Effective July 2023
This website notice of certification to the EU-US Data Privacy Framework is intended to inform you about the specific Cook Group companies that have certified their adherence to, and comply with, the EU-US Data Privacy Framework as set forth by the US Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Union and/or the United Kingdom, as applicable to the United States in reliance on Data Privacy Framework. The Cook Group companies that have certified are:
- Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
- Cook MyoSite, Incorporated (Cook MyoSite), which is headquartered in Pittsburgh, Pennsylvania
- MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana
- Cook Biotech Incorporated (Cook Biotech), which is headquartered in West Lafayette, Indiana
For ease of reference, these companies are collectively referred to as the “Cook Data Privacy Framework Companies” in this Website Notice. For additional information about the EU-US Data Privacy Framework, or to view Data Privacy Framework certifications of the Cook Data Privacy Framework Companies on file with the US Department of Commerce, please visit https://www.dataprivacyframework.gov/s/.
The Cook Data Privacy Framework Companies have filed certifications with the US Department of Commerce confirming their adherence to the Data Privacy Framework for EU personal information transferred to the US, in relation to the following types of personal information: clinical research, patients, human resources, customers, and suppliers. The Cook Data Privacy Framework Companies limit their collection, processing, and storage of that personal information to situations where they have a legitimate business interest in the information.
In certain situations, the Cook Data Privacy Framework Companies entrust personal information pertaining to EU individuals to third-party partners who assist those companies with their business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. The third parties may include, for example, research recruitment partners; research sites; ethics committees; investigational review boards; IT security partners; auditors; health authorities; business partners assisting with patient data such as in relation to patient registries, signal detection, adverse event reporting, quality improvement, custom device manufacturing and regulatory oversight; organizations assisting with recruitment or human resource activities relating to active or retired personnel, such as those assisting with job applicant websites, immigration, pensions, or other benefits; those assisting in the customer context, such as medical professionals and their staff members who interact with the Cook Data Privacy Framework Companies in relation to the medical devices that Cook Group develops; and those assisting in the supplier context, such as third parties that provide equipment, services, or other materials to the Cook Data Privacy Framework Companies in connection with their business activities. The Cook Data Privacy Framework Companies take steps to ensure that the third parties entrusted with personal information uphold an equivalent level of protection for the data to that required under the Data Privacy Framework. The Cook Data Privacy Framework Companies also understand that they can be held responsible if their business partners entrusted with EU personal information violate those obligations.
In compliance with the Data Privacy Framework principles, the Cook Data Privacy Framework Companies commit to resolve complaints about their collection or use of personal information. EU individuals with inquiries or complaints regarding the Data Privacy Framework policies or practices should first contact us at:
In accordance with its Data Privacy Framework commitments, the Cook Data Privacy Framework Companies have adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information within forty-five (45) days of receipt.
Third-party dispute resolution
The Cook Data Privacy Framework Companies have committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Data Privacy Framework complaints for all types of EU personal information encompassed within the Data Privacy Framework certification of the Cook Data Privacy Framework companies. If you do not receive timely acknowledgement of your complaint from the relevant Cook Data Privacy Framework Company, or if the company has not addressed your complaint to your satisfaction, you have the right to contact the EU supervisory authorities for more information or to file a complaint. The services of EU supervisory authorities are provided at no cost to you.
Regulatory oversight and enforcement
The Cook Data Privacy Framework Companies are also subject to investigatory and enforcement authority of the US and EU agencies who oversee the Data Privacy Framework, namely the US Federal Trade Commission and the relevant European supervisory authorities. Individuals also have a right to file a complaint with those oversight agencies, particularly if they believe their complaint was not satisfactorily resolved through the company.
Right to binding arbitration
Under limited circumstances and in accordance with the Data Privacy Framework, EU individuals may be able to invoke binding arbitration before a Data Privacy Framework Panel. Rights of Individuals to Access Their Data: EU individuals have the right to access personal information about them, and to limit the use and disclosure of their personal information. The Cook Data Privacy Framework Companies have committed to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact DataProtectionEurope@CookMedical.com or call +353 61 334440 to speak with our Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O’Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. Please note that there are certain limitations on these rights, as described in the Data Privacy Framework.
Law enforcement requests
The Cook Data Privacy Framework Companies are required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.
If there is any conflict between the terms in this privacy statement and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.