Privacy Policy

This Privacy Policy describes the policies of Arthrex Grand Rapids, in the state of Michigan in the United States of America, on the collection, use, and disclosure of the information that we collect when you use our website (https://arthrex-grandrapids.com). (the “Service”). By accessing or using the Service, you are consenting to the collection, use, and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service. We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will become effective when posted in the Service, and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. We, therefore, recommend that you periodically review this page.

Information We Collect

We will collect and process the following personal information about you:

  • Name
  • Email

How We Collect Your Information

We collect information received from you in the following manner:

  • When you fill out the registration form or otherwise submit personal information
  • When you interact with the website.
  • From public sources provided by you.

How We Use Your Information

We will use the information that we collect about you for the following purposes:

  • Creating user account
  • Manage customer order

If we want to use your information for any other purpose, we will ask you for consent and will use your information only upon receiving your consent and then only for the purpose(s) for which you grant consent unless we are required to do otherwise by law.

How We Share Your Information

We will not transfer your personal information to any third party without seeking your consent, except in limited circumstances as described below:

  • Analytics

We require such third parties to use the personal information we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.

We may also disclose your personal information for the following:

  1. to comply with applicable law, regulation, court order, or other legal processes;
  2. to enforce your agreements with us, including this Privacy Policy, or
  3. to respond to claims that your use of the Service violates any third-party rights. If the Service or our company is merged or acquired with another company, your information will be one of the assets transferred to the new owner.

Retention Of Your Information

We will retain your personal information with us for 90 days to 2 years after user accounts remain idle or for as long as we need it to fulfill the purposes for which it was collected, as detailed in this Privacy Policy. We may need to retain certain information for longer periods, such as record-keeping / reporting in accordance with applicable law or for other legitimate reasons like enforcement of legal rights, fraud prevention, etc. Residual anonymous information and aggregate information, neither of which identifies you (directly or indirectly), may be stored indefinitely.

Your Rights

Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can by contacting us. We will respond to your request in accordance with applicable law.

You may opt out of direct marketing communications or the profiling we carry out for marketing purposes by contacting us.

Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

Cookies Etc.

To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie Policy.

Security

The security of your information is important to us, and we will use reasonable security measures to prevent the loss, misuse, or unauthorized alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security, and consequently, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.

Third-Party Links & Use Of Your Information

Our Service may contain links to other websites that are not operated by us. This Privacy Policy does not address the privacy policy and other practices of any third parties, including any third party operating any website or service that may be accessible via a link on the Service. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Grievance / Data Protection Officer

If you have any queries or concerns about the processing of your information that is available with us, you may contact our Grievance Officer at Arthrex Grand Rapids. We will address your concerns in accordance with applicable law.

Arthrex, Inc., along with its subsidiaries and affiliates (together “Arthrex”), is strongly committed to maintaining the privacy of users of our website(s) and associated products and services (collectively, the “Site”).

This Privacy Notice describes the practices that Arthrex follows regarding the collection, use, storage, and disclosure of personally identifying information (“Personal Data”) we collect or receive from individuals, such as health care professionals, job applicants, employees, agents, consultants, contractors, vendors, service providers, business associates, and other users of our Site (each a “User”) in connection with use of this Site.

This Site presents the products and services of Arthrex and its international corporate affiliates (each a “Local Arthrex Company”). Therefore, the Site may provide different settings with respect to your language and country and different subpages describing the products and services of different Local Arthrex Companies (each a “Local Subsite”).

This Site and all Local Subsites are exclusively operated and controlled by Arthrex, and Arthrex is the sole controller of Personal Data collected through this Site and all Local Subsites. However, when accessing this Site and any Local Subsite, you should be aware that:

  1. Special rules and procedures may apply to your Personal Data based on your country of origin. The rules and procedures applicable to users from particular jurisdictions are outlined in Local Addendums to this Privacy Notice. The rules and procedures described in Local Addendums may override some or all of the rules and procedures described in the main body of this Privacy Notice. You should be aware that some or all of the information in the main body of this Privacy Notice may not apply to you.
  2. Arthrex will share personal data collected through the Site with the local Arthrex company that operates in or for your country of origin. You can find more information in the “How we share and disclose Personal Data” section.

Arthrex takes User information seriously, and we want anyone who submits Personal Data to Arthrex to be comfortable with our policies. When registering or submitting Personal Data to our Site or providing Personal Data to Arthrex by any means in connection with this Site, you should be aware of the practices described in this Privacy Notice. If you have any questions about this Privacy Notice or your use of our Site, don’t hesitate to contact privacy@arthrex.com.

Arthrex periodically evaluates its privacy policies and procedures to implement improvements and refinements. Therefore, to the extent permitted by applicable laws, Arthrex reserves the right to modify or amend this Privacy Notice at any time and for any reason. When this Privacy Notice is amended, Arthrex will revise the “last updated” date at the bottom of this Privacy Notice.

Arthrex, Inc.

1370 Creekside Blvd.

Naples, Florida 34108

How We Collect Information

Arthrex collects information that is voluntarily provided to us by Users via our Site. Our Site aims to establish business connections with Users and provide information about Arthrex products and services to facilitate treatment, medical research, and product improvement. Information may include your name, contact data, email address, street address, and telephone number so that we may enhance your Site visit or follow up with you after your visit. If you are a healthcare professional, we may gather additional information about your field of expertise as part of the registration process and your ongoing use of the Site.

Cookies and Web Beacons

Arthrex does not directly collect personal data about users’ online activities over time or across third-party websites or online services. We may use certain technologies to monitor technical information about the Site’s use. To facilitate easy navigation within the Site, our service provider(s) or we may use cookies (small text files stored in a User’s browser), web beacons (electronic images that enable counting of visitors who have accessed a page or certain cookies), or similar technologies to collect data (all such technologies are herein collectively referred to as “Cookie(s)”), such as IP address, domain, browser type, and pages visited. You can find more information on how this is done in the “Cookie Notice” section.

Certain jurisdictions require express User Consent before the activation of cookies. If you access our Site from one of those jurisdictions, you will be notified of the use of cookies in advance and asked to provide your express consent through our cookie management tool. This will also allow you to manage and change your choices (including the withdrawal of consent) at any time.

“Do Not Track” Disclosure

Arthrex does not permit third parties to track consumer behavior over time across third-party sites or services when you use our Site. Cookies can be rejected by amending your cookie preferences through your browser settings, but you may be denied access to some parts of the Site if your browser rejects cookies. To learn more about cookies, including how they have been set and how to manage and delete them, visit www.allaboutcookies.org.

How We Use Personal Data

If you provide your contact information through our Site, Arthrex may contact you regarding products and services (such as seminars and webinars) offered by Arthrex. We may also use information collected through our Site for research regarding the effectiveness of our Site and related marketing, advertising, and sales efforts.

If you have voluntarily provided Personal Data, we may contact you via email or regular mail regarding Arthrex’s products and services that may interest you, if this is compliant with the laws of your local jurisdiction, or if you have separately consented thereto. You may request that we discontinue sending you such materials by following the unsubscribe instructions in the communication at any time.

Data Integrity

Arthrex will make reasonable efforts to ensure that Personal Data is accurate and updated, adequate, relevant, and not excessive for the purposes for which it is processed and kept only for the period necessary for permitted purposes.

Data Retention

Arthrex may Process your Personal Data as long as necessary to fulfill our contractual and legal obligations. If your Personal Data is no longer required to meet legal retention obligations under applicable local law or Arthrex’s legitimate interest, it will be deleted or anonymized.

How We Protect Your Personal Data

Arthrex takes reasonable steps, consistent with generally accepted industry standards, including technical, administrative, and physical safeguards, to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction and to ensure its security in our systems and processes. Please refer to the Arthrex technical and organizational measures catalog for more information. Internally, we will restrict and regularly review access rights to your Personal Data to those who need access to the information in order to perform a job function.

How You Can Help Protect Your Personal Data

If you are using a feature of the Site for which you registered and choose a password, we recommend that you do not disclose your password to anyone. We will never ask you for your password in any form of communication. You should also remember to sign out of the registered page by closing your browser window when you have finished to ensure that others cannot access your Personal Data.

Links to Other Sites

Our Site may contain links to other sites, including those of our business partners. Arthrex is not responsible for the privacy practices or the content of any third-party sites. Visitors will need to check the privacy notices of these third-party sites to understand their policies.

Children’s Privacy Protection

Arthrex understands the importance of protecting children’s privacy in the interactive online world. The Site covered by this Privacy Notice is not designed for or intentionally targeted at children 16 years of age or younger. The age of children stated above may differ in accordance with applicable laws of your local jurisdiction.

Sharing of Personal Data

Your Personal Data may be shared internally and externally as described below. In instances of the international transfer of Personal Data, including the transfer to countries without data protection rules similar to those in effect in your country of residence, such transfers would be based on the standard contractual clauses as the primary transfer mechanism and additional safeguards would be implemented through technical and organizational measures.

Sharing of Personal Data With Local Arthrex Companies

Your Personal Data may be shared with a Local Arthrex Company that operates in your jurisdiction or based on your request. You can find a list of Local Arthrex Companies. All companies within the Arthrex group maintain the highest data protection standards and state-of-the-art technical and organizational measures. That entity will control Personal Data shared with a Local Arthrex Company in accordance with applicable local laws.

Disclosure of Personal Data to Third Parties (Other Than Local Arthrex Companies)

Arthrex may use independent companies or other third parties, including individuals, agents, consultants, contractors, vendors, and service providers, to provide services to Arthrex in IT, security, hosting, analytics, cloud storage, administration, etc. Personal Data may be transferred to such third parties only when reasonable and appropriate steps have been taken to maintain the required level of data protection, including the provision of notice and choice where appropriate. All third parties are required to comply with Arthrex’s privacy practices and policies and are permitted to use Personal Data only to perform services on behalf of Arthrex. A company that processes Personal Data on behalf of Arthrex is allowed to do so only if it guarantees to provide the technical and organizational security measures required for processing Personal Data.

Arthrex may share Personal Data as required or permitted by law to comply with legal requests or when Arthrex believes in good faith that disclosure is legally required or otherwise necessary to protect Arthrex’s rights and property, or the rights, property, or safety of others.

What Are Your Rights

Any individual whose Personal Data has been provided to Arthrex has the right to obtain confirmation as to whether their Personal Data is being processed. In this context, an individual has the right to request that Arthrex corrects inaccurate and/or completes any incomplete Personal Data; the right to request the erasure of certain Personal Data, such as Personal Data which is no longer necessary for legitimate purposes; the right to request the restriction of the processing of certain Personal Data (e.g., inaccurate data); and the right to data portability. Individuals also have the right to object to certain processing activities of their Personal Data. Subject to local privacy regulations, individuals are entitled to submit a complaint to a supervisory authority.

How You Can Access, Update, and Correct Your Information

Users who choose to create an account on our Site may access their user profile, correct and update their information, or unsubscribe at any time.

Arthrex commits to resolving complaints about your privacy and our collection or use of your Personal Data. If you have any requests or questions about this Privacy Notice or Arthrex’s privacy practices, please contact Arthrex at privacy@arthrex.com

Privacy Notice on the Use of Additional Processing Activities in the Context of ARTHREX Websites, Including Social Media Icons, Newsletters Surveys, User Registration and Contact Form

Social Media Icons

Arthrex, Inc., 1370 Creekside Blvd., Naples, Florida 34108, USA (“ARTHREX”) websites contain icons with the logos of certain social media platforms. The icons are linked to the URL of a specific social media platform. When you click on the icon, the respective function of the social media platform is activated (i.e., like, share, ct, etc.). Until the icon is clicked on, no personal data is transmitted to the social media platform. When you click on the icon, you will leave our website.

Newsletter

If you register via our website or by any other means to receive an electronic newsletter, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary). The registration data will be available for an unlimited period or until you unsubscribe or we cancel the newsletter. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent another person’s unauthorized use of your email address.

The IP address assigned to you by the internet service provider (ISP) and the date and time of registration will also be stored when you register. The purpose is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services. In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This protects our legitimate interest in proving, in the event of a dispute, that you wished to receive the newsletter.

After you terminate your registration for the receipt of a newsletter, we will retain the registration data, the IP address, the date and time of registration, and your consent for up to three (3) months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion or in establishing, exercising, or defending legal claims in connection with the registration for and consent to receipt of a newsletter.

Surveys

We conduct online surveys and collect information via interactive questionnaires using the platform and services of third-party service providers. You can object to using your data for direct marketing purposes at any time.

Whether you wish to participate in a survey or to answer a questionnaire is your free and voluntary decision. Information collected through surveys will be processed and used to protect our legitimate interest in improving our deliveries and services to meet your individual requirements. Additionally, information gathered from surveys helps us promote the sale of our products and services, possibly offering you additional products or services in line with your interests and, where relevant, fulfilling our product monitoring obligations concerning our products and services. Information collected through questionnaires for the preparation of events will be processed and used for the sole purpose of participation in the event. If you are a customer, the data will be transferred to our customer database. If there is no customer relationship, the information may be transferred to our database for prospective customers, or otherwise, it will be deleted after six (6) months.

User Registration & Contact Form

If you register on our website and create a user account (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary), all personal data collected in connection with this user account will be stored in this user account until you delete the user account or until we cancel the user account. The IP address assigned to you by your internet service provider (ISP) and the date and time of registration will also be stored when you register. The purpose is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services.

After your user account is deleted, we will retain all data for up to six (6) months. This protects our legitimate interest in restoring the data in the event of unintentional deletion or in establishing, exercising, or defending legal claims. By creating an account, you are agreeing to the retention period that has been established.

Our website contains a contact form that you may use to communicate with us. When submitting information through the contact form, you are required to enter an email address, which we will use to respond to your request. The contact form enables you to submit additional information voluntarily.

When you provide us with personal data via the user account or the contact form for a purpose beyond the use of the website or respective web service, such as sending us an offer or product information, we will also store and process this data for this purpose.

Arthrex EMEA Privacy Notice

Introduction

The Arthrex group companies in the EMEA region (listed here, hereinafter: “Arthrex“) provide this Privacy Notice to inform you about how we process and use your personal data and the specific rights you have in connection with your personal data (“Privacy Notice“).

We are committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation, the UK-GDPR, the Swiss Datenschutzgesetz (DSG), and all other applicable privacy laws in the EMEA region.

Please read this Privacy Notice carefully to understand your rights regarding your personal data. Additional information is provided on the Arthrex Privacy Portal. More detailed information about processed categories of personal data, specific purposes, and legal basis are also provided at the moment of data collection in the specific privacy notices related to the processing at hand.

1. Data Controller

The specific Arthrex company you are interacting with is the data controller responsible for processing your personal data. If you have any questions or concerns about the processing of your personal data, you can contact the Arthrex Group DPO at privacy@arthrex.com.

2. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Web browsing usage data (e.g., website visits, IP address, device information, browser type, logs)
  • Data collected from users via web forms, telephone, sales channels, or email communication (e.g. contact information such as name, email address, employer, phone number, billing address, professional information such as field of expertise)
  • Marketing preferences and feedback (e.g. survey results)

3. Purposes and Legal Basis for Processing

We may process your personal data for the following purposes:

  • To provide and maintain our products or services as agreed upon
  • To process payments and fulfill orders
  • To communicate with you, respond to inquiries, and provide support
  • To personalize and improve our products, services, and user experience
  • To send marketing communications with your consent
  • To comply with legal obligations
  • To prevent fraud and ensure network and information security

The legal basis for processing your personal data may include the necessity of processing for the performance of a contract, compliance with legal obligations, consent, and legitimate interests pursued by Arthrex as the data controller.

Arthrex’s legitimate interest as the controller may be a legal basis for internal data transfer, corporate management, security, fraud prevention, compliance, the central coordination of sales, business and administration-related activities, corporate planning, IT administration, or other administrative purposes.

Arthrex may request that you consent to the processing of your personal data separately if a statutory legal basis does not exist. Such consent may be withdrawn at any time with effect in the future.

Arthrex will generally not use fully automated decision-making for the purposes described above. Arthrex will inform you separately per the legal requirements if automated decision-making is used in individual cases.

4. Recipients of Personal Data

We may share your personal data with the following recipients:

  • Our affiliated companies or subsidiaries with the Arthrex Group,
  • Service providers acting as data processors contracted by Arthrex,
  • Additional third-party service providers who assist us in delivering our products or services (eg payment processors, shipping companies),
  • Government authorities or law enforcement agencies when required by law.

We will only share your personal data with service providers who have implemented appropriate data protection measures and with whom we have contractual agreements ensuring the confidentiality and security of your personal data.

5. International Data Transfers

In certain cases, we may transfer your personal data to countries outside the European Economic Area (EEA). When such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data, such as standard contractual clauses approved by the European Commission as the primary transfer mechanism and additional safeguards implemented through technical and organizational measures.

As Arthrex is part of an international group of companies headed by Arthrex Inc., 1370 Creekside Blvd., Naples, Florida 34108, USA, as the parent company, located in the USA, it is possible that your personal data may be transferred globally within the Arthrex group in certain processing activities. Such transfers will be conducted strictly on a need-to-know basis.

6. Data Retention

We will retain your personal data for as long as necessary to fulfill the purpose for which it was collected, including any contractual, legal, accounting, or reporting requirements. The criteria used to determine the retention period will consider the data’s nature and the purposes for which it is processed. If your personal data is no longer required to meet legal retention obligations under applicable local law or Arthrex’s legitimate interest, it will be deleted or anonymized.

7. Your Rights

You may exercise your privacy rights as set forth below:

  • Right to request and access information (based on the categories of the personal data processed, the purposes of the processing, any recipients of such personal data, the personal data retention period, etc).
  • Right to request that inaccurate or incomplete personal data be rectified or supplemented
  • Right to request that personal data be deleted, provided that:
    • personal data is no longer required for the intended purpose and/or is being unlawfully processed, or
    • you withdraw consent (unless there is another legal ground for the processing of such personal data) or
    • you object to the processing of your personal data based on legitimate interest, and there are no overriding legitimate interests for the processing or
  • personal data has been unlawfully processed, or
  • personal data has to be erased for compliance with a legal obligation
  • Right to demand, under certain circumstances, the restriction of data processing where deletion is not possible or the deletion obligation is disputed
  • Right to data portability
  • Right to object when we process your personal data to safeguard legitimate interests. You can object to this processing if, based on your specific circumstances, there are grounds against us processing your personal data. In such cases, Arthrex will stop processing your personal data unless we have overwhelming and compelling interests in protecting such personal data.
  • Right to not be the subject of automated decisions
  • Right to submit a complaint with a data protection supervisory authority within the jurisdiction in your domicile or with general personal jurisdiction over Arthrex regarding processing your personal data. A list of the supervisory authorities in EEA can be found here, and for Switzerland, it can be found here.

Last updated: June 2024

California Privacy Notice

Arthrex, Inc. (the “Arthrex” or “we”) provides this California Privacy Notice (“Notice”) as a supplement to the information contained in Arthrex’s Global Privacy Notice and applies solely to all visitors, users, and others who reside in the state of California. Arthrex has adopted this Notice to provide additional information to California residents related to their rights under the California Consumer Privacy Act of 2018 (“CCPA”), as modified by the California Privacy Rights Act of 2020 (“CPRA”), and any terms defined in the CCPA have the same meaning when used in this Notice. This Notice describes how and why we may collect and use your Personal Data and our practices during the past twelve (12) months.

Personal Data We Collect, Use and Disclose

Collection of Personal Data

Our website collects information that identifies, relates to, describes, references, is capable of being associated, or could reasonably be linked, with a particular consumer or device (“Personal Data”). Arthrex may obtain Personal Data directly from you (i.e., when you submit Personal Data to us) or indirectly from you (i.e., through cookies and other tracking technologies used when interacting with our Site).

Arthrex may collect the following categories of Personal Data about you:

  • Personal Identifiers include Personal Data that can be used to identify an individual, such as name, address, email address, or other similar identifiers
  • Personal Information includes Personal Data that is not publicly available and can be used to identify an individual, such as employment information, education information, and other similar information.
  • Commercial Information includes Personal Data related to an individual’s transactions, purchases, and other commercial interactions with businesses, such as product preferences and similar information.
  • Internet or other electronic network activity information includes information about an individual’s online activities, such as browsing history, search history, and interactions with our websites, applications, or advertisements.

Uses and Disclosures of Personal Data

Arthrex may use your Personal Data for reasons referenced in the “How We Use Personal Data” section of the Global Privacy Notice. In particular, Arthrex may use your Personal Data for one of the following:

  • To fulfill or meet the reason you provided the Personal Data (i.e., if you share your name and contact information to ask a question about an Arthrex product or service, we will use that Personal Data to respond to your inquiry).
  • To provide, support, personalize, and develop our Website, products, and services.
  • To provide you with marketing material.
  • To provide and analyze our services.
  • To help maintain the safety, security, and integrity of our Website, products, services, databases, and other technology assets and business.
  • Improve customer experience with surveys, polls, and online research to deliver content and product and service offerings relevant to your interests.
  • To create, maintain, customize, and secure your account with us.
  • For testing, research, analysis, and product development, including developing and improving our website, products, and services.
  • As described to you when collecting your Personal Data or as otherwise outlined in the CCPA.

Arthrex may disclose your Personal Data to Arthrex affiliates and service providers to support business operations and to a third party for business purposes. When such Personal Data is disclosed, Arthrex will enter into a contract that describes the purpose and requires the receipt to keep the Personal Data confidential and not use it for any purpose except to perform the obligations of the contract.

We may disclose your Personal Data with the following categories of third parties:

  • Business partners
  • Consultants
  • Service providers
  • Law enforcement, government agencies, courts, or other parties to protect ourselves and our employees, investigate fraud, or as required by law, such as to comply with a subpoena or similar legal process.
  • Any other third party with your prior consent

Arthrex retains your Personal Data while your account is active or as needed to provide you with products, services, or relevant information. After such time, we may continue to retain and use your Personal Data, as necessary, to comply with our legal, regulatory, and ethical obligations, resolve disputes, exercise our rights, conduct internal research, maintain records, and enforce and comply with our agreements.

Personal Data does not include:

  • Publicly available information made available from government records, widely distributed media or by individuals.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA scope, which may include:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996 and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
  • Personal Data is covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach Billy Act (GLBA), the California Financial Information Privacy Act (CFIPA), and the Driver’s Privacy Protection Act of 1994.

California Privacy Rights

California residents may exercise their privacy rights concerning their Personal Data as set forth below, subject to applicable exceptions.

Right to Know and Access. You have the right to know and access what Personal Data is being collected about you by Arthrex.

Right to Deletion. You may be entitled to request that we delete the Personal Data we collected from you. We will use commercially reasonable efforts to honor your request in compliance with applicable laws. Please note, however, that we may need or be required to keep such Personal Data for our legitimate business purposes or to comply with applicable law.

Right to Limit the Processing of Sensitive Personal Data. You may be entitled to restrict the processing of your Sensitive Personal Data in certain circumstances.

Right to Correct. You may request that we correct Personal Data that we hold about you.

Right to Opt-Out of Sales and Sharing of Personal Data. Arthrex does not share your Personal Data. You may be entitled to opt out of disclosing your Personal Data to third parties for certain targeted advertising.

Right to Non-Discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred by applicable privacy law.

Exercising Your Rights and Response Time

If you are a California resident and want to exercise your privacy rights listed above, please contact us at privacy@arthrex.com or (866) 363-3096. You may designate an authorized representative to request to exercise your privacy rights. Your representative should use the same contact information to exercise your privacy rights. Please note that we may separately verify your identity with you should a representative make a request on your behalf.

You may make a verifiable consumer request for access or data portability. The request must provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Data and describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We aim to respond to all requests within 45 calendar days of receiving them. If our response takes longer, we will inform you.

Changes to Our Privacy Notice

Arthrex periodically evaluates its privacy policies and procedures to implement improvements and refinements. Therefore, Arthrex reserves the right to modify or amend this Privacy Notice at any time and for any reason. When this Privacy Notice is amended, Arthrex will revise the “last updated” date at the bottom of this page.

Please review this Privacy Notice periodically, especially before you provide us with personally identifiable information. Arthrex will notify individuals by placing a notice on this page of material changes to this Privacy Notice. Your continued use of the Site after any changes to this Privacy Notice indicates your agreement with the terms of the revised Privacy Notice.

If you would like to receive a copy of this Privacy Notice in an alternate format or language, please contact us at privacy@arthrex.com or (866) 363-3096.

Contact Information

If you have any questions or comments about this Privacy Notice, how Arthrex collects, uses, and discloses your Personal Data as described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please contact:

Email: privacy@arthrex.com

Phone: (866) 363-3096

Postal Address:

Arthrex, Inc.

Attn: Risk Management & Compliance

1370 Creekside Blvd.

Naples, Florida 34108

Transfer of Personal Data of the European Data Subjects to the United States

Arthrex’s Commitment to Safe Personal Data Transfers

Arthrex ensures that all transfers of personal data to our organization fully comply with relevant data protection regulations. We prioritize protecting your personal data and remain dedicated to upholding the standards set forth by the EU-US Data Privacy Framework.

In our products, systems, and processes, Arthrex implements the necessary safeguards to guarantee that any onward transfer of personal data is protected with the highest standards.

To provide you with information about protecting your personal data throughout its journey, please refer to the Data Processing Agreement that we sign with you, the Arthrex Privacy Notice, or the specific privacy notice provided to you in the context of the product and service you are using.

Transfer of Personal Data to the United States

Arthrex complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Arthrex has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) concerning the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Arthrex has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) concerning the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program and to view our certification, please visit Data Privacy Framework (DPF) Program.

The following Arthrex U.S. entities or Arthrex U.S. subsidiaries adhere to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF Principles. They are covered by Arthrex ‘s DPF submission:

  • Arthrex, Inc., 1370 Creekside Blvd., Naples, Florida 34108, USA
  • Arthrex Manufacturing Inc., 6875 Arthrex Commerce Dr., Ave Maria, FL 34142, USA
  • Arthrex California Technology, Inc., 460 Ward Drive, Santa Barbara, California 93111, USA

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Arthrex commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to ICDR-AAA DPF IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Arthrex commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Arthrex at privacy@arthrex.com.

With regards to the transfer of personal data to the United States and participation in the Data Privacy Framework (DPF), Arthrex will arbitrate claims and follow the terms as outlined in Annex I of the DPF (https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction).

Arthrex is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Arthrex may be required to disclose personal data that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

For information about the type or identity of third parties and the purposes for which Arthrex discloses personal data, please visit https://arthrex-grandrapids.com/contact/privacy-policy/#sharing-data. Arthrex is liable for the onward transfer of personal data.

For information about the rights of individuals to access their personal data and to limit the use and disclosure of personal data, please visit https://arthrex-grandrapids.com/contact/privacy-policy/#your-rights and the Arthrex EMEA Privacy Notice at https://arthrex-grandrapids.com/contact/privacy-policy/#additional-privacy.

Assessment of United States Authorities’ Interest in Arthrex Personal Data Transfers
In addition to the EU—U.S. DPF adequacy decision, we have conducted an extensive risk assessment of Arthrex’s personal data transfers, considering the following factors: the purpose(s) for which the personal data is transferred and processed (e.g., marketing HR, data storage, IT support, clinical trials).

  • The types of entities involved in the processing (e.g., public/private; controller/processor).
  • The sector in which the transfer occurs (e.g., medical, telecommunication, financial, etc).
  • The categories of personal data transferred (e.g., personal data relating to children may fall within the scope of specific legislation in the third country).
  • Whether the personal data will be stored in a third country or whether only remote access is granted to the personal data stored within the EEA.
  • The personal data format to be transferred (e.g., in plain text, pseudonymized, or encrypted).
  • The possibility that the personal data may be subject to onward transfers from the third country to another (or within the same) third country.

These factors, and particularly the nature of the personal data transferred, support an argument that the U.S. government is unlikely to seek to acquire the transferred information. As a medical device company, Arthrex is not involved in an industry with heightened national security concerns (e.g., defense contracting, intelligence community support, government contracting, or provision of critical infrastructure). Instead, the company’s transferred information typically includes personnel personal data, data system security, online learning user credentials and account information, and medical records that may contain personal data. These medical records are primarily used to develop specific surgical tools and plans, monitor patient recovery and progress in certain post-surgery circumstances, and, in limited instances, provide technical support for surgical video recording processes. Arthrex is receiving personal data from its EU subsidiary to support its routine business efforts, which are not sensitive to national security or counter-intelligence considerations. The personal data is not transferred to additional countries from the United States. When transmitted to the United States, it is either sent in an encrypted format or securely accessed remotely from the United States. Arthrex has not received, and is unlikely to receive, any U.S. government request regarding personal data processed by Arthrex. Therefore, it could not be reasonably expected that any personal data processed by Arthrex would be of particular national security interest.

Additional Considerations

Where applicable, Arthrex will exclusively store and process personal data of the European data subjects within the European Union. In such cases, the personal data is not retained in the United States, and any access to such data from the United States is based on a need-to-know requirement, such as fulfilling customer support requests, providing specific security assistance, or conducting technical troubleshooting.

The transfer of personal data to the US is done strictly on a need-to-know or need-to-have basis, according to Data Processing Agreements outlining the organizational and technical measures Arthrex has in place to protect the personal data of European data subjects.

Arthrex acknowledges that in the event of an order to grant personal data access to US authorities, Arthrex would be obliged to inform customers, enabling them to terminate their agreement with us and halt personal data transfers to our organization. It is important to note that Arthrex has never had to issue such a notification, and based on the evaluation, as mentioned earlier, it is highly improbable that such circumstances will arise in the future.

Conclusion

Based on the comprehensive analysis outlined above, we confidently assert that the risk of harm to the data subjects is minimal. This conclusion is based on the rigorous protective measures and safeguards implemented by Arthrex, along with the highly improbable likelihood of US authorities requesting personal data access regarding our product and services. Therefore, considering these factors and in compliance with relevant legal obligations, we affirm that the risk of harm to the data subjects is considered insignificant.

Regardless of low-risk exposure concerning the transfer of personal data of the European data subjects to the US, Arthrex is fully committed to maintaining compliance with the principles and safeguards outlined in the EU-US Data Privacy Framework and all relevant regulations, as well as best practices in data protection. By upholding these standards, we ensure the secure and lawful transfer of personal data, demonstrating our unwavering dedication to protecting our customers’ privacy.