Data Privacy Statement

Introduction

Medtronic (hereinafter referred to as “we”) provides training, education and event management services to healthcare professionals, delivered through various learning modalities, focusing on the safe and effective use of Medtronic products and services or specific to a disease or protocol (hereinafter referred to as “Services”). Medtronic has implemented an online Learning Management System, a Global Event Management Program, and a Customer Relationship Management system to deliver the Services (hereinafter referred to as “Platform”) to healthcare professionals (hereinafter referred to as “you”).

We Process your Personal Data, strictly relevant to the provision of the Services. We understand that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy Statement describes Medtronic’s practices regarding its collection and use of your Personal Data and sets forth your privacy rights. We encourage you to read this Privacy Statement carefully.

Definitions

By ‘Personal Data’ we mean any information which relates to an identified/identifiable natural person, in other words, any information which can lead to knowing who you are (either directly or indirectly) is qualified as ‘Personal Data’.

By “Special Categories of Personal Data”, we mean any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

By “Processing” we mean any operation which is performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restrictions, erasure or destruction.

By “Consent” we mean your freely given, specific, informed and unambiguous (not subject to misinterpretation or more than one interpretation) indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the Processing of your Personal Data.

By “Aggregated Data” we mean that data from different sources are combined to observe trends and patterns over a large population/group. By using a large population/group and deriving statistics from it, we minimize identification to unique individuals.

Data Categories

For the provision of our Services, we Process the following categories of Personal Data:

  • Contact and account details – when you register for the Services, we collect: first name, last name, email address, postal address, profession, therapy group, primary medical specialty, hospital/clinic name, city, country of practice, access rights, username and password. In case required by national law, physician number, nurses and allied professionals number will be collected.
  • Training & education data – when you enroll into a learning pathway via the Platform you will generate data each time you participate in an event, which is linked to your personal account. For this purpose, we Process course attendance, learning program progress, assessment/observation results at single question level, course evaluation, course completion, certification, training exemptions, results of knowledge tests, and feedback assessments. Such data is linked to your personal account.
  • To provide you with in-person training or organize/ facilitate a Medtronic event, we will Process the following additional Personal Data needed for trip and event management purposes: national ID/passport number, dietary and travel preferences, logistics and travel details, expenses.

Purposes for Processing

We Process your Personal Data to provide the Services to you, based on your free choice to enroll / participate in our Services. Such enrollment serves as our contract with you or with the organization on whose behalf you subscribe /participate (hereinafter referred as a “Contract”) and such serves as our legal basis for Processing your Personal Data.

If as part of the Services we need to Process Special Categories of Personal Data, we will only do so upon your explicit Consent, which you can withdraw at any time.

To provide you with the Services, we will Process your Personal Data for the following purposes:

  • For the provision of the Services: create and maintain your account, create charts, tables and reports which can help you understand your progress through Medtronic learning pathways, enable Medtronic to provide you with additional training and education content and other information to assist you with your training and education experience;
  • To facilitate event/conference support, provide you with notifications with conference information (registration, schedule, venue) and follow up (event/conference related surveys, thank you notes);
  • For the travel booking and reservation services on your behalf and confirmation of reservations made in your name in the event that you need to travel to an in-person training and/or Medtronic event.

When we Process your Personal Data for carefully considered and specific business purposes which are in our legitimate interests and which we believe also benefit you and ultimately your patients, we do so, based on our assessment that our legitimate interests do not override your freedom and data protection rights. We consider the following purposes in our legitimate interest:

  • To get a better understanding on how effective our Services are;
  • To identify where our Services may require improvement;
  • To get a better understanding about the use of our training and education services and to optimise the digital learning experience, we will track and manage individual and account-based learning paths and progress and analyze such data within the Platform;
  • To get a better understanding of event participation and effectiveness;
  • To measure performance metrics and survey results, to improve training effectiveness;
  • To aggregate Personal Data to a level where you are no longer identifiable. Such information is used to create and communicate statistics on the general use of our Platform with respect to:
    • Gain better understanding about the use of our products and training and education services;
    • Measure expenditure of our training and education activities and face to face events per region / Business Unit to better understand business needs and further develop our strategy;
    • Training delivery on categories like medical specialty, country of practice;
  • To get better insights in the resources and costs associated with providing our Services;
  • To track and manage compliance approvals and violations;
  • In the event of a legal claim for the establishment, exercise or defense of a legal claim.

You have the right to object to Processing of your Personal Data for the above-mentioned purposes in the context of our legitimate interests. If you wish to do so, please send an email to rs.privacyeurope@medtronic.com.

Is it compulsory to provide access to your Personal data?

You provide Medtronic with your Personal Data based on the Contract in place between Medtronic and you for the provision of the Services. If you choose to not provide your minimum required Personal Data to register on the Platform, we will not be able to provide you with our Services, as we will not be able to evaluate if you are a healthcare professional permitted to access Medtronic training and educational materials.

In the event we plan to process your Personal Data for other purposes than those described in this Privacy Statement, we will only do so based upon your Consent, please note that you are under no statutory or contractual obligation to provide your Consent for these additional purposes.

How long do we keep your Personal Data?

Your Personal Data is stored by Medtronic on its server in the United States and on third party servers located in the United Kingdom. Your Personal Data will be retained beyond the duration of your business relationship with Medtronic to enable us to comply with legal requirements to demonstrate adherence to Medtronic’s obligation to manage training to Healthcare Professionals for safe and effective use of our products.

For more information on where and how long your Personal Data is stored, and for more information on your rights of erasure and portability, please send an email to rs.privacyeurope@medtronic.com.

Cross-border data processing

Personal Data is Processed by Medtronic and its affiliates, and its third-party processors inside and outside the European Economic Area (EEA). When Processed outside the EEA, we will make sure that this cross-border Data Processing is protected effectively and lawfully. We use standard data protection clauses (EU Model Clauses) as an approved legal mechanism to meet data protection laws and regulations requirements. A copy of our standard data protection clauses, can be requested by sending an email to rs.privacyeurope@medtronic.com.

Data sharing

Please understand, that the Platform and individual components of the Platform are provided by third party providers. The Learning Management System through which you can log-in to receive training and education services is provided through the Cornerstone on Demand IT platform. The Virtual Classroom service through which you can participate in live interactive educational sessions is provided through the Adobe Connect IT platform. In the event that your specific learning pathway includes in person training or you wish to participate in a Medtronic event, your event registration and participation, travel booking and other reservation services is provided through the Cvent event management system. We have entered into binding agreements with these service providers which include data processing clauses to ensure that your Personal Data is always Processed in accordance with applicable data protection laws and regulations.

Such third-party providers may only Process your Personal Data based on our instructions. All third-party providers and any sub-contractors involved in the provision of the Services have the legal obligation to meet all requirements of applicable data protection laws and regulations and to comply with Medtronic’s privacy, data protection and security Policies and Standards.

Security of your Personal Data

Medtronic is committed to protect the security and confidentiality of your Personal Data. We use technical and organizational measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data transmitted, stored or otherwise Processed.

These technical and organization measure include, but are not limited to updating and testing our security technology on an ongoing basis. We restrict access to your Personal Data to those individuals who need to know that information to provide the Services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Your rights

As a customer of our Services for which we Process your Personal Data, you have the right to:

  • Request access to the Personal Data we have concerning you;
  • Request a rectification, erasure, restriction of Processing of your Personal Data;
  • Object to Processing your Personal Data;
  • Data portability (request us to provide you with your Personal Data in a structured, commonly used and machine-readable format);
  • Right to be forgotten – In the context of the Learning Management Services this is achieved by the requesting your account to be deleted.
  • If we collect Personal Data based on your Consent, you can withdraw your Consent at any time and discontinue Medtronic’s data Processing activities. Note that this does not affect the lawfulness of Processing based on Consent before your withdrawal. Also, please note that we will keep using Aggregated Data (statistics, trends), even after you would withdraw your Consent, as there are no technical means available to isolate or identify data elements to exclude.
  • File a complaint with a supervisory authority.

To exercise these rights, please send an email to: rs.privacyeurope@medtronic.com.

Controller
Medtronic International Trading Sàrl
Route du Molliau 31
1131 Tolochenaz
Switzerland

Controller's Representative
Medtronic B.V.
Earl Bakkenstraat 10
6422PJ Heerlen
The Netherlands

Email address: rs.privacyeurope@medtronic.com

This Privacy statement is published in November 2019.
We recognize that data privacy is an ongoing responsibility, so we will update this Privacy Statement in case we undertake new Personal Data practices or adopt new privacy policies. Medtronic will inform you where there are any changes to this Privacy Statement.