For healthcare professionals and other customers
Effective May 12, 2018
This Data Protection Notice is provided by Cook Group Incorporated, including its worldwide subsidiaries and affiliates (“Cook”). It is intended to inform healthcare professionals and other customers with whom we interact about how we collect, process, safeguard, share, and store their Personal Data, as well as their rights in relation to that Personal Data.
As a world leader in medical devices, Cook collects certain types of Personal Data in connection with our sales and marketing activities with healthcare professionals and other customers, through Cook’s website(s) and in other interactions. Depending upon the interaction, and in accordance with applicable laws and business obligations, the information that we collect may include the following:
- Business contact details (if and when applicable): name of healthcare organization and healthcare professional(s) interacting with us; job titles/medical specialty; business address; address of invoicing if different; telephone numbers; fax number; business e-mail addresses; internal identification number of the customer; tax identification number (if warranted); the names of individuals to contact at the organization; after hours/emergency contact information (such as for any urgent patient needs); and preferences for how to contact them.
- Data related to the performance of the commercial contract and/or the commercial relationship (if and when applicable): including but not limited to information about the healthcare organization and its business; commencement of the business relationship; devices/products of interest; purchase history; frequency and overall amount purchased; contact history (sales calls, inquiries, etc.); website and other program enrollments and cancellations; Cook employees who interact with the customer; correspondence and service interactions; information gathered through satisfaction survey participation and customer feedback requests; any marketing preferences that have been requested by the healthcare professional/ organization; feedback from the healthcare professional/organization about their preferences to best meet their needs (i.e., would like devices shipped on first of the month, wants to be contacted about new products, etc.). If you are a presenter at one of our events, we may collect your photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances and with your consent.
- Data related to the customer’s orders and payments (if and when applicable): specific order deliveries (including address); delivery conditions; billing and payment terms and conditions; discounts, account status, returns, creditworthiness reviews and credit approvals (to extend credit on purchases); bank details for incoming or outgoing wire payments; and redacted credit card numbers.
- Data collected for patient safety-related purposes (if and when applicable): information and training on proper use (sizing, placement, etc.) of medical devices and their component parts; collection, follow-up and reporting of any adverse experiences; feedback about favorable patient experiences; recommendations or insights about ways in which Cook can further improve its devices or the information about their use; and information about new labeling or other safety related updates pertaining to Cook’s products.
- Data collected for legal and compliance purposes (if and when applicable): import and export information, collection or creditworthiness checks, tax and regulatory obligations, information required for any regulatory inspections, inquiries, or audits; reporting of any payments to healthcare professionals under the laws of certain countries (including the Sunshine Act laws—see below) and other information of a legal nature. For certain customers (such as those outside of the United States) and consistent with applicable laws, Cook may also collect information to comply with customs and trade laws, as well as anti-terrorism requirements.
- Data related to regulatory disclosure fulfillments (if and when applicable): information relating to contracts (agreements) with healthcare professionals (other than those for the purchase of goods or services), including, for example, those relating to sponsorships, education or consultant work for Cook; and information relating to the provision by or on behalf of Cook of any other items of monetary value, such as lunches or any tangible items. Under the laws of certain countries, this information must be provided to national authorities and some of it is publicly available, including the name of the recipient and the surrounding details.
Cook limits the Personal Data that it collects to that which is relevant and proportionate for the intended purpose. We also take reasonable steps to ensure that the Personal Data collected from healthcare professionals and other customers is accurate, complete, and where necessary, up-to-date in accordance with the purposes for which it was collected. As part of this undertaking, we encourage healthcare professionals and other individuals to keep their Personal Data on file with us updated, so that we can continue to provide optimal service to you.
Cook processes (uses) the Personal Data collected from healthcare professionals and other customers to fulfil the intended purpose of the collection. In addition, Cook may use the information for related business purposes that can reasonably be inferred from the interaction, such as to respond to any questions or inquiries from you, inform you about our products or services that may be of interest to you, for financial and legal compliance purposes (as applicable), for internal auditing and self-evaluation purposes, and to help the company evaluate new and better products for patients.
With respect to any sales or marketing activities, healthcare professionals and other customers have the right to withdraw consent to use their data. They can do so by contacting Cook using the contact details contained in this Notice. If consent is withdrawn, Cook will not engage in any further processing of the data, except as may be required for legal or compliance reasons.
Cook limits access to Personal Data collected from healthcare professionals and other customers on a need-to-know basis, in connection with the performance of our professional activities. We never sell or share Personal Data pertaining to healthcare professionals (or other individuals) with third parties for their own separate use. Rather, on a limited basis, we may share relevant data with third parties who assist us with healthcare professional activities, such as order fulfillment, providing information in response to requests, or ensuring appropriate use of our devices. If so, Cook first requires that those business partners provide written assurances that they will process the data only in accordance with Cook’s instructions and that they will uphold an equivalent level of protection for the data.
Within our organization, individuals (i.e., workforce members and contractors) are only given access in accordance with their job responsibilities for Cook and where applicable, must sign appropriate confidentiality agreements before they are given access to any Personal Data.
To the extent that we are required to provide access to any healthcare professional or other customer information to third parties who are not our business partners (data processors), such as in connection with legal or tax reporting obligations, we take steps to limit the data to that which is required for the specific purpose and take steps to ensure that the data is adequately safeguarded.
Cook has put in place appropriate technical and organizational security measures that are designed to prevent unauthorized or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration or damage to the Personal Data that it collects about healthcare professionals and other customers.
Irrespective of whether the data is stored in paper or electronic form, these measures are intended to ensure an appropriate level of security in relation to the risks inherent to the processing and the nature of the data to be protected and are also applied in a manner consistent with applicable laws and regulations.
As noted above, we apply limitations to the access of the Personal Data of healthcare professionals and other customers such that the data is only accessible to those individuals who require access to perform their job responsibilities. However, as a global organization, and consistent with our business practices for safeguarding Personal Data, we may store the data in secure, centralized systems. As such, your data may be accessible to authorized, limited persons located in, or stored in, countries other than your country of residence. Although there are variations in the data protection laws and level of protection of Personal Data from country to country, Cook takes steps to ensure that your data is appropriately safeguarded and transferred in a manner consistent with the applicable data protection laws of your country, irrespective of its location. You understand that it may be shared with other affiliates within Cook and/or transferred out of your country of residence, in accordance with the limitations and safeguards in this Notice.
Access, rectification, and erasure
Consistent with applicable laws, Cook provides healthcare professionals and other customers with the opportunity to examine their Personal Data held by Cook, and the right to request that their data be amended if it is incomplete or inaccurate. Healthcare professionals and other customers may also request erasure (deletion) of their Personal Data in certain circumstances such as if it was collected in an unlawful manner or in violation of applicable laws. This right may also extend to third parties with whom Cook may have shared your Personal Data
You may unsubscribe at any time in relation to the use of your Personal Data for marketing related purposes. You can do so by using the Contact page on our website(s). If you choose to unsubscribe, we will stop using your data for any new marketing-relating purposes.
Should you have any questions or concerns about your Personal Data, or in the event that you wish to contact us for any other reason relating to your data, you may email us at Privacy@CookGroup.com, or write to us at: Cook Global Privacy Office, Cook Group Incorporated, 750 Daniels Way, P.O. Box 1608, Bloomington, Indiana 47402.