SMARTSYNC MOBILE APPLICATION Privacy Policy

Medtronic is committed to maintaining your trust by protecting Personal Information. We are committed to ensuring that your privacy and the privacy of your patients is respected, and that Personal Information is handled in a transparent and lawful way. Any Personal Information you provide will only be used in accordance with this Privacy Notice. We encourage you to read this Privacy Statement carefully.

This Privacy Statement tells you how we protect and use information that we process through the Medtronic Mobile SmartSync Application (the "Application" or "App").

This Privacy Statement was last revised on September 7, 2018. We may change the Privacy Statement at any time and for any reason, but if we do so, we will inform you of the new contents.

This Privacy Statement and the End User Licensing Agreement (EULA) are the complete agreement between Medtronic and the medical institution with respect to its use of the Application. The medical institution is considered the data controller of this processing of Personal Information.

INTRODUCTION

The Application is owned by Medtronic, Inc of Fridley, Minnesota, USA ("Medtronic") and is licensed to you for purposes of interrogating and programming the implanted cardiac device of your patients. When we use the words "we" or "our," we mean Medtronic. When we use the word "you" or "your" we mean the medical institution using the App and its medical personnel.

The App is part of the SmartSync device programming and interrogation system ("System") and is downloaded on a tablet which is part of the System. The System (a tablet with the App installed) can be brought into the medical institution by a Medtronic representative. After the programming and/or interrogation procedures, the Medtronic representative removes the System from your facility. In other circumstances the System will be brought by you, like a tablet loaned by Medtronic or by bringing your own device. The System will always be operated by you with the support of the Medtronic representative.

The System collects and processes Personal Information of your patients and your institution through the Application. Please see below for a definition of personal and non-Personal Information, and how the System processes them.

Where the tablet is temporarily provided by a Medtronic representative, the Lawful Basis for processing Personal Information by Medtronic is the performance of the agreement between Medtronic and the medical institution. In other circumstances, like a tablet loaned by Medtronic or bringing your own device, you have to determine your own Lawful Basis for processing since Medtronic will not be involved in processing.

WHAT IS PERSONAL INFORMATION?

Personal Information is information that is processed through the App that can specifically identify patients and you. Examples of Personal Information include:

  • Patient first name (optional)
  • Patient last name (optional)
  • Patient's health condition
  • Hospital/clinic name
  • Medical device serial number
  • Implant date
  • Model number
  • Medical device name
  • Mobile device identifiers, such as model number, manufacturer, serial number, or IMEI/MEID, Device programming parameters and measurements

HOW DOES MEDTRONIC COLLECT AND PROCESS PERSONAL INFORMATION?

The App will serve to program and/or interrogate your patients implanted cardiac devices and to collect Personal Information from such device. Where the tablet is temporarily provided by a Medtronic representative the data will be delivered to you on a digital file or on a print-out (pdf). After the interrogation and transfer to you of the data, any data will be deleted manually from the App by your personnel or by the Medtronic representative prior to the System being removed from your facility. In other circumstances, like a tablet loaned by Medtronic or bringing your own device, you are responsible for ensuring that the right (security) controls are in place to protect and control the Personal Information. That includes deletion of Personal Data from the System before handing a loaned System back to Medtronic.

SECURITY

We are committed to protect the security and confidentiality of Personal Information. To prevent accidental or unlawful destruction, loss, alteration, unauthorized access or disclosure of, the Personal Information, we use appropriate technical and organizational measures to safeguard and secure the "Personal Information" we process.

We will inform you and/or the relevant supervisory authorities without undue delay should an unauthorized disclosure of the Personal Information require such a notification.

WILL MEDTRONIC SHARE PERSONAL INFORMATION WITH THIRD PARTIES?

Medtronic will not share any Personal Information collected from any device through the App, with any affiliated company of the Medtronic group, nor with any third party.

WHAT DOES MEDTRONIC DO WITH NON-PERSONAL INFORMATION?

Non-Personal Information will be collected and processed for the same purpose as personal data and in the same context. No non-Personal Information will be stored nor shared with anyone except with your medical institution.

YOUR PERSONAL RIGHTS AND HOW TO CONTACT MEDTRONIC

Where the tablet is temporarily provided by a Medtronic representative, we do not store or keep personal data after its transfer to you or its communication to you. Still you have the right to request access to the App to ensure that this is the case, or to object to personal data being processed by the App by not using the App, but the latter will render the programming or interrogation of the devices by the System impossible. In order to exercise these rights or to obtain information on the applicable procedure, please contact us using the information above. Please note that the exercise of your rights may be subject to restrictions, e.g. in order to allow Medtronic to comply with applicable laws or to protect the data protection rights of third parties.

In other circumstances, like a tablet loaned by Medtronic or bringing your own device, Medtronic will not be able to grant these rights, since Medtronic does not process Personal Information.

You have the right to lodge a complaint with your data protection authority.

If you have questions or comments about this Privacy Statement, or would like to exercise your rights, please contact us or the Medtronic Data Protection Officer at: rs.privacyeurope@medtronic.com.

DEFINITIONS

By "Personal Information" we mean any information which relates to an identified/identifiable natural person, in other words, any information which can lead to knowing who you are (either directly or indirectly) also called "Personal Data" or "Personally Identifiable Information".

By "Sensitive Personal Information", we mean any Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade- union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Also known as Special Categories of Personal Data.

By "Processing" we mean any operation performed on Personal Information, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restrictions, erasure or destruction.

By "Lawful Basis" we mean the legal grounds on which Personal Information is processed. These include: Consent, Performance of Contract, Legal Obligation, Legitimate Interest, Vital Interest & Public Interest.