Cook Group Incorporated’s Website Notice of Certification Under the EU-US Privacy Shield Framework


Effective March 1, 2019

This website notice of certification to the EU-US Privacy Shield Framework is intended to inform you about the specific Cook Group companies that have certified their adherence to, and comply with, the EU-US Privacy Shield framework as set forth by the US Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on Privacy Shield. The Cook Group companies that have certified are:

  • Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
  • Cook MyoSite, Incorporated (Cook MyoSite), which is headquartered in Pittsburgh, Pennsylvania
  • MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana
  • Cook Biotech Incorporated (Cook Biotech), which is headquartered in West Lafayette, Indiana

For ease of reference, these companies are collectively referred to as the “Cook Privacy Shield Companies” in this Website Notice. For additional information about the EU-US Privacy Shield, or to view Privacy Shield certifications of the Cook Privacy Shield Companies on file with the US Department of Commerce, please visit www.privacyshield.gov.

Scope

The Cook Privacy Shield Companies have filed certifications with the US Department of Commerce confirming their adherence to the Privacy Shield framework for EU personal information transferred to the US, in relation to the following types of personal information: clinical research, patients, human resources, customers, and suppliers. The Cook Privacy Shield Companies limit their collection, processing, and storage of that personal information to situations where they have a legitimate business interest in the information.

Third-party transfers

In certain situations, the Cook Privacy Shield Companies entrust personal information pertaining to EU individuals to third-party partners who assist those companies with their business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. The third parties may include, for example, research recruitment partners; research sites; ethics committees; investigational review boards; IT security partners; auditors; health authorities; business partners assisting with patient data such as in relation to patient registries, signal detection, adverse event reporting, quality improvement, custom device manufacturing and regulatory oversight; organizations assisting with recruitment or human resource activities relating to active or retired personnel, such as those assisting with job applicant websites, immigration, pensions, or other benefits; those assisting in the customer context, such as medical professionals and their staff members who interact with the Cook Privacy Shield Companies in relation to the medical devices that Cook Group develops; and those assisting in the supplier context, such as third parties that provide equipment, services, or other materials to the Cook Privacy Shield Companies in connection with their business activities. The Cook Privacy Shield Companies take steps to ensure that the third parties entrusted with personal information uphold an equivalent level of protection for the data to that required under the Privacy Shield framework. The Cook Privacy Shield Companies also understand that they can be held responsible if their business partners entrusted with EU personal information violate those obligations.

Disputes

In compliance with the Privacy Shield principles, the Cook Privacy Shield Companies commit to resolve complaints about their collection or use of personal information. EU individuals with inquiries or complaints regarding the Privacy Shield policies or practices should first contact us at:

EU
Email DataProtectionEurope@CookMedical.com
Phone +353 61 334440 to speak with the company’s
EU Data Protection Manager
EU Mail
Address
Cook Ireland Ltd.
Attn: EU Data Protection Manager
O’Halloran Road
National Technological Park
Castletroy, Limerick, Ireland
US
Email Privacy@CookGroup.com
Phone 812.331.1025 to speak with the company’s
Global Privacy Director
US Mail
Address
Cook Group Incorporated
Attn: Global Privacy Officer
750 Daniels Way, P.O. Box 1608
Bloomington, Indiana 47402-1608 USA

In accordance with its Privacy Shield commitments, the Cook Privacy Shield Companies have adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information within forty-five (45) days of receipt.

Third-party dispute resolution

The Cook Privacy Shield Companies have committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints, including those concerning human resources data transferred from the EU in the context of the employment relationship, as well as for all other types of EU personal information encompassed within the Privacy Shield certification of the Cook Privacy Shield companies. If you do not receive timely acknowledgment of your complaint from the relevant Cook Privacy Shield Company, or if the company has not addressed your complaint to your satisfaction, you have the right to contact the EU supervisory authorities for more information or to file a complaint. The services of EU supervisory authorities are provided at no cost to you.

Regulatory oversight and enforcement

The Cook Privacy Shield Companies are also subject to investigatory and enforcement authority of the US and EU agencies who oversee the Privacy Shield framework, namely the US Federal Trade Commission and the relevant European supervisory authorities. Individuals also have a right to file a complaint with those oversight agencies, particularly if they believe their complaint was not satisfactorily resolved through the company.

Right to binding arbitration

Under limited circumstances and in accordance with the Privacy Shield framework, EU individuals may be able to invoke binding arbitration before a Privacy Shield Panel. Rights of Individuals to Access Their Data: EU individuals have the right to access personal information about them, and to limit the use and disclosure of their personal information. The Cook Privacy Shield Companies have committed to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact DataProtectionEurope@CookMedical.com or call +353 61 334440 to speak with our Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O’Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. Please note that there are certain limitations on these rights, as described in the Privacy Shield framework.

Law enforcement requests

The Cook Privacy Shield Companies are required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.

Conflicts

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles will govern.