Such information is used to create and communicate statistics in order to gain a better understanding about our commercial activities (including expenditure, business needs, and strategy development). 
  • For the organization of Medtronic events and meetings: to enable you to attend Medtronic events and meetings and authenticate your access (including through issuance of attendee badges, as applicable); to facilitate your participation in any interactive Medtronic sessions; to allow you to effectively engage with Medtronic personnel and other participants (including in a virtual environment); 
  • To use imagery, audio or video footage from Medtronic training, events or meetings for educational, promotional or other legitimate business purposes. In such circumstances Medtronic will take measures designed to reasonably protect your privacy rights.  
  • To compile professional profiles for purposes of managing our engagements and interactions with you. 
  • To send you communications regarding products or services that may be of interest to the extent permissible (see further Marketing Communications below);

Legal rights and obligations

We may also process your Personal Data on the basis of our legal right or obligation do so in order to:

  • Comply with laws including those regarding transparency, clinical investigations and the management of training on the safe and effective use of our products; 
  • To track, manage and report compliance approvals and violations;
  • In the event of a legal claim: for the establishment, exercise or defense of any such claims.

Consent

We may also process your Personal Data for other purposes for which you have specifically given consent. Such purposes may include:

  • Use of your image or audio or video footage for educational, promotional, or other legitimate business purposes to which you specifically consent;
  • Gathering feedback via surveys or interviews not otherwise based on legitimate interests or contract;
  • Where consent is required to send you communications regarding products or services that may be of interest (see further Marketing Communications below);
  • In case we need to process any sensitive Personal Data (such as health data) in connection with our B2B relationship with you, we will only do so on the basis of your explicit consent.

Marketing communications 

To the extent that we send you communications regarding products and services that we believe may be of interest to you, we will only do so on the basis of legitimate interests or your consent, where required under applicable laws. For example, you may be provided with the opportunity to sign up to receive such communications through our ordering platform. You may at any time opt-out of receiving such communications via the opt-out mechanism included in the relevant communication, or by Contacting Us as set out below. In case you ask Medtronic to send you a particular communication (e.g. to send you a certain product brochure) we may also use the contact details that you provide for this purpose.  

How long does Medtronic keep your personal data for?

Your Personal Data will only be retained by Medtronic for so long as necessary and relevant to fulfill the purposes set out herein and may be retained beyond the duration of your business relationship with Medtronic to enable us to fulfill such purposes and comply with legal requirements, including compliance and record retention regulations.

For more information on where and how long your Personal Data is stored, please Contact Us.

Cross border data transfer

Personal Data may be processed by Medtronic and its affiliates, as well as its third-party service providers, contractors and consultants inside and outside the jurisdiction where it was received. Where there is a need to transfer your Personal Data within Medtronic or to our third party service providers, we will ensure that there are appropriate safeguards in place to protection your information as required by applicable laws. When European Personal Data is transferred outside the EEA, UK or Switzerland, we use approved legal mechanisms, which may include standard data protection clauses (EU Model Clauses), to meet data protection laws and requirements. For more details please Contact Us.

Data sharing

We may use third parties in order to achieve the purposes set out in this privacy notice including:

  • Enterprise Resource Planning (ERP) platform providers
  • Customer Relationship Management tool providers
  • Email Automation tool providers 
  • Due Diligence Screening providers 
  • Outsourced Operations, such as Accounts Payable service providers 
  • Credit Check agencies
  • Debt Collection service providers
  • Connectivity Tools (e.g. video conferencing tools) 
  • Survey Tool providers or platforms
  • Event Organization Management tool providers
  • Contract Management Platform providers (including for collection of digital signatures)
  • Compliance Reporting Tool providers
  • Cloud Hosting Service providers
  • Postal Services, Couriers or other Freight Services providers  
  • Professional Advisors (e.g. consultants, legal advisor, auditors)

Where required, we will enter into binding agreements with such third parties to ensure that your Personal Data is always processed in accordance with applicable data protection laws and regulations.

Please note that subject to applicable laws, we may need to disclose your Personal Data if required to do so to comply with any law, regulation, court order, legal or government request. In the unlikely event that all or part of our business is subject to a potential acquisition by a third party, your information may be transferred to the prospective corporate owner insofar as relevant to the business in question and subject to appropriate safeguards being in place.

Security of your personal data

Medtronic is committed to protecting the security and confidentiality of your Personal Data. We use technical and organizational measures designed to protect your Personal Data against unauthorized or unlawful destruction, loss, alteration, disclosure or access.

Your rights

Subject to applicable law, you may have the right to:

  • Request access to the Personal Data we have concerning you
  • Request rectification, erasure, or restriction of the processing of your Personal Data (including deletion of your learning management account).
  • Object, based on your particular situation, to any use or processing of your Personal Data which we have based on our legitimate interests;
  • Request your Personal Data in a structured, commonly used and machine-readable format (data portability)
  • If we use your Personal Data based on your Consent, you can withdraw your Consent at any time and discontinue the relevant data processing activities. Note that this does not affect the lawfulness of processing based on Consent before your withdrawal. 

Please note that we may keep using aggregated data (statistics, trends), even after you request deletion of your Personal Data or withdraw your consent, as there may be no technical means available to isolate or identify the data elements to exclude.

Please note that the above rights are generally applicable to situations where Medtronic offers our services, or is based, in Europe but may be limited in some other jurisdictions according to applicable law. 

To exercise these rights, or for more information, please Contact Us. Please note that in accordance with applicable laws, we may ask you to provide some proof of identity before we can process your request.

Subject to applicable law, if you are not satisfied by the response you receive, or if you consider your privacy rights have been breached, you may lodge a complaint with a data protection authority, in particular in the country of your habitual residence. 

Contact us

The Medtronic entity identified in the relevant commercial contract or other documentation provided in connection with your B2B relationship with Medtronic is your primary point of contact for Medtronic. Please note that in some cases your company or institution may be jointly or independently responsible for the processing of your Personal Data as part of a commercial engagement or collaboration with Medtronic, in which case your institution or employer should be your first point of contact in that regard. 

 

Medtronic’s Operational Headquarters is located at:

Medtronic, Inc.

710 Medtronic Parkway

Minneapolis, MN 55432-5604

USA

 

Email: globaldataprivacyoffice@medtronic.com 

 

Medtronic’s EMEA Headquarters is located at 

Medtronic International Trading Sárl

Route du Molliau 31

1131 Tolochenaz

Switzerland

Email: privacyeurope@medtronic.com

We recognize that data protection is an ongoing responsibility, so we may update this privacy notice from time to time.