This notice describes how Medtronic collects and uses information about you (“personal data”) in connection with the activities described below, including when you order Medtronic products and services, when you visit this website and Medtronic locations, when you contact Medtronic, or when you participate in Medtronic events, surveys, or clinical studies in the United States.

Unless set out otherwise below, the Medtronic company responsible for processing your personal data is Medtronic Inc. (together “Medtronic,“ “we,” or “us”).  

In this privacy notice, we will tell you what personal data we obtain about you, how we use that information, with whom we share it, what rights you have regarding your information, and how to contact us to exercise these rights. Medtronic and some of its affiliates, including Medtronic Minimed™, and our international affiliates, also operate other websites.

This privacy notice does not apply when you have been notified that an alternative notice applies (for example, on other Medtronic websites) or where Medtronic processes your personal data on behalf of your medical institution or healthcare professional in connection with your medical treatment. Your medical institution and/or healthcare professional is solely responsible for the processing of your personal data for the provision of your medical treatment and care. It also does not apply to data processing activities specifically relating to current or former Medtronic employees or applicants — the relevant notice may be requested by contacting Ask HR.


Download and print the privacy notice.

This section describes how Medtronic uses your personal data to provide you with therapies and related services. Unless we need your personal data in order to comply with laws and regulations, you are not required to provide information to us, but if you choose not to do so we may not be able to offer you certain services and related features or to respond to requests that you may have. The following situations are discussed in more detail below:

When you visit our websites or apps, we may collect and/or process your personal data (from your interaction with our sites) to learn more about how you use our site/app and services.

 

What personal data we obtain

  • Electronic device information, including identifiers associated with your devices, operating system type and characteristics
  • Internet and network activity information, including internet protocol (IP) address, domain name, web browser characteristics, language preferences, navigation, and your interactions with our site or app (such as the pages you visit, links you click, features you use, dates and times of access to our site/app, browsing history, search history, the pages that led or referred you to our site), and other information about your use of our site or app
  • Geolocation data, including approximate location information from your use of our site/app
  • Certain information by automated means, including cookies and similar technologies, such as Flash cookies, local storage, web beacons and pixels, JavaScript, software development kits (SDKs) and device identifiers

How we use your data

  • Ensure our sites or apps operate correctly and secure logins work properly
  • Improve visitor experience and learn how they use our sites/apps and their features
  • Provide you with enhanced functionality such as video content and show you targeted ads on other sites or social media channels

Depending on your location, some cookies may require your consent. See our cookie policy to learn more about our use of cookies and how to manage cookie setting and preferences.

When you create an account or register your device with us, we may collect and process your personal data to create and manage the account or to respond to your request for information about therapies or related services.

 

What personal data we obtain

  • Identification information, such as your name, user ID number, date of birth or age, phone number, email address, physical address, and mailing address
  • Location data, such as your country/region and language preference
  • Login credentials, such as your username/email address and password
  • Information about your medical device, such as its identification/serial number(s), model and type, and other status information related to it
  • Professional information of a healthcare professional account holder, such as your profession, your job title and your medical specialty, the name of the institution you work for, and your professional email address

How we use your data

  • Create and manage your account, including to authenticate you and ensure account security
  • Together with the information collected through our products or services, we may communicate with you about and provide you with the products and services you requested, unless you have been notified that an alternative notice applies to such use
  • Engage in health vigilance activities, post-market surveillance, recall, complaint, and quality monitoring, and similar activities, described below

You may make an inquiry, or require assistance or support, by contacting our customer service or support team by phone or email, or by using our “How to contact us” form, our chat tools, and automated communications assistants, or other customer support tools.

What personal data we obtain

If you contact our customer and support services to make an inquiry or request support, the types of personal data we obtain or process about you from that interaction include the following.

  • Contact information you directly submit to us, including name, title, physical, postal, and email address, and telephone number
  • Medical device identifiers or information, including device serial number
  • Demographic information, including country of residence, date of birth, and age
  • Preferences including preferred language
  • Session information and device and network identifiers including IP address
  • Other information about you necessary for dealing with your request, including data relating to your device or health if you’re a patient
  • Recordings and notes if we record the conversation we have with you
  • Other content posted or submitted by you including your relationship to Medtronic that you indicate, the type of healthcare provider you are if applicable, stage of education or training, and areas of interest

How we use your data

  • To respond to you, provide you with required support, and follow up on your request, including, where applicable, ensuring compliance with our regulatory obligations and establishing, exercising, or defending ourselves from legal claims
  • We may use automated communications assistants including “chatbots” and other contact aides to route, analyze, and respond to your customer and support service interactions, as well as to improve our automated communications assistants, products, services, and therapies.
  • We may also keep a record of the communications we have with you for evidentiary purposes and to train our personnel and improve the quality of our services. If you call us, you will be notified at the beginning of the call whether our conversation will be recorded.
  • To perform analytics and research
  • To improve our products, content, and services
  • To perform quality assurance and complaint handling functions
  • To detect, investigate, and respond to malicious and fraudulent activities
  • To debug and repair our products and services

Please note that, in some circumstances, we may use your data to provide technical support on behalf of and in the name of your medical institution or healthcare professional. This is the case if the Medtronic product or service you use was provided to your medical institution or healthcare professional as part of the services Medtronic provides to them. If that product or service requires technical support, we’ll use your data as directed by your medical institution and/or healthcare professional as part of your medical treatment. Contact your medical institution or healthcare professional to learn more about their use of your data for the provision of medical treatment or care.

As a manufacturer of medical devices, we are subject to regulatory obligations when we place (or make available or put into service) our products on the market. Compliance with those obligations require us to process personal data.

 

What personal data we obtain

The types of personal data we obtain or process as a manufacturer of medical devices, which may be obtained from your interactions with or submissions to our site, your account, your medical device’s registration or telemetry data, or from your healthcare provider(s), as well as from information you communicate to us or post on a public forum, include:

  • Data allowing the identification of the patient or person exposed to an adverse health event, such as age, year or date of birth, gender, weight, height, and identification number
  • Data relating to the identification of the product concerned, such as the type of product used, serial number, and implant date
  • Other information necessary for the assessment of an undesirable health event, such as professional life, health data, therapy data, consumption of tobacco, alcohol, or drugs, and life habit and behavior
  • Contact details of the person who made a complaint or notified us of an adverse health event, or of any health professional likely to provide details.

How we use your data

  • Conduct health vigilance related activities, including managing adverse health events and handling product complaints. We’ll do so to ensure compliance with our legal obligations and with high standards of quality and safety of healthcare and medical devices.

When we communicate with you directly to promote our product and service offerings (e.g., by email or phone), we will use your personal data to do so.


What personal data we obtain

The types of personal data we obtain or process about you to send you such communications include:

  • Information you have shared directly with us (e.g., when you complete a form to sign up for such communications), such as your name, email address and/or phone number, age, and status as a patient or caregiver, or — if you are a business customer, your professional details
  • Information that we have obtained through our interactions with you, such as expressions of interest you have made to our sales representatives
  • Publicly available information about you (e.g., from the public website of the medical institution where you work)
  • Metadata collected from cookies or similar technologies, including to understand how you have interacted with our website and whether you have opened or clicked on the content in the emails that we have sent you. For more information on how we use cookies, and your choices in that regard, see our cookie policy.

How we use your data

  • To tailor our communications to your specific interests and preferred method of communication
  • To avoid sending you communications that are not of interest or for which you have not consented
  • To follow up with you on the subjects that appear to be most relevant and useful for you. To this end, we may organize the data we obtain into interest-based groups

We will ask you to “opt-in” or consent to the use of your personal data for the purposes of such communications where required by applicable laws. You can decide at any time to stop such communications by using the opt-out procedure provided in the relevant message (e.g., clicking the unsubscribe link in our promotional emails), or alternatively by contacting us as specified in the “How to Contact Us” section below.

Please note that if you choose to no longer receive promotional messages from us, we may still continue to send you relevant information for other lawful purposes, such as to administer any account or contract you may have with us, send you communications of an operational nature (e.g., planned outage or updates), respond to your requests and as required by law (e.g., in case of a product recall).

When you visit our websites or apps, we may collect certain information by automated means, including cookies and similar technologies, such as Flash cookies, local storage, web beacons and pixels, JavaScript, software development kits (SDKs) and device identifiers. While personal data collected through these technologies is not shared for money or other similar compensation, the use of these technologies may be considered personal data sharing under applicable law. The types of technologies, purposes of use, parties involved, and controls available to you, which may vary across our digital offerings, are detailed in our cookie policy.

You may send us a private or direct message via social media, or you may communicate about us or Medtronic products on social media (e.g., if you participate in our online communities, share a comment about a Medtronic product, or tag Medtronic in your post).

 

What personal data we obtain
If you interact on social media with or about us, the types of personal data we obtain or process about you from that interaction include:

  • Social media information, such as your social media username, profile picture, country
  • Information about you that is contained in your comments, posts, or other content about Medtronic that you share on social media services

How we use your data

  • To review or respond to your message or comments, and where applicable, to provide you with the required support and take any necessary follow-up actions
  • Using your data to understand your feedback and improve our products and services if you communicate about us or our products 

You may visit our locations in order to interact with our personnel, to provide services or perform certain tasks.

 

What personal data we obtain
If you visit Medtronic locations, the types of personal data we obtain or process about you include:

  • Your contact information and visit details, such as your name, signature and arrival/departure time and date, to enable you to access our premises and provide you with a badge as applicable
  • Video recordings of you if we operate closed-circuit television (CCTV) systems in the location you visit

How we use your data
We will use this information for security and safety reasons, including ensuring the security of Medtronic personnel, property and assets, and complying with our internal security policies.

You may wish to participate in one of our physical or virtual events (such as workshops, meetings, webinars or live broadcast events), or we may ask you to share your story, provide a testimonial or take part in an interview about your treatment with a Medtronic product. In this case, we’ll need to process some personal data about you, as described below.

 

What personal data we obtain

If you participate in one of our events, testimonials or interviews, the types of personal data we obtain or process about you from your participation include:

  • Identification/contact information, such as your name (or a fictitious name to protect your privacy), email address, nationality, country  
  • Personal details, such as dietary requirements, where applicable
  • Professional information, such as your job type and title
  • Product(s)/service(s) of interest to you, where applicable
  • Health data, such as the medical condition treated by the Medtronic product (if you’re providing information as a patient)
  • Images, video and/or audio recordings of you, if our event/interview is filmed or recorded

How we use your data
We will use your data to organize and facilitate the event/interview, and conduct our educational, promotional, and advertising activities.

From time to time, we may invite you to participate in a Medtronic survey to gather your feedback to help us determine customer satisfaction levels, identify areas of potential improvement or to carry out market research.
 

What personal data we obtain
To the extent possible, we will gather your feedback in an anonymous manner. In some cases, however, the survey may gather identifiable respondent information. In such instances, the types of the personal data we obtain or process about you includes:

  • Identification/contact information, such as your name, email address, phone number
  • Professional details (if you are a business customer), such as your employer’s details, specialty, professional experience, professional qualifications
  • Opinions, views, or information you choose to provide us as part of your survey responses. If you’re a patient, this may include your age and information about your health, such as your medical condition, type of Medtronic product/services you are treated with, details of the medical procedure you underwent as a patient.
  • Where applicable, information collected by automated means (including cookies), such as your IP address, and survey metadata (e.g., the language you take the survey in, duration of your survey response, last date the survey was started)

How we use your data
We will use your personal data to conduct the survey, including to send it to you, allow you to submit your survey responses, prevent survey fraud, analyze the survey results, and improve or develop our products and services, accordingly. 

We perform clinical activities, including clinical studies, clinical investigations, clinical surveys and other studies or research activities. In this context, we process personal data of participants to these activities, as well as personal data of healthcare personnel involved in such activities.
 

What personal data we obtain
The types of personal data we obtain or process this way will vary depending on the research activity, but this will generally include:

  • Information indirectly identifying participants in those research activities (such as age or date of birth, place of birth, gender, country and department of residence, serial number or alphanumeric code excluding first and last name)
  • Where applicable, administrative data identifying participants that may be obtained by our service providers (such as first and last name, contact details, bank details) for very limited purposes, including to reimburse transport costs and/or to pay compensation
  • Data concerning participants’ health, including vital status, and any other sensitive data, as relevant to the subject of the research activity (such as participants’ ethnic origin or data concerning sexual life)
  • Dates relating to the conduct of the research activity, including the date of inclusion
  • Details of participants’ personal and professional life, such as family situation, current profession, business trips, consumption of tobacco, alcohol, drugs, lifestyle habits and behaviors, and any other relevant information
  • Insurance information, including health insurer or payer information
  • Participation in other research activities
  • Reimbursement of costs incurred by the participant
  • Annual amount of compensation received

For such activities, we typically have no access to directly identifiable information about patients as that information is kept confidential by the relevant healthcare professional except if required for the purposes of the study.

If you’re a healthcare professional involved in our (clinical) research activities, the types of personal data we obtain or process about you include:

  • Identification data, such as name, gender, professional contact details, bank details
  • Training and qualifications
  • Other relevant details of professional life (e.g., professional curriculum)
  • If applicable, identification number in the directory of health professionals
  • Amount of compensation and remuneration received
  • Collaboration in research activities
  • History of access, and connection to the medical data of participants in the research activities, where relevant

How we use your data

  • To carry out research activities in the public interest, including to generate evidence to submit to health regulatory authorities in order to comply with our medical device manufacturer’s obligations, to assess the safety, performance and quality of our medical devices, and to develop and improve the safety and performance of these medical devices aiming at enhancing and improving healthcare

We will do so based on your consent or as required by applicable law in conducting research activities, for scientific research, or to ensure high standards of quality and safety of our products and services.

 

The Medtronic entity responsible for the processing of your personal data is the sponsor or Medtronic entity that determines the purposes of the clinical study or research project, as indicated in the clinical study or research documentation or in other relevant documentation provided by the healthcare professional in connection with the clinical or research activities you participate in.

In some circumstances, we process personal data to comply with applicable legal requirements and our policies, to perform auditing and other internal functions, or for litigation and dispute resolution purposes.
 

What personal data we obtain
When this is the case, the types of personal data we obtain or process about you include:

  • Your identification and contact information
  • Other information as is necessary and relevant to the particular case; e.g., in the event of an (internal) audit, information contained in documents and materials audited, or in the event of litigation, information gathered in the evidence necessary for the litigation

How we use your data
We will use your information — in an anonymized, de-identified or redacted form, where appropriate — in order to:

  • Fulfill our contract with you when it is our legal duty
  • Support and manage our therapies or related services by our service providers and/or business partners
  • Manage our relationship with you and keep our records up to date
  • Manage websites for healthcare professionals, account access support, verify your personal identity as needed for us to provide our therapies or related services, online support, and related services safely and lawfully
  • Properly administer our business, therapies, or related services
  • Enforce, establish, exercise, or defend our legal rights, including this privacy notice and other rules about use of our product or services
  • Protect and secure websites, networks, systems, data, and services Medtronic provides to our customers
  • Manage compliance with our policies, including conducting (internal) audits, investigations, or due diligence checks for the above reasons
  • Understand how to improve our therapies or related services
  • Comply with applicable legal requirements, regulations, court orders, or other legal processes

With the authorization of your medical institution, the data obtained as part of the services provided to your medical institution may be further used to support and improve those services, including to improve and develop Medtronic products and services, to conduct benchmarking, business analytics or market research, to train and educate Medtronic personnel or healthcare professionals, or to support regulatory filings and the reimbursement of Medtronic products and services. 

Some of the data we collect and use is considered sensitive under applicable laws, which may include, for example, health- and financial-related data and genetic/biometric data. Our collection and use of sensitive personal data is limited to that which is necessary to provide you with your requested services, including treating your condition, and for additional purposes for which you have provided your consent. You can choose to withdraw or withhold your consent. However, where your sensitive data is necessary to provide you with services, you will not be able to use those services.

We may ask that you, your caregiver, your account administration, or any individual authorized by you not to send or disclose any other personal data other than the data that we may ask you to provide.

By disclosing the phone number(s) you provide to Medtronic, we may contact those number(s), including via text, SMS, or voice call, for the transactional purposes defined in this privacy notice, as well as for responding to requests you make of Medtronic. If you provide an additional consent for marketing communications, Medtronic may then contact you by telephone for marketing, advertising, or offers of sale of Medtronic therapies or related services as well.
 

When making contact by telephone, we may use automated technologies (including recordings and auto-dialing), and telephone, airtime, message, and data rates may apply. By providing your phone number(s) and/or consent(s), you certify that (a) you are age 13 and older, (b) the contact information you provide is yours, and (c) you authorize and consent to use of the information provided for Medtronic to contact you. Consent is not a condition for purchase or services. You may opt out of telephonic contact from Medtronic using automated technologies and for marketing communications at any time by texting ”STOP” in reply to a text message or for marketing messages, signing into your Medtronic profile and updating your communication preferences.

In the ordinary course of business in carrying out the purposes described in this notice, we may share your personal data with certain categories of third parties, including:

  • Medtronic-affiliated companies: Given the corporate structure of Medtronic, your personal data may be shared with other affiliates within the Medtronic group.
  • Service providers: We may share personal data with relevant third-party service providers, who act on our behalf to fulfill the activities noted in this privacy notice, including IT providers, providers of communication tools and customer relationship management systems, survey tool providers or platforms, event organization management tool providers, outsourced operations such as accounts payable providers, email automation tool providers, cloud hosting service providers, and contract management platform providers.
  • Healthcare providers and regulators: As described above, we may disclose personal data to your physician to coordinate or manage your healthcare and related services. This may also include other healthcare provider(s) who, at your request, become involved with the management of your care, online account, or related services. Medtronic may also disclose your personal data to health oversight agencies such as government regulators to support with audits, investigations, and inspections.
  • To business and other specialists: We may share personal data with external organizations with which it has partnered (such as research partners and as part of co-branding initiatives), and with external specialists or professional advisors within a particular field (such as lawyers, consultants, tax advisors, auditors, specialist delivery providers, banks, payment service providers, and benchmarking agencies).
  • Parties to a corporate transaction: We may share your personal data as necessary with parties to a potential, pending, or in process corporate transaction, such as if we sell or transfer all or a portion of our business or assets, or if we undergo a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation.
  • For legal and other related interests: We may share personal data where:
    • Required by law
    • Required to disclose and/or share your personal data with regulatory, public, or governmental authorities to comply with any law, regulation, court order, legal, or government request
    • Allowed or required by law for public health purposes, including reporting complaints and quality issues to medical device regulators
    • Needed to protect its own or others vital interests, including the safety of life and property, or for investigating illegal or malicious activities, where allowed by law
    • Needed to exercise or defend legal claims
    • Needed with its corporate affiliates, who have the same privacy requirements
  • Others, per your request: With your consent, we may share your personal data with other parties you choose, such as your caregivers. 

In some cases, Medtronic may transmit, or store personal data collected with affiliates, vendors, or sites in other countries. We will only transfer personal data as allowed by applicable law to further the purposes set out in this document. Where personal data is transferred to another country, we take administrative and technical measures to ensure adequate safeguards and protections are applied as provided for by applicable law. In cases where personal data is transmitted to other countries, we will ensure that safeguards equivalent to those required by applicable data protection laws are in place. For more information on the safeguards implemented by Medtronic, please contact us via email.

For more information on Medtronic affiliates (including those affiliates to whom personal data may be transferred) please consult Exhibit 21 of the most recent annual 10-K filing, available at SEC Filings.

We will only keep your personal data for so long as necessary to fulfill the purposes for which we are allowed to use them, as set out in this privacy notice. Your data may be archived for longer in order to take into account applicable statute of limitation periods, or as otherwise required by law. For more information on the retention of your personal data, contact us as indicated in the “How to contact us” section below. 


You may have some of the rights below relating to your personal data, depending on applicable laws. Additional information may be found in the specific jurisdictions section.

  • Access your personal data and confirm how your personal data is being processed.
  • Transfer or obtain a copy in a structured, machine-readable, or portable format.
  • Correct or amend if it is incomplete, inaccurate, or outdated.
  • Request deletion of your personal data, which in some cases may be fulfilled by restricting, obfuscating, de-linking, or deidentifying that data.
  • Restrict or limit excessive or unlawful processing, where the accuracy of the data is contested.
  • Object to or opt-out of processing in circumstances where Medtronic claims a legitimate interest in its processing and where your rights outweigh those of Medtronic, such as where that data is used for direct marketing (including email or telephonic marketing).
  • Withdraw (or manage) consent where it is the basis for processing, which may include cases where the data is sensitive or about children. Where consent is revoked, we will not further process that data unless required or otherwise permitted by applicable law.

Exercising your rights

How to exercise your rights. You or your authorized agent may exercise these rights at any time or contact us with any inquiries through the methods provided in the “How to contact us” section below.
 

Process. We will first confirm that we have received your request. For rights requests, we are required to verify your identity, your right to access the information requested, and, as applicable, your authorized agent’s authority to act on your behalf. We may need to ask you for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose.
 

After the validation of identity and authority (including if we do not receive that information), we will process your request and then contact you with our response to your request, including any data and reasons for rejection as applicable, within the time required by applicable law. If we need more time, we will notify you in accordance with applicable law.
 

Fees. We may charge a reasonable fee in some geographies to process or respond to your request only if allowed by applicable law, for instance if it is excessive, repetitive, or manifestly unfounded. If a fee is warranted, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
 

Additional options. Depending on your jurisdiction, you may have additional options if you are dissatisfied with our response:
 

You may internally appeal or contact our data protection officer if you disagree with a decision we made about your rights. Please include a copy of or reference to the decision.
 

You may also complain to a data protection or regulatory authority if you have further concerns about our data practices or our response to a request. If you need information about which authority may apply to you depending on your location and circumstances, please contact us.
 

You will not be discriminated against for your exercise of your rights. This does not necessarily include, depending on applicable law in your jurisdiction, cases where a difference in price or services offered is reasonably related to the value provided by your data, or where you consent to participate in a voluntary loyalty or similar incentive program.

 

We do not intentionally collect personal data from children (as defined by applicable law) unless we have received verifiable consent (from the parent or the child, depending on the requirements of applicable law) unless a legal requirement or vital interest applies. If you believe we have collected personal data from a child, contact us using the information found in the “How to contact us” section.

United States of America
 

  • Past practices. The statements in this notice are our data processing activities for the described scope of the notice both as current and within the past 12 months.
  • Protected health information under HIPAA. This notice does not apply to our data processing activities and practices for Protected Health Information (PHI), which is regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In those cases, you may have received a Notice of Privacy Practices from Medtronic or your health care provider which will govern that data use. Data governed under HIPAA may be deidentified through either or both the Safe Harbor and Expert Determination methods. While that data is then deidentified, Medtronic does not, and will not permit others to, reidentify deidentified PHI except as required by applicable law or as directly consented to by the subject of that PHI.
  • Sales/sharing of personal data: Medtronic does not sell your personal data for money or other consideration, nor share it for direct or behavioral marketing purposes, with unrelated third parties, except as described in the cookies and similar technologies paragraph.
  • Right to opt-out or object. As noted above, you may have the right to opt-out of some processing, such as sharing data with third parties for their own or for cross-contextual marketing, sales of personal data, making certain decisions or profiles about you by automated or artificial means, or certain kinds of automated/prerecorded telephonic messages.
  • Right to restrict or limit. In some jurisdictions you may have the right to restrict some processing if the data is sensitive and used for purposes additional to delivering requested goods/services.
  • Exercising your privacy rights. United States residents can file a privacy rights request by sending an email or by calling 1-866-639-6907. You do not have to create an account with us to submit a request.

This privacy notice may be updated periodically to reflect changes in our personal data practices. We will indicate at the top of the privacy notice when it was most recently updated. You can read the previous version of our privacy notice here.

If you would like to exercise your privacy rights or if you have any questions about this privacy notice you may contact us as follows:
 

General inquiries (all geographies): By email.
 

U.S. inquiries: By email via the general inquiries email address or phone: 866-639-6907. You may also send mail to our general-purpose corporate mailing address:
Medtronic, Inc.
710 Medtronic Parkway Northeast,
Fridley, Minnesota 55432-5603,
USA