ATRICURE PRIVACY NOTICE

AF Connect

 

1. Purpose

  • AF Connect is a website built and maintained by AtriCure, Inc., a medical device company that provides innovative solutions designed to decrease the global atrial fibrillation (Afib) epidemic. Our first responsibility is to the patients and customers we serve and as part of that service, AF Connect is committed to safeguarding your privacy.
  • This Privacy Notice (“Notice”) explains our information practices and the choices you can make about the way your Personal Data is collected and utilized throughout this website. This Notice does not apply to information we may collect and use offline or through other sources. This Notice does apply to all personal data we collect about customers, suppliers and website visitors. We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this privacy statement or as permitted by law, including the European General Data Protection Regulation (GDPR).

 

2. Scope

  • This standard applies to all AtriCure Workforce members whose work involves processing PHI in relation to AtriCure’s Group Health Plan, as well as Vendors, and other individuals working or providing services at the direction of AtriCure or who have access to PHI processed by AtriCure.

 

3. References

  • General Data Protection Regulation (“GDPR”)

 

4. Definitions

GDPR General Data Protection Regulation, EU 2016/679.
 
Criminal Personal Data Any personal data that provides information on persons’ criminal convictions or offences.
Controller The legal person, administrative body or any other entity which, alone or in conjunction with others, determines the purpose of and means for processing of personal data.
 Processor The person or body which processes personal data on behalf of the controller.
 Personal Data Any information relating to an identified or identifiable natural person (e.g. a person whose identity can be established reasonably without disproportionate effort by means of name, address and date of birth). By way of example but not limitation, video and voice recording is also personal data if the video images or the voice recording is identifiable to a natural person. If financial data (such as bank statements) relate to an identifiable natural person, such information is considered personal data.
 Processing Collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction or any other operation performed on personal data.
Special categories of personal data  

Any Personal Data that provides information on persons’ religious or philosophical beliefs, race, political opinions, health, sexual life, genetic data, biometric data for the purpose of uniquely identifying a living person or membership of trade unions.

 

5. What categories of data are being processed by AtriCure?

  • Please contact privacy@atricure.com for any questions related to the processing of your personal data related to AF Connect.
  • Our internal Data Privacy Officer can be contacted as indicated below:
    Nicolas Albarracin
    E-mail: nalbarracin@atricure.com
    Address: AtriCure B.V., De Entree II, De Entree 260, 1101 EE, Amsterdam, The Netherlands

 6. General Procedures

  • Personal data collected and processed for AF Connect
    • This Privacy Notice describes the collection of Personal Data through our websites. The following are examples of data subjects from whom we may collect personal data:
    • Visitors to our websites, when contacting us via email or through online forms:
      • AtriCure respects the privacy of visitors to our website and as such, you may browse many areas without providing any Personal Data. Should you choose to contact us, you will be asked to provide your contact information, including your name, email address and phone number. Our Cookie notice is listed below.
    • Licensed medical professionals, through dedicated parts of our website:
        • Certain dedicated areas of the AtriCure website contain information intended only for licensed medical professionals. Accordingly, AtriCure reserves the right to limit these areas to those persons who register and meet the qualifications imposed by us.
        • Licensed medical professionals who choose to register in order to access password-protected areas of the website will be required to provide their contact information, including their name, email address, mailing address and phone number, and their professional qualifications, including professional and clinical affiliation.
        • We also collect your username and password when you log into the website. We never ask for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences unless it is required through a legal obligation.
  • How we use disclosed personal data
    • In this section, we set out the purposes for which we use Personal Data, explain how we share your personal data, and identify the “legal grounds” on which AtriCure relies to process the personal data. These “legal grounds” are set out in the GDPR, which allows Controllers to process personal data only when the processing is permitted by the specific “legal grounds” set out in the GDPR. The description of the legal grounds we rely on are provided below:
      • Contract performance – Processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering a contract.
      • Consent-Processing based on your explicit consent, which may be withdrawn at any time.
      • Compliance with a legal obligation-Processing is necessary for compliance with a legal obligation in the European Union to which we are subject.
      • For our legitimate business interestsProcessing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data. These legitimate interests are set out next to each purpose.
  • Purposes And Legal Bases For Processing Your Personal Data
    • Communication purposes
      • We may use your personal data to respond to questions or comments, communicate with you about our programs, products, and services, and solicitation of information through surveys. Legal basis: Contract performance.
    • To assess your suitability for working with us
      • We may use your Personal Data when you are interested in applying for a job at AtriCure and choose to submit resume information by email. Legal basis: performance of our contract with you or the preparation thereof; and for our legitimate business interests (to enable us to effectively recruit staff and to enable us to share your personal data with our affiliates).
    • For security purposes and to analyze and continuously improve our website
      • We may use Personal Data for testing and improving the design, content, and functionality of our website, the security thereof and for further tailoring our website to our user’s needs (including by estimating and measuring usage patterns). Only in very exceptional circumstances will we use personal data for testing purposes and if this is necessary, always in a closed and secured environment.
        Legal basis: performance of our contract with you; and for our legitimate business interests (to enable us to ensure the security of our systems and further improve the website for our users).
    • To protect our legitimate interests and adapt to changes in our business structure
      • We may disclose Personal Data in connection with legal proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants (these third parties are not data processors on behalf of AtriCure and will process Personal Data for their own purposes). We may also provide your Personal Data to any potential acquirer of or investor in any part of our business for the purpose of that acquisition or investment. Legal basis: performance of our contract with you; and legitimate interests (to enable us to cooperate with law enforcement and regulators and to allow us to develop our business).
  • Disclosure and Cross-Border Transfer of Personal Data
    • We store your personal data on our IT systems located in the United States and Europe. We transfer personal data to, or permit access to personal data from, any offices of our affiliates throughout the world, including the United States, Europe, the Middle East and Africa.
    • We have engaged various data processors for the processing of your personal data on our behalf, including IT service providers and other business service providers. We have contracts in place with our data processors, which means that they can only process your personal data based on our instructions e.g. they will not share it with third parties, unless legally required to do so, and they will retain it for the period that we instruct, in a secure manner.
    • We may be legally required to disclose your personal data in response to requests from regulators and law enforcement or security agencies, in which case these bodies will be acting as a data controller as well. We will always assess the legitimacy of such requests before disclosing any personal data and will only disclose what is required to comply with such requests.
    • We may transfer Personal Data to, or permit access to Personal Data from, countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for Personal Data as offered in the EEA. If your Personal Data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, we have put in place appropriate safeguards to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients. You can request additional information about the specific safeguards applied to the export of Personal Data from privacy@atricure.com.
  •  Cookies
    • Like most websites, certain AtriCure websites may use persistent and session “cookies” to help us serve you better on future visits, help you avoid having to re-enter information, and help us improve the functions of our website.
    • A cookie is a small text file that a website stores on your device through your browser to remember information about your visit. Cookies may be used for purposes such as session management, personalization, and tracking.
    • Should you choose to browse our website without using cookies, if you do not want us to be able to recognize your computer, then you can prevent cookies from being saved by disabling cookies from this website. Please note that it is possible that some features or services on our website may not fully function if cookies are disabled.
    • Our website makes use of Google Analytics web service from Google, Inc. Google Analytics also utilizes cookies. Examples of the items of data collected include your operating system, your browser, your IP address, the AtriCure web page you accessed, and the time and date of your visit.
      • The information generated by the text file about the use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
      • Google may also transfer this information to third parties when required to do so by law, or where such third parties process the information on Google’s behalf. This use is made anonymously.
  • Safeguarding Your Information
    • Consistent with applicable laws and requirements, including the GDPR, AtriCure has put in place appropriate physical, electronic, and administrative safeguards to protect your personal data from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.
    • We restrict access to personal data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
    • All our staff members, contractors and third parties who will have access to Personal Data on our instructions will be bound to confidentiality and we use controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.
  • Our Commitment to Children’s Privacy
    • This website is not intended for use by children under 16 years of age. No one under age 16 may provide any information to our website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this website.
    • Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.
    • If you believe we might have any information from or about a child under 16, please Contact Us on this website. This does not affect any medical information about children that may be provided by healthcare professionals in connection with product or service information requests.
  • California Privacy Rights
    • California Civil Code Section § 1798.83 entitles California residents to request information concerning whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.
    • To make such a request, please Contact Us on this website. Be sure to include your name and address. If you would like a response via email, please include an email address. Otherwise, we will respond by postal mail within the time required by law.
  • Right To Unsubscribe
    • You have the right to unsubscribe from any services that we offer if you no longer want to participate. To do so, please Contact Us on this website for additional information or follow the unsubscribe directions on the specific AtriCure website.
    • Please note that if you already have requested products or services when you decide to withdraw consent, there may be a short period of time for us to update your preferences and ensure that we honour your request.
  • Limiting collection and retention
    • We collect, use, disclose and otherwise process your Personal Data that is necessary for the purposes identified in this Privacy Notice or as permitted by the GDPR.
    • If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify you of the new purpose and, where required, ask for your consent to process Personal Data for the new purposes.
    • Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the Personal Data was collected, and any other permissible, related purpose.
      • For example, we retain your Personal Data for the periods necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfil your request to “unsubscribe” from further messages from us.
  • Your rights and or responsibilities
    • We strive to maintain Personal Data that is accurate, complete and current.
    • Under the GDPR, you have certain rights in relation to your Personal Data. These rights are described below. If you wish to exercise one these rights, please Contact Us in case of any questions. To ensure an efficient follow-up, we kindly ask you to specify your request and to indicate to which Personal Data your request relates.
    • You have the following rights (please be aware that certain exceptions apply to the exercise of these rights and so you may not be able to exercise these in all situations):
      • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to obtain a copy of it in a readable format.
      • Rectification: You may ask us to rectify any inaccurate Personal Data that we process.
      • Erasure: You may ask us to delete personal data that we no longer have a legal ground to process.
      • Restriction: You may ask us to mark certain Personal Data as restricted whilst complaints are resolved and also ask for restriction of processing under certain other circumstances.
      • Portability: You can ask us to transmit the personal data that you have provided to us and we still hold about you to a third party electronically.
      • In addition, you have the right to:
      • where processing is based on consent, withdraw the consent;
      • object to any processing of personal that AtriCure justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
      • object to direct marketing at any time.
  • These rights are subject to certain exemptions to safeguard public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will respond to requests within one (1) month. If you are not satisfied with our use of your personal data or our response to any exercise of these rights, we kindly ask you to first contact our Data Protection Officer using the contact details indicated in Chapter 5.
  • In addition, we agree:
    • that we will disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements;
  • Changes to this Privacy Notice
    • As we continue to provide additional services and as the privacy laws and regulations evolve, it may be necessary to revise or update this Notice. We encourage you to review this Notice from time to time, as you return to our website, so that you are familiar with any changes.
  • Contact us
    • If you have any questions about this Privacy Notice or the practice of the website, please contact our DPO (contact details on page 1) or Contact Us on this website.