Last updated July 2017
This statement includes information about:
- Personal Data and/or Sensitive Personal Data We Collect
- How We Use Personal Data/Sensitive Personal Data We Collect and How We Justify it
- Personal Data or Sensitive Personal Data We Share
- How We Hold and Protect Personal Data
- International Data Transfers
- Your Rights and Choices
- Storage periods
- How to Contact Us
- For More Information
The privacy of our customers, our vendors and suppliers, patients who use our products or services, as well as the visitors of our websites is important to us and we are committed to protecting and maintaining your privacy.
- United Kingdom
The type of data we collect from you will depend upon the type of interaction you have with us:
- From our customers and vendors:
When you are a customer or vendor, we may collect the following types of personal data in the context of our interaction with you: full name, employer name, work contact details (including address, phone number, fax number and email address), account number, financial information (including card number, card expiration date, bank details and VAT-number), credit check information, logo, photos, biographies and CV’s for educational programs, contract information (including start and end date of rental of products), insurance information and order and delivery information (such as ship to locations);
- From patients who use our products or services:
When you are a patient using one of our products or services, we may collect the following personal data or sensitive personal data about you: your name, date of birth, date of death, gender, address, phone number, identification number, wound details (including descriptions, measurements and photographs), other health-related information, therapy information (including therapy date, prescription information and diagnosis), and health insurance details;
- From job applicants:
When you apply for a job at Acelity we may collect the following personal data: full name, contact details (i.e., address, phone number and email address, etc), date of birth, driver’s license details, passport details, work permit if applicable, employment history and education details, names and contact details of referees, next of kin details (in the event of an emergency), bank details, tax code, previous employment with Acelity entities. Information not relevant to the application will not be collected; and
- From visitors of our websites:
In addition to the data which you actively provide to us through our websites (for example, by completing online forms or asking us to remember your preferences), we may collect certain personal data by automated means, such as cookies, internet tags, web beacons and similar automated data collection means when you visit our websites.
Cookies are files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings on your device. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. Please note, however, that without cookies you may not be able to use all of the features of our websites and online services.
The providers of third party plug-ins and widgets on our websites, such as embedded videos and social media-sharing tools, may use automated means to collect information regarding your use of the websites and your interactions with the plug-ins and widgets. This information is subject to the privacy policies or notices of the providers of the plug-ins and widget.
We use the following types of cookies:
|Name of Cookie||Purpose of Cookie||Session/Persistent Cookie|
|JSESSIONID||Used by the website to keep track of site visitor interactions between their browser and the website||Session|
|ServerID||Used by the website to maintain a consistent user experience for the site visitor||Persistent (20 minutes)|
|_ga||Used to distinguish individual users who have visited the web site||Persistent (2 Years)|
|_gat||Used to restrict the number of requests being sent to Google Analytics||Persistent (10 minutes)|
To the extent required by local applicable law, we will obtain your consent before collecting your personal data via cookies or similar automated means.
In general, we may collect the above mentioned personal data or sensitive personal data from individuals when they:
- contact us by phone, email, post or via the website;
- manage or change their accounts;
- subscribe to receive our newsletter or promotional materials or sign up to a mailing list; and/or
- participate in surveys or competitions and other promotional activities.
Furthermore, we may collect personal data in a variety of ways depending on your interaction with us:
- From our customers, when they:
- request the supply and/or delivery of one of our products or services;
- request a quote for our products or services;
- arrange payment for use of our products or services;
- register for and/or attend one of our education or training sessions; or
- submit an application for an educational or research grant.
- From our vendors or suppliers, when they enter into a contract for the delivery of products or services to us, as well as during the performance of such contract.
- From patients who use our products or services, we may collect personal data or sensitive personal data during the clinical management process directly from the patient when using our products or services, as well as from their treating doctor, clinic, hospital, nursing service providers, duly authorized representatives, and health insurers.
- From job applicants, when they apply for a job at Acelity via post or in any other way, as well as from recruiters we have retained and from referees which have been provided by the job applicants in support of their job application (where required, consent is obtained from applicant before approaching previous employers).
- From visitors of our websites, when they visit and interact with our websites and any other webpage that we own and manage.
From time to time, you may be able to visit our websites or deal with us anonymously or by pseudonym. However, please be aware that, if you do not provide us with certain personal data that we require, we may not be able to provide you with the products and/or services that you seek.
- We process personal data when it is necessary for the purposes of the legitimate interests pursued by us and/or by a third party partner, except where such interests are overridden by the interests or fundamental rights and freedoms of individuals, such as the following:
- Collecting and analyzing product performance, service and reliability data;
- Organizing education and training sessions for healthcare professionals in respect of the use of our products;
- Carrying out market research and product development;
- Reviewing and processing Educational and Research Grant Applications;
- Training our staff; and
- Conducting our internal business and management processes, for example, accounting, auditing and master data management.
- We also process personal data when it is necessary for complying with our obligations under local national applicable law, including our statutory and financial reporting, adverse event reporting, and tax obligations.
- In addition, we process personal data when it is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract, such as the following:
- Service delivery and order fulfillment, for example, providing our products to hospitals for use with patients and arranging for the pick-up and delivery of our products to patients in their homes;
- Liaising with treating doctors, specialists, hospitals and nursing service providers in respect of the delivery of our products or services to patients and their ongoing treatment using our products or services;
- Liaising with private health insurers;
- Facilitating and managing the treatment of patients using our medical therapy products in their home;
- Invoicing, managing accounts and carrying out debt-recovery functions;
- Collecting and processing payments, including processing credit card payments;
- Performing credit checks;
- Providing customer and/or technical support and other customer relationship management functions (for example, enabling the fitting, activation, maintenance and management of a patient’s use of our products);
- Dealing with enquiries or complaints and resolving disputes; and
- Engaging and partnering with speakers and consultants for medical education programs.
- Finally, we process personal data when the individual has given (explicit) consent to the processing of his or her personal data for one or more specific purposes. This is the case for the following purposes:
- Marketing our products or services by post or, when you have given us permission to do so, by telephone, email, text messaging or other established electronic methods;
- Any other purposes of which we have informed you at the time of the data collection.
In addition to the purposes listed above, personal data and/ or sensitive personal data collected from you during your visit to our websites may be used to:
- provide better website services and customize the website based on your preferences and interests;
- compile statistics and analyze trends about the use of our websites;
- perform market research;
- create reports for internal use to develop programs, products, services and content; and
- provide aggregated “traffic statistics” and “response rates” to third parties.
Acelity limits the processing of your personal data and/or sensitive personal data to what is strictly necessary for the purposes for which it is collected.
Acelity discloses personal data or sensitive personal data to the following third parties in certain circumstances:
- to other members of the Acelity corporate group (including those who may be located outside the EU) on a need to know basis to conduct global business operations;
- to third party partners who we engage to help us run our business - such as couriers and other delivery service providers to arrange the delivery/collection of our products, pay roll service providers, debt collection agencies and other parties that assist with debt-recovery functions, external partners supporting the delivery of our training activities/certifications;
- to our professional advisors, including lawyers, accountants, tax advisors and auditors;
- to law enforcement and/or regulatory bodies, Courts of law or to other third parties as otherwise required or authorized by law and/or for the purposes of resolving complaints or disputes both internally and externally or to comply with any investigation by one of those bodies;
- any other person or for any other purposes of which we have informed you at the time of the data collection.
Certain personal data of patients who use our products or services will also be disclosed to their treating doctors, specialists, hospital staff, third party nursing service providers, care giver, duly authorized representatives and private health insurers.
All Acelity third party partners are required to restrict their use of this information to the purpose for which it was provided. Where required by local national applicable law, Acelity will obtain consent before sharing data with third party partners, including the same group company entities.
The security of your personal data and/or sensitive personal data is given a high priority. We have implemented appropriate technical and organizational measures in order to ensure a level of security appropriate to the risk, including both physical and electronic security measures, including:
Conducting Data Privacy Impact Assessments when processing is likely to result in a high risk to the rights and freedoms of individuals;
• The pseudonymisation and encryption of personal data, in particular when transferring sensitive data;
• The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, such as by storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
• The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security
• The use of passwords, locked storage, cabinets in hosted facilities and secured storage rooms.
All electronic data, hardcopy documents, forms and other personal data held is securely stored and, when no longer required, is shredded, destroyed and/or otherwise disposed of, unless required by local national applicable law.
We may transfer your personal data and/or sensitive personal data to recipients located outside of the EU or Switzerland, for example, when we store your data on servers that are located at our headquarters in the U.S. In each case, Acelity shall take the necessary measures to ensure that all personal data and/or sensitive personal data transferred to recipients in countries outside of the EU or Switzerland receives an adequate level of protection as required by EU and Swiss data protection law. Acelity has implemented appropriate international data transfer agreements based on the EU Standard Contractual Clauses.
Where required by local national applicable law, with regard to your sensitive personal data, your explicit consent will be obtained.
If you provide us with personal data and/or sensitive personal data of other individuals, for example a doctor providing health or therapy information from individuals you acknowledge that you have informed the concerned individuals and/or their legal representative about the disclosure of their data to us and, obtained their consent for such disclosure. You may withdraw any consent you previously provided to us.
You may request access to the personal data and/or sensitive personal data we hold about you or request that we correct, amend, or restrict the processing. You also have the right to rectification or erasure, subject to record retention requirements. You may also have the right to data portability, the right to not be subject to automated decision-making producing legal effects such as profiling as well as the right to complain to the data protection authority.
You may also object to the processing of your personal data for direct marketing purposes or object at any time on legitimate grounds to the processing of your personal data or sensitive personal data, and we will apply your preferences going forward. To exercise one of these rights, send an email to email@example.com.
If you are a healthcare professional, we will use your personal data for the purposes of marketing our medical therapy products or services or to inform you of new products, promotions or events, including training sessions that we believe you may be interested in. We will obtain your opt-in consent for the use of your personal data for marketing purposes, where this is required by local national applicable law. In any event, you can always opt-out if you no longer wish to receive our marketing communications from us by:
- writing to us at the contact details in Annex A and informing us that you no longer wish to receive these marketing materials;
- in relation to any direct marketing email, clicking the “unsubscribe” link at the bottom of each email; or
- informing your usual Acelity representative.
We take reasonable steps to ensure that the personal data and/or sensitive personal data we hold about you is accurate, complete and up-to-date. To ensure that we have your most current personal data, please contact us by writing to us at the contact details in Annex A or send an email to firstname.lastname@example.org when your data changes.
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law. In addition, depending on the circumstances of each case, personal data may be stored until the statute of limitations in which legal claims can be brought against us has expired.
If you have any concerns or complaints about a breach of your privacy or have any questions about the way we handle your personal data or sensitive personal data, please contact us by sending an email to any of the Acelity Group of Companies listed in Annex A at email@example.com. For German speaking preference, contact DatenSchutzGE@acelity.com.
ANNEX A – EU/EEA Acelity Entities Contact Information
|Country||Responsible KCI entity||Address|
|Austria||KCI Austria GmbH||
Vienna, Austria A1230
|Belgium||KCI Polymedics BVBA||
Peer, Belgium 3990
|Denmark||KCI Medical ApS||
Soborg, Denmark 2860
|France||Laboratoire KCI Medical||
6 Rue Jean-Pierre Timbaud
Le Campus, Bat A
Montigny-Le-Bretonneux, France 78180
|Germany||KCI Medizinprodukte GmbH||
Hagenauer Strasse 47
Wiesbaden, Germany 65203
|Hungary||KCI Hungary Kft||
Váci út 76.,
Budapest, Hungary 1133
|Ireland||KCI Medical Limited||
2050 Orchard Avenue
Cltywest Business Campus
County Dublin, Ireland
39/40 Upper Mount Street
Dublin 2, Ireland
|Italy||KCI Medical Srl||
Viale Enrico Forlanini
21 Edificio 23
Milano, Italy 20134
|Netherlands||KCI Europe Holding B.V.||
Utrecht, Netherlands 3528 BJ
|Netherlands||KCI Medical B.V.||
Utrecht, Netherlands 3528 BJ
|Spain||KCI Clinic Spain S.L.||
Calle Labradores, Manzana 25, nave 5
Polig Urb. Prado del Espino
28660 Boadllla dei Monte
|Switzerland||KCI Medical GmbH||
Rumlang, Switzerland 8153
|United Kingdom||KCI Medical Limited (UK)||
11 Nimrod Way
Ferndown Industrial Estate
Dorset BH21 7SH
|United Kingdom||KCI UK Holdings Ltd||
11 Nimrod Way
Ferndown Industrial Estate
Dorset BH21 7SH
|United Kingdom||Systagenix Wound Manufacturing Limited||
|United Kingdom||Systagenix Wound Management Limited||
2 City Place
Beehive Ring Road
West Sussex, United Kingdom RH6 OPA