Pillcam™ Remote Reading Platform Privacy Notice

This Privacy Notice tells you how personal information is gathered and used through these PillCam™ services (the “Services”) as used by you as a healthcare practitioner working for, or providing services to, a health institution or clinic (the “Organization”).

This Privacy Notice was last revised in January 2023.

This Privacy Notice tells you how we protect and use information that we gather through the Medtronic Services. This Privacy Notice does not apply to the other Medtronic websites or applications. You should review the Privacy Notice posted on other Medtronic websites and applications when you visit them. The Service is provided by Medtronic. Medtronic is the name we use to refer to our whole business, including Medtronic plc. and any of the companies that it controls, such as its subsidiaries and affiliates. When we use the words “we” or “our”, we mean Medtronic.

In order to give you access to the Services, we process the following information about you that we receive from you or your Organization: your name, role/position, site/organization, email address and phone number. We also process the password you use to authenticate your access to the Service. We refer to this information about you as the “User Information”.

The Service processes data regarding your usage behaviour and usage patterns. This includes the times you access and disconnect from the Service, your IP address and the actions you take when you use the Service. We refer to this overall data as “Usage Information”.

The Services are also designed to process patient information on behalf of the Organization, which may include procedure type/date, medical insurance details, patient name, patient ID, other patient details (such as gender, date of birth, height, weight, etc.), recorded video, relevant physician/Organization details, medical findings, notes and other relevant information as determined by the Organization. This data will only appear in a pseudonymized form to users of the PillCam™ Remote Reader functionality. We receive and process this information on behalf of the Organization. We refer to this overall data as “Patient Information”

Certain data may be collected by Medtronic acting on behalf of the Organization (with Medtronic having a role of data processor, service provider or Business Associate as those terms are defined under local laws). This data may then be subject to the Organization’s own data policies and privacy notices. For example, in the United States, Medtronic may hold some data about you on the behalf of your employer, which will be subject to their privacy notices and policies. In particular, as part of the provision of the Services, we will process Patient Information and certain User Information on behalf of the Organization, in accordance with the legal basis defined by the Organization.

We will also use the User Information to create and maintain your user account, maintain appropriate data security for your account and the Services, resolve issues regarding the Services, troubleshoot problems, assist with any investigations, enforce our terms of use and take other actions otherwise permitted by law, based on our legitimate interests to do so.

We process the Usage Information to understand and improve your user experience when you use the Service. We will also use the Usage Information for quality assurance and for development and enhancement of the Services, our products and our business, based on our legitimate interests or legal obligation.

In providing Services to your Organization, Medtronic may need to share some personal information with our service providers, subject to our contract with your Organization.

We may otherwise share some personal information with service providers in the ordinary course of our business, to assist in the fulfillment of our purposes, as outlined above.

In all cases in which we share your personal information with a third-party, we will not authorize them to keep, disclose or use your information except for the purpose of providing the services we asked them to provide.

We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting website visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).

We may disclose your personal information to third parties if we feel that the disclosure is necessary to:

• enforce this Privacy Notice and the other rules about your use of our websites and applications;
• protect our rights or property;
• protect someone's health, safety or welfare;
• fulfill obligations relating to a corporate sale, merger, dissolution, or acquisition; and
• comply with a law or regulation, court order or other legal process

Medtronic does not sell, nor share with others for retargeted/cross-context behavioral advertising, the personal data collected through the Services.

When you access the Services through an online platform provided by Medtronic, we may collect certain information about you from your computer or mobile device. This information may include:

• the name of the domain from which you access the Internet
• the Internet Protocol address (“IP Address”) of the device you are using
• the type of browser and operating system you are using
• the date and time you access the platforms used to deliver our Services
• which pages you have visited on our website (note: U.S. healthcare providers, please see the ‘uses of personal information’ described below)

Cookies: We also may collect this information through cookies, pixels, web beacons, and similar technologies (“cookies”), that work through placing a small file (like a text file or graphic) in your browser files. Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You are free to decline our cookies if your browser permits, but some parts of our website may not work properly for you if you do so. Please refer to the cookie policy on the relevant page for more information.

Medtronic will retain your personal information for the period of time agreed with your Organization, and in any case for no longer than necessary to fulfil Medtronic’s purposes described herein, unless a legal obligation prescribes a longer or shorter retention period.

Security is very important to us. We also understand that security is important to you. We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. While we have implemented security measures, please keep in mind that “perfect security” does not exist on the Internet or elsewhere and no transmission of information is guaranteed to be completely secure. In particular, e-mail sent to or from our services may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Where your personal information is transferred outside of Europe, Medtronic will take appropriate steps to provide for adequate legal safeguards for the safety and security of your personal information to the level required by appliable data protection laws.

To review or exercise your privacy rights regarding the processing of your personal information by Medtronic on behalf of your Organization, please contact your Organization and consult its privacy policies directly.

Where Medtronic otherwise processes your personal information, depending on applicable laws, you may have the right to:

• Access: Request access to the personal information which we hold concerning you. 
• Rectify, Erase, Restrict: Request that your personal information be rectified, erased or that our use of your personal information be restricted. 
• Object: based on your particular situation you may object to our use of your personal information on legitimate interest grounds. 
• Data Portability: If we are providing an automated service to you (based on contract or your consent) you can also request a copy of your personal information in a structured, commonly used and machine-readable format. 
• Withdraw Consent: Where personal information is processed on the basis of your consent, you may withdraw your consent at any time. Note: This does not affect the lawfulness of our use of your personal information before you withdrew your consent. Also, aggregated data which we have already compiled will not be affected, even after you withdraw your consent, as there are no technical means available to isolate or identify data elements to exclude.

If you are not satisfied with our handling of your request, you may also wish to exercise your right to file a complaint with a supervisory authority.

Please note that your Organization should be your first point of contact when Medtronic processes your personal information on their behalf. Otherwise, the Medtronic entity identified in the relevant commercial contract with your Organization is your primary point of contact for Medtronic, and can be contacted by email at rs.privacyeurope@medtronic.com or rs.globaldataprivacyoffice@medtronic.com. Please note that in accordance with applicable laws, we may ask you to provide some proof of identity before we can process your request.

The PillCam™ services are provided through Given Imaging Ltd. (a Medtronic company), 2 Hacarmel Street New Industrial Park, POB 258 Yokneam 20692 Israel.

The above statements in this statement indicate Medtronic’s data processing activities as currently effective as well as in the past twelve months for the Apps. In addition to those statements, Medtronic has not collected, used, or disclosed additional categories of data, sold or disclosed data, or sourced data from additional sources to those noted above in the past twelve months for the product/service described by this Privacy Statement. For Medtronic’s enterprise Privacy Statement, which describes our data practices more broadly, please see https://www.medtronic.com/us-en/privacy-statement.html.

Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

Depending on your jurisdiction, you may have certain rights afforded under various U.S. laws:

Right to know and access. A California, from 2023, a Virginia, or, from 2024, a Colorado, consumer has a right to request a business disclose what personal information it collects, uses, discloses, and sells, the purposes of its use or disclosure, and to whom that information is disclosed, both generally and on that consumer, up to two times every twelve months, and to request to access the personal information a business has collected on them. From 2023, a California or Virginia, or, from 2024, a Colorado consumer will have the right to know how their personal information is shared for cross-context behavioral and targeted advertising purposes.

Right to correct. From 2023, a California or Virginia, or, from 2024, a Colorado, consumer will have the right to request that inaccurate information on them be corrected.

Right to delete. A California consumer or, from 2023, a Virginia, or, from 2024, a Colorado consumer, has a right to request that personal data collected on them be deleted.

Right to opt-out of sales and sharing for retargeted advertising. A California or, from 2023, a Virginia, or, from 2024, a Colorado, consumer has a right to request to opt-out of sales of personal data. If a business has actual knowledge that a consumer is under 16 years of age, in California, that person has a right to not have their data sold (and, from 2023, shared for cross-context behavioral and targeted advertising purposes) without opting into that sale. From 2023, a California or Virginia or, from 2024, a Colorado consumer shall have the right to request to opt-out of personal data sharing for cross-context behavioral and targeted advertising purposes.

Right to opt-out of profiling. From 2023, a Virginia, or, from 2024, a Colorado, consumer has a right to request an opt-out of user profiling activities that produce a significant effect on a consumer.

Right to limit use of Sensitive Personal Information. From 2023, a California or Virginia, or, from 2024, a Colorado consumer has a right to request that a business limit the use of their sensitive personal information to the uses reasonably expected to be necessary to perform or provide the goods and services requested.

Right to non-discrimination. A California or, from 2023, a Virginia, or, from 2024, a Colorado, consumer has a right not to receive discriminatory treatment by the business for the exercise of their privacy rights. Discriminatory treatment may not include where a difference in price or services is reasonably related to the value provided by your data.

Exercising your rights. If you wish to inquire about or exercise any of your applicable rights, you or your authorized agent can contact us at: https://www.medtronic.com/us-en/privacy-statement/personal-data-request.html or call +1 (866) 639-6907. 

Your request will be confirmed within ten days of receipt and we will respond within 45 days unless a shorter period is required by law. If we need more than that amount of time, we will notify you why your request is being delayed if allowed by applicable law.

Identity verification. We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. In the process of verifying your request, we may contact you to ask for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose. Once we have received and verified the requested information from you, we will contact you with our response to your request, including any data, if applicable. If we do not hear from you or are unable to verify your identity for the request, we will contact you to inform you that we cannot process your request because we cannot verify your identity.

Applicable fees. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We may anonymize or de-identify data about you. Protected Health Information covered by the Health Insurance Portability and Accountability Act of 1996 (U.S. only) may be deidentified under that law's Safe Harbor method or the Expert Determination method. Personal data not covered by HIPAA may also be de-identified or anonymized. Data that is anonymized or de-identified will not be reidentified except as allowed or required by applicable law, and we require any third party receiving our deidentified or anonymized information to adhere to our commitment.

Disclaimer: This page may include information about products that may not be available in your region or country. Please consult the approved indications for use. Content on specific Medtronic products is not intended for users in markets that do not have authorization for use.