State Specific Privacy Notices

CALIFORNIA

Supplemental Privacy Notice for California Residents

This notice for California residents supplements the information contained in our Privacy Statement and applies solely to residents of the State of California. We adopt this Supplemental Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Supplemental Notice. Under the California Consumer Privacy Act (“CCPA”), you have certain rights in relation to some of your personal data, including the right to certain disclosures and explanations of rights. This section explains your rights under California law.

CALIFORNIA 'DO NOT TRACK' DISCLOSURES

California law (CalOPPA) requires Medtronic, plc to let you know how we respond to web browser 'Do Not Track (DNT) signals'. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

CALIFORNIA CONSUMER PRIVACY ACT OF 2018

Categories of Personal Information We Collect

Medtronic collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“personal information”). We may have collected the following categories of personal information from consumers through our websites, apps, services, devices, or other services within the twelve (12) months preceding the effective date of this Privacy Statement:

Personal Information Category

  • Identifiers such as
    • Name
    • Address
    • Unique personal identifier (e.g., device ID, online identifier)
    • Internet Protocol address
    • Email address
    • Account name
    • Social security number
    • Driver’s license number, or
    • Other similar identifiers
  • Characteristics of protected classifications under California/federal law (e.g., age, race, sex, medical condition, etc.)
  • Medical information
  • Health insurance information
  • Financial information, including credit card numbers
  • Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
  • Commercial information (e.g., purchase history)
  • Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
  • Professional, employment-related, or other similar information

“Personal information” under the California Consumer Privacy Act does not include information that is

  • publicly available from government records,
  • de-identified or aggregated consumer information,
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, or
  • certain personal or financial information covered under certain sector-specific privacy laws.

For additional information, please see How Does Medtronic Keep and Use Personal Information.

Categories of Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from consumers’ interactions with us, including with our devices, applications, websites, services, and representatives
  • Publicly available sources
  • Customers, including health care providers and insurance providers
  • Organizations with whom we partner to provide services to consumers

Use or Disclosure of Personal Information

In the past 12 months, we have used or disclosed the personal information we collect for our operational purposes and for one or more of the following business purposes:

  • To provide products and services to consumers
  • To respond to consumer requests
  • To improve and personalize consumer access to and experience on our website, for example, by telling consumers about new features, products, or services that may be of interest to them
  • To develop records, including records of consumers’ personal information
  • To contact consumers with information that might be of interest to them, including information about clinical trials and about products and services of ours and of others
  • For analytical purposes and to research, develop, and improve programs, products, services and content
  • For activities to monitor and maintain the quality or safety of our products and services
  • For activities described to consumers when collecting their personal information or as otherwise permitted under CCPA
  • For U.S. healthcare providers, to link name, National Provider Identifier (NPI), state license number, and/or IP address to web pages they visit, for compliance, marketing, and sales activities
  • To conduct audits and perform troubleshooting activities of our websites, products, and services
  • To detect and protect against security incidents and deceptive, malicious, or fraudulent activity
  • To ensure our website, products, apps, and services function as intended, including debugging and repairing
  • To comply with a law or regulation, court order or other legal process

Please see How does Medtronic Keep and Use Personal Information in our Privacy Statement for more information.

How We Share Personal Information

Medtronic will not share consumers’ personal information with an unrelated third party without permission, except as described below. Medtronic may share personal information with any member of our corporate group, including parent companies, subsidiaries, and affiliates, and other companies in which we have an ownership or economic interest for purposes that are consistent with those identified in our Privacy Statement and this Notice.

In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. In all cases in which we share consumers’ personal information with a third party, we will only allow them to keep, disclose, or use consumers’ information to provide the services we asked them to provide.

We may be required to release consumers’ personal information in response to a court order, subpoena, search warrant, law, or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting users who violate our rules or engage in behavior which is harmful to other users or illegal. In addition, we may keep, disclose, and use consumers’ personal information in order to comply with U.S. FDA and other governmental guidance, directions, regulations, and laws.

Categories of Personal Information We Sell

We do not sell personal information of California consumers.

This does not include disclosures that are not a “sale” under the CCPA, including when

  • consumers instruct us to disclose their personal information,
  • a consumer instructs us to interact with a third party that does not sell that information,
  • we use or share consumers’ personal information pursuant to a written contract with a service provider that is necessary to perform a business purpose, where our contract prevents the provider from using, keeping, or disclosing consumers’ personal information for any purpose other than the reason supplied in the contract, or
  • consumers’ personal information is transferred as part of a transaction in which the third party assumes control of all or part of our business.

Personal Information on Minors

We do not sell personal information of California consumers, including minors.

Rights under California Law

  1. Right to Access. If you are a California consumer, you have the right to ask us to send you the following information up to two times in a twelve-month period:
    • The categories of personal data we have collected about you.
    • The categories of sources from which we collected the personal data.
    • Our business or commercial purpose for collecting personal data.
    • The categories of third parties with whom we share personal data.
    • What categories of personal data we disclose about you for business purposes.
    • What categories of personal data we sell or exchange for consideration about you.
    • The specific pieces of personal information we have collected about you.
  2. Right to Delete. If you are a California consumer, you have the right to ask us to delete the personal data about you we have collected. We may deny the request if the information is necessary to:
    • complete a transaction, including providing a requested or reasonably anticipated good or service, or fulfill a contract between the consumer and Medtronic;
    • detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity, or take against those responsible for such activity;
    • debug to identify and repair errors impairing intended functionality;
    • exercise free speech or another right provided for by law;
    • comply with the California Electronic Communications Privacy Act;
    • engage in research in the public interest adhering to applicable ethics and privacy laws where the consumer has provided informed consent;
    • enable solely internal uses reasonably aligned with the consumer’s expectations based on the consumer’s relationship with Medtronic;
    • comply with a legal obligation; or
    • otherwise use the information internally in a lawful manner compatible with the context in which the consumer provided the information.
  3. Right to Opt-out. If a business sells personal information to third parties, California consumers have the right, at any time, to opt out of the sale or disclosure of their personal information to third parties. Medtronic does not sell personal information to third parties.

Right to non-discrimination. The CCPA grants California consumers the right not to be discriminated against for exercising your privacy rights. If you exercise your privacy rights, we will not discriminate against you, for example, by denying you access to our online services or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.

Submitting a Request or Inquiry

If you are a California resident and you want to submit a request or inquiry to us regarding your California rights, you or your authorized agent can contact us here or call us at 1-866-639-6907 starting January 1, 2020. You do not have to create an account with us to submit a request.

Your request will be confirmed within ten days of receipt and we will respond within 45 days. If we need more than 45 days, we will notify you that your request is being delayed.

We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. We may ask for additional information that will help us do so. We will only use that additional information in the verification process, and not for any other purpose.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.