Privacy policy
Effective Date: May 1, 2024
This Privacy Notice describes how ITB-MED AB and ITB-MED LLC (collectively, “ITB-MED”) collect, use, share, and protect personal data gathered through the ITB-MED website (the “Website”).
In some cases, ITB-MED may issue more specific privacy notices for some products, services, or geographies, and you will be informed of these notices, if they apply.
This Privacy Notice does not pertain to ITB-MED clinical trials or to ITB-MED employees and job applicants.
- If you are a clinical trial participant, the institution providing you with healthcare will provide you with the proper privacy notice. If you have any questions, please reach out to privacy@itb-med.com.
- If you are a job applicant, you can find the appropriate privacy notice here: Job Applicant Privacy Information.
- If you are an employee, please contact privacy@itb-med.com or Human Resources for a copy of your privacy notice.
If you are a European resident looking for information on where and how your personal data is transferred outside of the European Union, please review the section below entitled “International Data Transfers.”
Who We Are
ITB-MED is a pharmaceutical company with headquarters in New York, New York and Stockholm, Sweden. ITB-MED serves as the data controller (the entity responsible for processing your personal data) for this Website.
ITB-MED’s Use of Personal data
ITB-MED may collect, process, store, and share your personal data throughout the course of our relationship with you. The types of personal data we collect and the ways we use, store, and share that information depend on the nature and circumstances of our relationship with you.
Personal data We Collect
- Identifiers such as your name, email addresses, or other addresses or numbers at which you can receive communications, and your online or device identifiers, including your IP address.
- Internet or other electronic network and device activity such as information about your interactions with our websites, including data from cookies.
- Contents of Communications that you submit via the “Contact Us” page, which may include data about your location, if you provide it.
How We Collect Personal data
- Information may be collected when you submit it to the Website or interact with us (e.g., when you submit a request for information or submit a request for ITB-MED to contact you).
- From the devices you use to access the Website, which may provide information to us, including the model, operating system and version, the name of the domain from which you access the Internet, your Internet Protocol (“IP”) address, and other unique device identifiers.
- From our vendors and service providers, such as our web hosting providers, who may provide us with information about you or your use of the Website.
How We Use Personal data
ITB-MED may use the personal data we collect for the purposes described below:
- To provide customer service and respond to inquiries.
- To monitor the safety and efficacy of ITB-MED products, and to protect your health, security, or welfare.
- To operate, maintain, and improve the Website.
- To maintain the rights, safety, and security of ITB-MED, the Website, our products, databases, and other technology assets.
- To detect, prevent, or otherwise address fraud, security, or technical issues.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred.
- To respond to law enforcement requests and as required by applicable law, court or other lawful order, or governmental regulations, including our transparency reporting obligations.
- As otherwise described to you at the time your personal data is collected, or with your consent.
How We Share Personal data
ITB-MED may share your personal data with third parties for the following purposes:
- With service providers who perform a variety of services and functions for us, such as data storage, financial, regulatory, safety and legal services. Your information will only be shared subject to an agreement with ITB-MED that permits the service provider to use your information only to provide the agreed services on our behalf.
- With our affiliates and subsidiaries who may use the personal data for the purposes described in this Privacy Notice.
- With a business transition partner in the event we go through a business transition such as a merger, acquisition by another company, bankruptcy, reorganization, or sale of all or a portion of ITB-MED’s assets.
- With law enforcement or governmental agencies to comply with a court order, law, or legal process, including to respond to any government or regulatory request,
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ITB-MED, our customers, or others.
Cookies & reCAPTCHA
Cookies are text files stored on our Website’s servers and your web browser and are used by the Website to remember you for various purposes.
Like other websites and companies, ITB-MED uses cookies to help keep the Website stable, secure, and free of interruption. These cookies are essential to the proper functioning of our Website and cannot be disabled. The cookies are configured to collect the minimum amount of data necessary to achieve their limited purpose and are configured to only collect and use data for those purposes.
We use the “reCAPTCHA” service from Google to protect the information that you provide on our Website. With this service, we can differentiate between information entered into a form by a human and information entered by an automated machine (“bot”). The information obtained via the reCAPTCHA service is used in accordance with Google’s Usage Terms and Conditions: https://policies.google.com/privacy
Things We Don’t Do: Selling or Sharing Personal data, Processing Sensitive Information, or Profiling
ITB-MED does not sell personal data for monetary or other valuable consideration. We also do not share personal data for behavioral advertising purposes, including cross-context behavioral advertising. We do not use sensitive personal data for inferring characteristics about individuals. ITB-MED does not use automated processing of personal data for profiling purposes.
Links to Third Party Sites
The Website may provide links to other web sites or resources over which ITB-MED does not have control (“External Web Sites”). Such links do not constitute an endorsement by ITB-MED of those External Web Sites. ITB-MED is providing these links to you only as a convenience, and ITB-MED is not responsible for the content of such External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on those External Web Sites. We encourage you to read the privacy policy of any web site that you visit before you provide any information to the operator of that web site.
Legal Basis for Processing
ITB-MED will only process (i.e., use) your personal data when the law allows us to, that is, when we have a legal basis for processing.
We use your personal data in the following circumstances:
- Legal or regulatory obligation: where needed to comply with a legal or regulatory obligation that we are subject to.
- Legitimate interests: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
- Consent: where you provided your knowing and voluntary consent to processing your personal data.
- Public interests: where the processing is necessary to ensure high standards of quality and safety in healthcare and medical devices.
Where ITB-MED processes your personal data for our legitimate interests, we do not use your personal data for activities where the impact to your interests overrides our interests.
Where processing is based on consent, you have the right to withdraw your consent at any time without penalty. When you withdraw your consent, we will stop the data processing.
Purpose Limitation and Data Integrity
ITB-MED will only process personal data in a way that is compatible with and relevant to the purpose for which it was collected or authorized by you, or as we notify you if these purposes change. You have the right to object to or request that we restrict the processing of your personal data for such additional or new purposes. ITB-MED will take reasonable steps to ensure that personal data is accurate, complete, current, secure, and reliable for its intended use.
Data Retention Period
ITB-MED will keep your personal data for as long as is reasonably necessary for the purpose of the processing or as otherwise required by law.
Security
ITB-MED will take reasonable steps to ensure that personal data is accurate, complete, current, secure, and reliable for its intended uses. We employ procedural and technological security measures that are designed to protect your personal data from loss, unauthorized access, disclosure, alteration, or destruction. However, please remember that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Your Privacy Rights
Some privacy laws provide certain rights to individuals regarding their privacy and their personal data. ITB-MED respects your rights concerning your personal data.
In accordance with applicable laws, you may have the right to:
- Request information about the entities with which ITB-MED has shared your personal data.
- Request access to or receive a copy of your personal data.
- Request correction of inaccurate, incomplete, or out-of-date personal data.
- Object to or withdraw your consent of ITB-MED’s processing of your personal data.
- Request the anonymization or deletion of your personal data.
Exercising Your Rights
You may, without charge, request to exercise any of your rights at any time by emailing us at privacy(at)itb-med.com.
To protect you and your personal data, requests must:
- Provide sufficient information for us to reasonably verify you are the person or an authorized representative of the person whose personal data is the subject of the request; and
- Describe your request with sufficient detail for us to properly understand, evaluate, and respond to it.
If you use an authorized agent to submit a request on your behalf, we may verify both your and your agent’s identities as well as documentation authorizing your agent to act on your behalf. We will only use personal data collected during the verification process to verify your identity or your agent’s authority to make the request on your behalf.
Non-Discrimination
ITB-MED does not discriminate against individuals who exercise their rights under applicable law.
International Data Transfers
At times, your personal data may be transferred to other ITB-MED affiliates, service providers, or systems in countries that may not offer a level of data protection equivalent to that in your country, including the United States. Where such transfers occur, ITB-MED complies with the cross-border data transfer and export control laws of the countries in which it operates.
ITB-MED complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. ITB-MED has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. The Federal Trade Commission has jurisdiction over ITB-MED’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ITB-MED commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact ITB-MED at: privacy@itb-med.com.
Furthermore, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, ITB-MED commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or visit https://www.jamsadr.com/file-a-dpf-claim to file a complaint. The services of JAMS are provided at no cost to you.
In certain circumstances, you may have the right to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information, please review Annex I of the DPF Principles, available here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
Where ITB-MED transfers your personal data to a vendor or third party, ITB-MED ensures that the vendor or third party handles and protects your personal data in compliance with the DPF and this Privacy Notice. ITB-MED remains responsible and liable under the Data Privacy Framework Principles if a third party that we engage to process personal data on our behalf does so in a manner inconsistent with the Principles, unless ITB-MED proves that it is not responsible for the event giving rise to the damage.
When contracting with a vendor or third-party that does not participate in the EU-US Data Privacy Framework, ITB-MED enters the European Commission’s Standard Contractual Clauses to ensure compliance with the requirements on transfers of personal data outside of the EEA. Where necessary, ITB-MED will take appropriate supplementary measures to ensure an essentially equivalent level of data protection to that guaranteed in the EEA, in accordance with European Data Protection Board (“EDPB”) recommendations and in compliance with the EU-US Data Privacy Principles.
Children’s Privacy
This Website is not intended for children under the age of 18. ITB-MED does not knowingly collect personal data via this Website from children under the age of 18. If ITB-MED becomes aware that we inadvertently collected such information, we will promptly delete and/or destroy it upon being made aware of the collection.
Privacy Notice Updates
ITB-MED may need to update this Privacy Notice on occasion. If we update this Privacy Notice, we will post the updated Privacy Notice on our Website and update the effective date. We encourage you to regularly visit this Privacy Notice to ensure that you are aware of our current practices with respect to your personal data.
Questions & Contacting the Data Protection Officer
If you have any questions regarding this Privacy Notice, please contact our Data Protection Officer (DPO) via email at privacy(at)itb-med.com.
You may lodge a complaint with the appropriate Data Protection Authority for your jurisdiction if you have concerns about our practices regarding the processing of personal data. If you are in the European Economic Area, you can find your Data Protection Authority here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm