Biomet Safe Harbor Policy

Similar documents
RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

AlixPartners, LLP. General Data Protection Statement

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

Privacy Policy. February, 2015 Page: 1

Privacy Policy for Data Collected by Blue State Digital s Clients

CPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

The U.S.-EU Safe Harbor Guide to Self-Certification

LATISYS SAFE HARBOR POLICY

POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Privacy Policy documents for

GSK Public policy positions

Privacy Statement. What Personal Information We Collect. Australia

CW Government Travel Inc. Data Protection and Privacy Policy

Privacy Policy for Data Collected by Blue State Digital

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

The supplier shall have appropriate policies and procedures in place to ensure compliance with

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

U. S. EU SAFE HARBOR FRAMEWORK GUIDE TO SELF-CERTIFICATION MARCH 2009

DASSAULT SYSTEMES GROUP HUMAN RESOURCES DATA PRIVACY POLICY

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA

2. A Note about Children. We do not intentionally gather Personal Data from visitors who are under the age of 13.

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

PRIVACY POLICY. What Information Is Collected

Data Processing Agreement for Oracle Cloud Services

The Anti-Corruption Compliance Platform

1. TYPES OF INFORMATION WE COLLECT.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

PRIVACY POLICY Personal information and sensitive information Information we request from you

Privacy Rules for Customer, Supplier and Business Partner Data

Privacy Policy Last Modified: April 3,

International Data Protection Policy

Data Protection and Data security Policy

PROTECTION OF PERSONAL INFORMATION

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Kinds of information that the Company collects and holds

I. Personal data and its use in the business to business environment.

Guidelines on Data Protection. Draft. Version 3.1. Published by

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Data protection policy

FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE

GUESTBOOK REWARDS, INC. Privacy Policy

Corporate Policy. Data Protection for Data of Customers & Partners.

Johnson Controls Privacy Notice

Information Handling Policy

AIRBUS GROUP BINDING CORPORATE RULES

3. Consent for the Collection, Use or Disclosure of Personal Information

Membership of the US Safe Harbor Program by Data Processors

Data Protection Standard

3Degrees Group, Inc. Privacy Policy

Office 365 Data Processing Agreement with Model Clauses

Data Compliance. And. Your Obligations

Disclaimer: Template Business Associate Agreement (45 C.F.R )

JOB APPLICANT PRIVACY NOTICE

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

University of Limerick Data Protection Compliance Regulations June 2015

DATA PROTECTION AUDIT GUIDANCE

Data protection compliance checklist

Binding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

Credit Union Code for the Protection of Personal Information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

PRIVACY POLICY Our privacy policy discloses how we gather and use your data. In short we do not collect sensitive personal information.

Privacy Charter. Protecting Your Privacy

2. What personal information do we collect and hold?

BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY

Dublin City University

Credit Reporting Privacy Policy of Baybrick Pty Ltd

The Ten privacy principles and our commitment to them are as follows:

privacy Requirements of Lanyon Services

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion

Elo Touch Solutions Privacy Policy

DATA PROTECTION POLICY

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

CROATIAN PARLIAMENT 1364

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Privacy at Staples and Coastwide Laboratories. Customer Personal Information Privacy Policy (Effective Date: October 20, 2009)

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Merthyr Tydfil County Borough Council. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

MIS Privacy Statement. Our Privacy Commitments

Data Protection in Ireland

DESTINATION MELBOURNE PRIVACY POLICY

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010

communications between us and your financial, legal or other adviser, or your broker or agent;

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

The Manitoba Child Care Association PRIVACY POLICY

Personal Data Protection Policy

10 DATABASE PRACTICE

Data Protection Good Practice Note

Data Protection Policy

Business Associate Agreement

Transcription:

Biomet Safe Harbor Policy POLICY STATEMENT Biomet, Inc. and its subsidiaries (collectively, Biomet or us ) are committed to protecting the privacy of those who entrust us with their Personal Data. All Biomet team members and all those who do business with us in the European Economic Area ( EEA ) and Switzerland trust and expect that their Personal Data will be protected. Biomet therefore has adopted this Safe Harbor Policy ( Policy ) governing Personal Data transferred from Biomet operations in the European Economic Area and Switzerland to its operations in the United States ( U.S. ). This Policy sets forth the standards which will govern Biomet s treatment of such Personal Data. Biomet complies with the U.S.-EU Safe Harbor Framework and the U.S.-Switzerland Safe Harbor Framework administered by the U.S. Department of Commerce and self-certifies, on an annual basis, its adherence to the Safe Harbor Privacy Principles. For more information about the Safe Harbor Privacy Principles, please visit the U.S. Department of Commerce s website at http://www.export.gov/safeharbor/. DEFINITIONS Data Subject means the individual to whom any EEA Personal Data covered by this Policy refers. EEA Personal Data or Personal Data means any information relating to an individual residing in the EEA or Switzerland that can be used to identify that individual either on its own or in combination with other readily available data (e.g., the individual s name, title, work location, home address, date of birth, compensation, benefits, or family members). These terms do not include any data rendered anonymous or pseudonymous such that individuals are not identifiable or are identifiable only with a disproportionately large expense of time, cost, or labor. Sensitive Personal Data means Personal Data regarding any of the following: Health or medical condition; Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade union membership; Sex life; or Criminal convictions or indictments. 1

SCOPE AND RESPONSIBILITY This Policy applies to the collection, use, and/or disclosure in the U.S. of all Personal Data transferred from countries in the EEA or Switzerland to Biomet in the U.S., except where Biomet acts solely as an agent processing EEA Personal Data under the direction of a third party. In such situations, Biomet has no direct relationship with the Data Subjects whose personal data it processes, and for such Personal Data, Biomet instead may rely on such third parties to comply with the EEA/Swiss legal requirements underlying the Safe Harbor Privacy Principles. All employees of Biomet who have access to such EEA Personal Data in the U.S. are responsible for conducting themselves in accordance with this Policy. Adherence by Biomet to this Policy may be limited to the extent required to meet legal, governmental, or national security obligations, but EEA Personal Data will not be collected, used, or disclosed in a manner contrary to this Policy without the prior written permission of the Legal Department, Jonathan Grandon, Senior Vice President and General Counsel, 56 E. Bell Drive, Warsaw, IN 46582, United States of America, + 1 574-267-6639, Jonathan.Grandon@biomet.com. Biomet employees responsible for engaging third parties (e.g., temporary staff, independent contractors, sub-contractors, business partners, or vendors) to handle EEA Personal Data covered by this Policy on behalf of Biomet are responsible for obtaining appropriate assurance that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Policy. Failure of a Biomet employee to comply with this Policy may result in disciplinary action up to and including termination. SAFE HARBOR PRIVACY PRINCIPLES Biomet has adopted the U.S. Department of Commerce s Safe Harbor Privacy Principles, as set forth below, with respect to the EEA Personal Data described in the SCOPE AND RESPONSIBILITY section of this Policy. Notice Biomet notifies Data Subjects covered by this Policy about the types of Personal Data it collects about them, the purposes for which it uses such Personal Data, the types of third parties to which it discloses such Personal Data, the choices and means that it offers for limiting its use and disclosure of such Personal Data, and how Data Subjects can contact Biomet with any inquiries or complaints. Notice is provided in clear and conspicuous language at the time of collection or as soon as practicable thereafter; before Biomet uses or discloses Personal Data for a purpose other than that for which it was originally collected; and through this Policy. The Personal Data covered by this Policy includes human resources data, patient data, customer data, business partners, and health care provider data. The purposes for which Biomet collects and uses such Personal Data include: 2

Administration of its human resources obligations; Product customization or development; Clinical research; Complaint handling; Regulatory compliance; Marketing research regarding its products; Marketing and sale of its products; Finance and tax activities; and Other legal and business activities. Biomet may share Personal Data with vendors, suppliers, contractors, and other third parties it engages to assist with the provision of its products and services or to provide services directly to Data Subjects. Choice In the event EEA Personal Data covered by this Policy is to be used for a new purpose incompatible with the purpose(s) for which the Personal Data was originally collected or subsequently authorized, or is to be transferred to the control of a third party, Data Subjects are given, when feasible and appropriate, an opportunity to choose (opt-out) whether to have their Personal Data so used or transferred. In the event that Sensitive Personal Data is used for a new purpose or transferred to the control of a third party, the Data Subject s explicit consent (opt-in) will be obtained prior to such use or transfer of the Sensitive Personal Data. Onward Transfer (transfers to third parties) In the event Biomet transfers EEA Personal Data covered by this Policy to a third party, it will do so consistent with any notice provided to Data Subjects and any consent they have given. Biomet will transfer such Personal Data only to third parties that (a) are located in a jurisdiction subject to the EU Data Protection Directive or with privacy laws considered to be adequate by the European Commission; (b) subscribe to the Safe Harbor Privacy Principles; or (c) have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Policy and the Safe Harbor Privacy Principles. When Biomet has knowledge that a third party is using or sharing Personal Data in a way that is contrary to this Policy, Biomet will take reasonable steps to prevent or stop such use or sharing. Access Data Subjects whose Personal Data is covered by this Policy have the right to access such Personal Data, and to correct, amend, or delete such Personal Data if they can demonstrate that it is inaccurate or incomplete (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject s privacy, or where the rights of persons other than the Data Subject would be violated). 3

Security Biomet takes reasonable precautions to protect EEA Personal Data covered by this Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Data Integrity EEA Personal Data covered by this Policy that is collected, processed, and maintained by Biomet shall be kept and used for its intended purpose(s). Biomet takes reasonable steps to ensure that the Personal Data is used for its intended purpose(s), and is accurate, complete, and current. Enforcement To ensure compliance with these Safe Harbor Privacy Principles, Biomet will: Cooperate with the Data Protection Authorities ( DPAs ) and other governmental agencies with authority over such matters in the respective EEA member states, where it has operations, and with the Swiss Federal Data Protection and Information Commissioner ( Commissioner ) for operations in Switzerland, in the investigation and resolution of complaints that cannot be resolved between Biomet and the complainant, and comply with advice given by such DPAs and the Commissioner; Periodically review and verify its compliance with the Safe Harbor Privacy Principles; and Remedy issues arising out of any failure to comply with the Safe Harbor Privacy Principles. Biomet acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department s list of Safe Harbor participants, and thereafter transfers of Personal Data will not be allowed unless Biomet otherwise complies with the EU Data Protection Directive or other relevant applicable laws. COMPLAINTS AND DISPUTE RESOLUTION Any inquiries or complaints regarding this Policy or the collection, use, disclosure, transfer, access, or opting out of uses of Personal Data should be directed to: For Biomet Employees: Peggy Taylor Senior Vice President Human Resources, Biomet, Inc. 56 E. Bell Drive Warsaw, IN 46582 United States of America Email: Peggy.Taylor@biomet.com Phone: +1 (574) 372-1601 Fax: +1 (574) 372-1783 For All Other Data Subjects: Antje Petersen-Schmalnauer 4

Global Privacy and Data Protection Officer, Biomet, Inc. Toermalijnring 600 3316 LC Dordrecht The Netherlands Email: Antje.Petersen-Schmalnauer@biomet.com Phone: +31 78 629 2911 Fax: +31 78 629 2941 In the event an inquiry or complaint cannot be resolved between Biomet and the complainant, the complainant may contact the appropriate DPA or the Commissioner. The contact information for the EU DPAs is available at http://ec.europa.eu/justice/dataprotection/bodies/authorities/eu/index_en.htm. The contact information for the Commissioner is available at http://www.edoeb.admin.ch/kontakt/index.html?lang=en. Biomet will investigate and attempt to resolve complaints in accordance with the Safe Harbor Privacy Principles, and agrees to cooperate with the EU DPAs and the Commissioner for the purpose of handling any unresolved complaints. CHANGES TO THIS POLICY This Policy may be amended from time to time consistent with the requirements of the Safe Harbor Privacy Principles. Appropriate notice will be given concerning such amendments. Last Updated: November 11, 2014 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information