MEDTRONIC WEBSITE PRIVACY STATEMENT

INTRODUCTION

Privacy is very important to us. We also understand that privacy is very important to you. This Privacy Statement tells you how we protect and use information that we gather through this Medtronic website based in the United States. Medtronic and some of its affiliates, including Medtronic Minimed, and our international affiliates, also operate other websites. This Privacy Statement does not apply to the other Medtronic websites. You should review the Privacy Statement posted on other Medtronic websites when you visit them. This website and this Privacy Statement are intended for a U.S. audience.

By using this website, you agree to the terms of the most recent version of this Privacy Statement. Please read our Terms of Use to understand the general rules about your use of this website. Except as written in any other disclaimers, policies, terms of use, or other notices on this website, this Privacy Statement and the Terms of Use are the complete agreement between you and Medtronic with respect to your use of this website. You may be subject to additional terms that may apply when you access specific services or materials on certain areas in this website, or when you follow a link from this website.

WHAT IS PERSONAL INFORMATION?

Personal information is information that we can use to specifically identify you, such as your:

  • Name
  • Address
  • Unique personal identifier (e.g., device ID, online identifier)
  • Internet Protocol address
  • Email address
  • Telephone number
  • Account name
  • For U.S. healthcare providers, a National Provider Identifier# (NPI) and/or a state license number
  • Social security number
  • Driver’s license number, or
  • Other similar identifiers
  • Characteristics of protected classifications under state/federal law (e.g., age, race, sex, medical condition, etc.)
  • Medical information
  • Health insurance information
  • Financial information, including credit card numbers
  • Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
  • Commercial information (e.g., purchase history)
  • Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
  • Professional, employment-related, or other similar information

In some places on this website you have the opportunity to send us personal information about yourself, to elect to receive particular information, or to participate in an activity. For example, you may fill out a registration form, a survey, or an e-mail form and you may elect to receive educational material about our products and therapies.

You also may choose to allow us to personalize your visits to the website, in which case we will ask you for certain personal information to make your visits to our website more helpful to you. When this information is combined with the information that we collect through cookies (described below), we will be able to tell that you have visited our website before and can personalize your access to our website, for example, by telling you about new features that may be of interest to you.

HOW DOES MEDTRONIC KEEP AND USE PERSONAL INFORMATION?

We may keep and use personal information we collect from you through this website to provide you with access to this website. In addition, we may keep and use your personal information:

  • to respond to your requests
  • to personalize your access to our website, for example, by telling you about new features that may be of interest to you, or to the extent you set up a Medtronic account, to allow you to properly use that account.
  • to develop records, including records of your personal information
  • to contact you with information that might be of interest to you, including, to the extent permitted by law, information about clinical trials and educational and marketing communications about products and services of ours and of others
  • for analytical purposes and to research, develop and improve programs, products, services and content
  • for U.S. healthcare providers, to link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit, for compliance, marketing, and sales activities
  • to remove your personal identifiers (your name, e-mail address, social security number, etc.). In this case, you would no longer be identified as a single unique individual. We use the HIPAA Safe Harbor method or the HIPAA Expert Determination method to de-identify protected health information regulated under HIPAA. Once we have de-identified information, it is non-personal information and we may treat it like other non-personal information.
  • to enforce this Privacy Statement and other rules about your use of this website
  • to protect someone's health, safety or welfare
  • to protect our rights or property
  • to comply with a law or regulation, court order or other legal process

DOES MEDTRONIC EVER SHARE PERSONAL INFORMATION WITH THIRD PARTIES?

Medtronic will not share your personal information collected from this website with an unrelated third-party without your permission, except as otherwise provided in this Privacy Statement.

In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. For example, we may use different vendors or suppliers to ship you products that you order on our website. In these cases, we provide the vendor with information to process your order such as your name and mailing address. In cases in which we share your personal information with a third party vendor, we will not authorize them to keep, disclose or use your information with others except for the purpose of providing the services we asked them to provide.

We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting website visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).

We may disclose your personal information to third parties if we feel that the disclosure is necessary to:

  • enforce this Privacy Statement and the other rules about your use of this website
  • protect our rights or property
  • protect someone's health, safety or welfare
  • fulfill obligations relating to a corporate sale, merger, dissolution, or acquisition
  • comply with a law or regulation, court order or other legal process

Please note: In addition to the ways that we may keep, disclose, and use information described in this Privacy Statement, we also may keep, disclose, and use personal information in ways that we believe are consistent with FDA and other governmental guidance, directions, regulations, and laws, including HIPAA, where applicable.

COLLECTING ONLINE INFORMATION

If you visit our website to read or download information, such as information about a health condition or about one of our products, we may collect certain information about you from your computer or mobile device. This information may include:

  • The name of the domain from which you access the Internet
  • The Internet Protocol address (“IP Address”) of the device you are using
  • The type of browser and operating system you are using
  • The date and time you access our website
  • The internet address of the site from which you linked directly to our website
  • Which pages you have visited on our website (note: U.S. healthcare providers, please see the 'uses of personal information' described below)
  • The search terms you use
  • The links on which you click

Cookies: We also may collect this information through cookies, pixels, web beacons, and similar technologies (“cookies”), that work through placing a small file (like a text file or graphic) in your browser files. Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You are free to decline our cookies if your browser permits, but some parts of our website may not work properly for you if you do so. Medtronic may use third-party tracking, advertising, and content providers to act on our behalf to track and analyze your usage of our sites and to enable certain essential website functions, such as navigation. These companies protect that data in accordance with their privacy policies. These third parties may collect, and share with us, as we may request, website usage information about visits to our sites, measure and research the effectiveness of our advertisements, and track page usage and paths followed during visits through our sites. Also, these third-party providers may place our Internet banner advertisements on other sites that you visit, and track use of our Internet banner advertisements and other links from our marketing partners' sites to our sites. To the extent the information collected on Medtronic’s behalf by these third parties contains any personally identifiable information, we will protect it in accordance with this Privacy Statement. Please refer to your browser Help instructions to learn more about managing cookies. And see below for an explanation how to opt out of our use of cookies.

CHOICES ABOUT COOKIES AND OPT-OUT OPTIONS

For more information on third-party advertising-related cookies and how to opt out of some cookies as you choose, see the descriptions and links below.

Click here to visit the Network Advertising Initiative site to set preferences and opt out of third-party targeting cookies.

Visit aboutads.info and allaboutcookies.org to find general information and opt-out.

WHAT DOES MEDTRONIC DO WITH NON-PERSONAL INFORMATION?

Non-personal information is information that cannot identify you or be tied to you. We are always looking for ways to better serve you and improve this website. We will use non-personal information from you to help us make this website more useful. We also will use non-personal information for other business purposes. For example, we may use non-personal information or aggregate non-personal information to:

  • create reports for internal use to develop programs, products, services or content
  • customize the information or services that are of interest to you
  • share it with or sell it to third parties
  • provide aggregated information on how visitors use our site, such as 'traffic statistics' and 'response rates,' to third parties

HOW DOES MEDTRONIC USE AND PROTECT MY ACCOUNT INFORMATION? (ONLY APPLICABLE ON WEBPAGES OFFERING USER ACCOUNT LOGINS)

Certain of our webpages permit you to create a user account and login to that account. The information in this section applies to those webpages:

Viewing/Editing Personal Information: You may change the information you have provided by logging into your account and editing the information. If you are the patient, your personal information will be viewable by all persons you have invited and registered on your account (e.g., Friends and Family Members). If you are registered on a patient’s account, your personal information will be viewable by the patient as well as others registered on that account.

Storage of Personal Information: Medtronic may store your personal information on servers in countries where Medtronic operates, including (a) server(s) located in the United States of America. If you choose to close your account, we will maintain copies of your information in our internal records, systems, and databases, in accordance with our data retention schedules. We will continue to treat your personal information in accordance with this Privacy Statement.

Protecting Personal Information: We take security seriously and take a number of steps to protect your personal information. You also play a big part in protecting the privacy of your personal information. When you create an account, we ask you to select a password that is unique to you. To protect your personal information from unwanted disclosure, you should not give your password to anyone with whom you would not share your personal information. Our website may also log you out after a period of inactivity and require you to log in again. When you are ready to leave this website, always “log off” and close your browser to help protect the confidentiality of your information.

Use of Personal Information. Given the scope and variety of Medtronic online services that allow the creation of online user accounts, Medtronic will use your personal information for purposes related to the nature of the account and to why the account was established. These uses could include but are not limited to: (1) account creation, management, and security; (2) password restoration and renewal; and (3) account usage. Your use of any such accounts, and Medtronic’s ability to use your personal information, is additionally subject to the terms and conditions accessible through the account login page.

WHAT HAPPENS IF THE PRIVACY STATEMENT CHANGES?

If we decide to make a significant change to our Privacy Statement, we will post a notice on the homepage of our website for a period of time after the change is made. Significant changes are also described below.

Recent revisions to the Privacy Statement:

This Privacy Statement was last reviewed on July 1, 2023. Our last significant revision occurred on January 15, 2022. You can read the previous version of our Privacy Statement here

WHAT ABOUT PRIVACY ON OTHER WEB SITES?

This website may contain links to other websites. Some of those websites may be operated by Medtronic, and some may be operated by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. This Privacy Statement does not apply to any other website, even the other Medtronic websites. We are not responsible for the performance of websites operated by third parties or for your business dealings with them. Therefore, whenever you leave this website, we recommend that you review each website’s privacy practices and make your own conclusions regarding the adequacy of these practices.

DOES MEDTRONIC EVER COMMUNICATE DIRECTLY WITH VISITORS TO THIS WEBSITE?

We may contact you periodically by e-mail, mail, telephone, or text if you agree to that contact to provide information regarding programs, products, services and content that may be of interest to you. In addition, some of the features on this website allow you to communicate with us using an online form. If your communication requests a response from us, we will send you a response via e-mail. The e-mail response or confirmation may include your personal information, including personal information about your health, your name, address, etc.

ARE THERE SPECIAL RULES ABOUT CHILDREN'S PRIVACY?

We care about protecting the online privacy of children. We will not intentionally collect any personal information (such as a child's name or e-mail address) from children under the age of 13. If you think that we have collected personal information from a child under the age of 13, please contact us.

WHAT ABOUT WEBSITE SECURITY?

Security is very important to us. We also understand that security is important to you. We have implemented security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. While we have implemented security measures, please keep in mind that “perfect security” does not exist on the Internet or elsewhere and no transmission of information is guaranteed to be completely secure. In particular, e-mail sent to or from this site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

HOW TO CONTACT MEDTRONIC

If you have questions or comments about this Privacy Statement, please contact us here.

U.S. SUPPLEMENTAL PRIVACY NOTICES

CALIFORNIA 'DO NOT TRACK' DISCLOSURES

California law (CalOPPA) requires Medtronic, plc to let you know how we respond to web browser 'Do Not Track (DNT) signals'. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

STATE PRIVACY LAW TRANSPARENCY

This notice describes our data practices under various state data privacy laws, including the California Privacy Rights Act and similar legislation, such as laws in Colorado, Connecticut, Utah, and Virginia. Unless otherwise noted, this notice does not describe our data practices where personal information is regulated by the federal Health Insurance Portability and Accountability Act of 1996, as regulated and amended (HIPAA), or state laws relating only to data governed by that Act. Other disclosures, such as Notices of Privacy Practices, may apply in those cases.

Categories of Personal Information We Collect

Medtronic collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular device, consumer, or household (“personal information”). We may have collected the following categories of personal information from consumers through our websites, apps, services, devices, or other services within the twelve (12) months preceding the effective date of this Privacy Statement:

  • Identifiers such as
    • Name
    • Address
    • Unique personal identifier (e.g., device ID, online identifier)
    • Internet Protocol address
    • Email address
    • Telephone number
    • Account name
    • Social security number
    • Driver’s license number, or
    • Other similar identifiers
  • Characteristics of protected classifications under California/federal law (e.g., age, race, sex, medical condition, etc.)
  • Medical information
  • Health insurance information
  • Financial information, including credit card numbers
  • Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
  • Commercial information (e.g., purchase history)
  • Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
  • Professional, employment-related, or other similar information

“Personal information” under these state laws does not include information that is

  • publicly available from government records,
  • de-identified or aggregated consumer information,
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, or
  • certain personal or financial information covered under certain sector-specific privacy laws.

For additional information, please see How Does Medtronic Keep and Use Personal Information.

Categories of Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from consumers’ interactions with us, including with our devices, applications, websites, services, and representatives
  • Publicly available sources
  • Customers, including health care providers and insurance providers
  • Organizations with whom we partner to provide services to consumers

Use or Disclosure of Personal Information

In the past 12 months, we have used or disclosed the personal information we collect for our operational purposes and for one or more of the following business purposes:

  • To provide products and services to consumers
  • To respond to consumer requests
  • To improve and personalize consumer access to and experience on our website, for example, by telling consumers about new features, products, or services that may be of interest to them
  • To develop records, including records of consumers’ personal information
  • To contact consumers with information that might be of interest to them, including, to the extent permitted by law, information about clinical trials and educational and marketing communications about products and services of ours and of others
  • For analytical purposes and to research, develop, and improve programs, products, services and content
  • For activities to monitor and maintain the quality or safety of our products and services
  • For activities described to consumers when collecting their personal information or as otherwise permitted under applicable state privacy laws
  • For U.S. healthcare providers, to link name, National Provider Identifier (NPI), state license number, and/or IP address to web pages they visit, for compliance, marketing, and sales activities
  • To conduct audits and perform troubleshooting activities of our websites, products, and services
  • To detect and protect against security incidents and deceptive, malicious, or fraudulent activity
  • To ensure our website, products, apps, and services function as intended, including debugging and repairing
  • To comply with a law or regulation, court order or other legal process

Please see How does Medtronic Keep and Use Personal Information in our Privacy Statement for more information.

How We Share Personal Information

Medtronic will not share consumers’ personal information with an unrelated third party without permission, except as described below. Medtronic may share personal information with any member of our corporate group, including parent companies, subsidiaries, and affiliates, and other companies in which we have an ownership or economic interest for purposes that are consistent with those identified in our Privacy Statement and this Notice. Medtronic may share or transfer personal information as part of a transaction, such as a merger or acquisition, under which a third party acquires or full or partial ownership of a Medtronic affiliate, subsidiary, or business. In the ordinary course of business, we will share some personal information with companies, such as service providers, that we hire to perform services or functions on our behalf. Some companies performing services on our behalf may collect personal information for us. In all cases in which we share consumers’ personal information with a third party vendor, we require them to keep personal information confidential, and will only allow them to keep, disclose, or use consumers’ information to provide the services we asked them to provide. We may be required to release consumers’ personal information in response to a court order, subpoena, search warrant, law, or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting users who violate our rules or engage in behavior which is harmful to other users or illegal. In addition, we may keep, disclose, and use consumers’ personal information in order to comply with U.S. FDA and other governmental guidance, directions, regulations, and laws. Personal information collected from SMS programs will not be shared with third-parties, including for their marketing purposes.

De-Identification of Protected Health Information

In certain instances, we collect Protected Heath Information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We may de-identify such information, meaning that you would no longer be identified as a single unique individual. We use the HIPAA Safe Harbor method or the HIPAA Expert Determination method described in 45 C.F.R. § 164.514 to de-identify protected health information regulated under HIPAA. Once we have de-identified information, it is no longer personal information and we may treat it like other non-personal information. We may sell or disclose deidentified patient information consistent with our responsibilities under HIPAA. Entities to whom we disclose de-identified information are prohibited from re-identifying or attempting to re-identify it. Anyone with whom we contract who receives any de-identified data derived from Protected Health Information is prohibited by law from attempting to re-identify that data.

Sales and Sharing of Personal Information

We do not sell personal information of U.S. consumers, including on minors.

This does not include disclosures that are not a “sale” under applicable state privacy laws, including when

  • consumers instruct us to disclose their personal information,
  • a consumer instructs us to interact with a third party that does not sell that information,
  • we use or share consumers’ personal information pursuant to a written contract with a service provider that is necessary to perform a business purpose, where our contract prevents the provider from using, keeping, or disclosing consumers’ personal information for any purpose other than the reason supplied in the contract, or
  • consumers’ personal information is transferred as part of a transaction in which the third party assumes control of all or part of our business.

Medtronic does not disclose your data to data brokers or release it to unrelated third parties for their own direct marketing purposes.

In some cases, Medtronic uses cookies, scripts, and similar technologies on its websites to provide the website’s basic functionality, enhanced functionality and content, audience and technical analytics, impression management, and marketing. Some of these functionalities and technologies may be provided by third parties, who may be receiving data about you (including your household, device, browser, or profile) and your interactions with Medtronic websites independently. This data may include your IP address, time of access, browser or network identifiers, domains, sites, or pages visited, time spent on site, interactions with site content like downloads and video plays, volunteered information like your name and contact information, your rough location, other technical information, and other information from cookies.

To give you control over what information you share with Medtronic and others about your activity on Medtronic websites, including for opting out of activity that may be classified as “Sharing”, “cross-contextual behavioral advertising”, audience “profiling”, or similar terms under applicable law, you will be presented with a website privacy preference management prompt where you can choose to turn on or off of these technologies based on their purpose, such as analytics, marketing, and site functionality.

For more information on cookies and how to opt out of some cookies as you choose, see our Cookie Policy and our cookie preferences link on applicable webpages.

Rights under State Privacy Laws

While these rights vary depending on where you are, you may have some or all of the following rights:

  • Know: you may have a right to know of or confirm the existence of your personal data, any processing we do with it, and review our practices of data collection and processing, such as knowing what categories of personal data we process, our purposes of processing, and categories of party to whom we disclose.
  • Access and portability: you may have a right to access your personal data, accessing specific pieces of information, and knowing to which third parties your data was disclosed. You may have a right to obtain a copy of your data, including in a machine-readable format.
  • Correction: you may have a right to correct or amend your data if it is incomplete, inaccurate, or outdated.
  • Deletion or elimination: you may have a right to request your personal data be deleted or eliminated. Subject to applicable law, we may deidentify this data in certain circumstances.
  • Restriction: you may have a right to restrict processing of your data in some circumstances, such as if processing is excessive or unlawful, the accuracy of the data is contested, the controller no longer needs the data for its primary processing purposes but is needed for legal or compliance purposes, or if (in California) the data is sensitive personal data like health information and it is being used for purposes beyond those reasonably necessary to perform services or provide goods requested.
  • Objection and opt-out: you may have a right to object to or opt-out of processing of your data in certain circumstances, including in cases where that data is used for direct marketing (including email or telephonic marketing), shared with third parties for their own marketing or for retargeted/cross-contextual marketing, sold to third parties, used to make certain decisions or profiles about you by automated or artificial means, used for historical or scientific research, or used to place automated/prerecorded voice telephonic messages to you in some cases.
  • Consent: you may have a right to consent, and to withhold or withdraw that consent, for some practices, including processing of sensitive personal data or data on children, or where we use consent as our lawful basis for processing or transfer. If you withdraw consent, we will not further collect or process the personal data covered by that consent unless allowed or required by applicable law.
  • Non-discrimination: you will not be discriminated against for your exercise of your rights. This does not necessarily include, depending on applicable law in your jurisdiction, cases where a difference in price or services offered is reasonably related to the value provided by your data, or where you consent to participate in a voluntary loyalty or similar incentive program.
  • Appeal internally: you may have a right to appeal a decision we make about the exercise of your rights within Medtronic. To submit an appeal to a decision we made about the exercise of your rights, you may use the options noted below or send an email to rs.globaldataprivacyoffice@medtronic.com. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.
  • Complain externally: you may have a right to complain to a regulator, including a Data Protection or Supervisory Authority, a trade standards authority, or a public advocate (such as a state attorney general), if you are not satisfied with our response to your request, such as not having responded to you within a reasonable time or you disagree with our determination, or have concerns about our data practices. If you ask us, we will try to provide you with information about complaint pathways that may be open to you depending on your location and circumstances.

Submitting a Request or Inquiry

For US data subject rights requests contact us via email at rs.globaldataprivacyoffice@medtronic.com or call us at our toll-free number 866-639-6907.

Your request will be confirmed within ten days of receipt and we will respond within 45 days, unless shorter periods are required by law. If we need more than 45 days, we will notify you that your request is being delayed.

We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. In the process of verifying your request, we may contact you to ask for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose. Once we have received and verified the requested information from you, we will contact you with our response to your request, including any data, if applicable. If we do not hear from you or are unable to verify your identity for the request, we will contact you to inform you that we cannot process your request because we cannot verify your identity.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.