Data protection notice for events

Effective January 2026

Thank you for considering our invitation to attend a Cook Medical event (the “Event”). We respectfully provide this data protection notice to you to inform you about how your personal data will be collected, processed, and safeguarded by us as part of your attendance at this Event and how you can contact us to change your preferences or otherwise exercise your rights in relation to your data. This notice is provided in addition to other data protection notices such as Cook’s Data protection notice for customers. Cook employees should refer to their regional Cook employee data protection notice for any supplemental information.

Please note, where you are registering for an Event on behalf of another individual, you should bring the contents of this notice to their attention.

Data collection

Depending on the Event and our business and legal obligations, the personal data collected may include name, home or hospital address, email address, phone number, work position, bank account details (in the event of reimbursement of expenses), your feedback on the Event, and any relevant travel details (e.g., preferred travel time, airline, and/or food preferences so we can issue your travel arrangements to you).

Where the Event is virtual in nature, Cook may use a Cook-approved enterprise video conferencing solution for hosting purposes, and the following personal data may be processed when logging in: participant name (required), registration data (e.g., email address, IP address), usage information (e.g., connectivity data, geographic region, browser type, unique user ID, phone number if calling in, meeting start/end time), meeting metadata (such as participant IP address), and/or meeting recordings, including uploaded presentation material (e.g., text, audio, or video data if using the chat function or if you show your camera). The extent of the personal data processed will depend on what data you provide before or during participation.

Please note, if the Event is recorded, you will be notified at the outset of the Event that a recording is taking place, and if required, we will obtain your consent.

In general, we do not require you to provide any special categories of personal data (otherwise known as sensitive personal data). However, there may be circumstances where you need to provide this information, such as passport details, in connection with your travel and participation in the Event (e.g., in relation to facilitating wheelchair access for in-person Events); we (or the travel agent) collect such information for this purpose only and with your consent where required under applicable data protection laws.

In addition, where we are required to provide notification or obtain approval on behalf of your employer/management, we may need to collect your manager’s name, email address, and relevant signatures for confirmation of your participation. In certain countries, we have legal reporting obligations on payments for healthcare professional activities, which also include physician details.

Media release notice

During Cook Events, your likeness (video, photo, or voice) may be collected and/or recorded via various media (the “Recording(s)”). Cook may use the Recording(s) to promote Cook Medical, the Event, and similar or related events through various internal and external channels, including social media, print, web, internal Cook newsletters, memos, blogs, and for Cook’s educational and training purposes. Cook will take all reasonable steps to make you aware of any Recording(s) taking place and use them in line with your expressed preferences.

Should you wish to withdraw your authorization to the use of the Recording(s) by Cook at any time, you should notify Cook at Media.Release@CookMedical.com (include the Event name, date, and location in the subject line) or contact the Data Privacy team at the regional contacts listed below. This will not affect the lawfulness of any processing of your data that is carried out by Cook before your consent is withdrawn.

Data processing purposes

Cook uses the personal data collected from Events only for the purposes for which it was collected, and any compatible purposes permitted by law. We may incorporate new software, systems and platforms (third-party and internal), such as artificial intelligence (AI) and other automated methods of processing, into our products, services, operations, and business activities. If these technologies involve processing personal data, such processing will be restricted to the purposes outlined in this Notice and/or any additional privacy notices presented.

The personal data that we collect is limited to that which is necessary for these actions:

• The organization and management of the Event by our medical education and/or events teams (“Cook Teams”), and the facilitation of your registration, attendance, and participation in the Event.
• The ability of our travel team and travel agent to make the necessary travel, accommodation, and registration bookings, and for related accounting and compliance purposes, including any legal/regulatory reporting or disclosure obligations, such as those required under the Sunshine Act laws.
• The arrangement by our Cook Teams for any follow-up actions deemed necessary after the Event, such as reimbursement of expenses and/or the collecting/sharing of the Event recording/presentations among participants, as well as the collection of post-Event feedback (e.g., through an optional post-Event evaluation survey).
• To train and develop AI models, which we will treat as a separate activity. As a result, we will only use your personal data for this purpose if we have an appropriate valid legal basis under applicable data protection laws, for example, your consent or our legitimate interests, and have fulfilled the necessary legal obligations, including the implementation of safeguards.

Legal basis for collection

Depending on the circumstances, our legal bases for processing your personal data include the following:

• Where we need to perform the contract we are about to enter into, or have entered into, with you, or
• Where we have a legal or regulatory requirement to collect the data, or
• Our legitimate interests in the management and effective execution of our virtual and in-person Events, facilitating your attendance and travel in connection with our business needs, as necessary to comply with our legal or regulatory obligations, and
• If you provide any special categories of personal data to us, and in some jurisdictions for non-sensitive personal data, including China and Korea as the case may be, our legal basis is your consent.

Information shared

Cook limits access to your personal data to a need-to-know basis in connection with your travel to and attendance at the Event as well as for any follow up. Where we do share your personal data, we limit the transfer to the information that is necessary under the circumstances. For example, access to your data is given to Cook Group companies who require access for the purposes listed above. Cook may disclose your personal data to third parties who are data controllers in their own right only in circumstances where Cook has a legal basis to do so (such as travel agency, accommodation provider, transport provider, payment provider, accountants, auditors, other companies in relation to corporate restructuring or sale, etc., and legal advisors). We may also disclose your personal data to our third-party service providers (data processors) for the purposes listed above. To the extent possible, any such service providers acting as data processors who may have access to your data through Cook are required to provide written assurances to us that they will use the data only for the purpose for which they are engaged and to uphold a level of protection equivalent to that provided by Cook. We may also disclose to government authorities, law enforcement and/or judicial authorities, and to other companies in relation to corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Cook or any of its affiliates. Cook will comply with all legal requirements and regulatory standards in respect of the provision of your personal data to any third party.

Data security

Cook has put in place appropriate technical, physical, and administrative security measures to help prevent unauthorized or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration, or damage to, the personal data that it collects. These measures are intended to ensure an appropriate level of security in relation to the risks inherent to the processing and the nature of the data to be protected and are applied in a manner consistent with applicable laws and regulations. Cook evaluates these measures on a continuing basis to help minimize risks from new security threats as they become known.

International transfers

As a global organization, Cook stores data in secure, centralized systems and uses service providers based globally. Accordingly, personal data may be stored in, accessible to, authorized to, or limited to persons located in the US and/or countries other than your country of residence. In accordance with applicable data protection laws, Cook has put in place appropriate measures to ensure an adequate level of protection for personal data and applies those measures irrespective of where the data is processed or stored. Where we transfer personal data out of the EEA/the UK and other applicable jurisdictions and there is no adequacy decision in respect of any country to which your data is transferred, Cook adopts appropriate measures to ensure that your data is protected in accordance with the requirements of applicable privacy laws and that Cook’s data transfer obligations are met, such as by executing an agreement in the form of Standard Contractual Clauses approved by the applicable government organization. Where required by applicable data protection laws, we will also seek your consent to transfer your personal data. 

In addition, certain Cook Group companies have certified to and comply with one or all of the following data privacy frameworks, as set forth by the US Department of Commerce, i.e., EU-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and Swiss-US Data Privacy Framework. For more information on these data privacy frameworks or to view our certifications, please visit Cook Group Incorporated’s Data Privacy Framework Notice and https://www.dataprivacyframework.gov/s/.

Retention

We retain personal data in accordance with our legal obligations and for no longer than is necessary for the purposes for which it was collected. The data is then securely destroyed. When assessing the data retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Individual rights

In accordance with applicable laws, you may have rights in relation to your personal data. These include, where applicable, the right to access, correct, erase, object to the processing of, and restrict the processing of your data and the right to request the transfer of your data to another party. Depending on your place of residence, certain exceptions and additional rights may apply to you, and Cook upholds them in accordance with the regional/local requirements. You will not have to pay a fee to exercise these rights, except where your request is clearly unfounded or excessive.

Contact us

For additional information about Cook’s privacy and security practices or to exercise your rights, kindly contact us at Privacy@CookGroup.com. Alternatively, you may email or write to us at: