Effective Date: December 2022
This Data Protection Notice (the “Notice”) informs you about Boston Scientific Corporation (“BSC”) privacy practices regarding the collection and use of personal data relating to BSC websites (“Sites”) addressing Europe, UK and Switzerland, including mobile sites and our applications. BSC is committed to the protection of your personal data and dedicated to treating people with respect, transparency, and integrity; therefore, we don’t sell or lease your personal data to a third party.
This Notice also describes how you can access and update your information, and more generally how to exercise your data protection rights under applicable laws. When we refer to BSC, we mean Boston Scientific entities located in Europe acting as data controllers. A list of BSC European entities can be found here.
BSC complies with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 also known as the “GDPR” and applicable local data protection laws.
Additional privacy policies may apply depending on the purposes of personal data processing (e.g., for event registration, for management of healthcare professionals, for adverse events and products complaints, etc.). These dedicated notices shall be available at the time of collection of personal data for that specific purpose
Information Collection & Use
Personal data is data that can be used to identify you, directly or indirectly, such as your name, email address, telephone number, etc. BSC may collect your personal data when you interact with us, such as but not limited to, requesting information via our Sites, online event registration, Site registration, online survey participation, etc.
We also collect personal data about HCPs when we engage with them, e.g., when you send us a request, when you fill in our Sites forms, when we conclude a contract, collaborate in a scientific project or when you meet with our representatives who inform you about our products or scientific studies.
We may also collect some information from third parties, for example from contact persons of our business partners or services providers, as well as from public sources.
We also collect information about your interactions with our Sites and applications (e.g., browsing behavior), through cookies and other tracking technologies for which we recommend you to read our Cookie Notice.
Information that we may collect about you includes, but is not limited to the following categories:
- Identity data: first and last names, date of birth, gender, etc.
- Contact details: email address, phone number, postal address, etc.
- Professional data: profession, title, position in the company, interests, location, information about your company (company name, company size, business type, etc.), professional ID number or registration, medical specialty, professional affiliations, publications, etc.
- Information about your preferences: testimonials, site survey responses, responses to market studies in which you have participated etc.
- Financial information: payment-related information for payments we may need to perform (account details, bank information, tax-related information, amount to be paid, etc.)
- Information from your use of our Sites: IP address, the device(s) you are using, your usage of our Sites, etc.
We use this information for the following purposes:
- Conduct surveys or other market research and studies that you have agreed to participate in for the purpose of collecting your feedback on our products or any other matter related to BSC;
- Administer your account on our Sites, improve our Sites, optimize user experience and display personalized content, authenticate you when accessing zones with restricted access of our Sites (e.g. for healthcare professionals, when authenticating to access our dedicated zones on our Sites);
- Communicate with you when necessary, including but not limited to send you product updates, newsletters, marketing communications, requested product or service information, fulfill services you have requested, respond to your questions, notify you of Notice updates. We may contact you by different means including but not limited to electronic means. We may use profiling to optimize and personalize relationship and information that we make available to HCPs. This profiling can imply managing the type, content and frequency of specific communication for segmented groups;
- Initiate and perform contracts, in particular to identify, select and collaborate with HCPs for our research and development, medical and scientific activities (such as clinical trials or other scientific studies), consultancy services or speaker engagements;
- Manage our partners and vendor relationship, including performing due diligences, agreements negotiation and renewals, accounting, billing and collection activities,-
- Provide support services when you are using our digital tools and perform data analysis to determine the effectiveness of our tools, improve them, and/or develop new ones;
- Fulfil adverse events obligations, if you share information with us about potential adverse events relating to our products, we process such data according to our privacy notice for Adverse Events and Product Complaints, in such case, we may evaluate and verify your information, and/or contact you if we have any questions;
- Comply with our legal, regulatory and reporting obligations, in particular regarding performing any required administrative formalities, registration and declarations, device tracking for the purposes of event analysis and reporting, transparency, monitoring adverse events you may report to us (including reporting significant adverse events to health authorities worldwide, etc.; As required by any judicial process and law enforcement;
- As necessary to comply with industry standards and our internal policies.
We may collect and process your personal data on the following legal grounds, depending on the processing operation:
- We have collected your prior consent;
- We have performed a contract with you or taken steps prior to entering into a contract with you;
- We need to collect and process your personal data to comply with our legal obligations, for example for vigilance obligations, transparency-related obligations, etc.;
- We rely on our legitimate interests, and we have balanced your interests or fundamental rights and freedom in determining whether the processing is legitimate and lawful.
We may contact and engage with you to inform you about our products and services, such as sending newsletters. When required, we will collect an opt-in and/or verify the existence of an opt-out for this.
We retain your information as needed to provide you the services and to perform the purposes mentioned above. Your personal data are deleted when they are no longer necessary to fulfill the purpose of the processing. We also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Data Sharing & Transfers
BSC may communicate your personal data to the recipients listed below, in the context of the purposes described above and in compliance with applicable law to:
- BSC headquarters in the U.S., our affiliates and subsidiaries for purposes consistent with this Notice. Please see a list of BSC entities here;
- Service providers, suppliers or vendors that are under contract with BSC entities to perform services for or on behalf of BSC (e.g., to maintain computer database, perform marketing activities, or conduct surveys). The agreement concluded between BSC and these providers, suppliers and vendors contain the appropriate safeguards, including but not limited to the obligation to process personal data following our instructions and the implementation of technical and organizational measures;
- Potential acquirers and other stakeholders in the event of a corporate sale, merger, reorganization, dissolution or similar event of BSC;
- Law enforcement personnel, authorities, regulatory bodies, agencies and courts, including to meet national security requirements, or as part of a legal process, in order to protect our property or in furtherance of an investigation regarding a breach of the Site rules and policies, unauthorized access to or use of the Site or any other illegal activities.
The access granted to our affiliates, subsidiaries and third parties is limited solely to the purpose for which such information was provided. Furthermore, we require our affiliates, subsidiaries and third parties to uphold and maintain BSC’s policies with respect to privacy and the processing of your personal data. Regardless of their locations or the laws of the countries they are based in, they are contractually required to provide at least the same level of protection.
Some of our affiliates, subsidiaries and third parties to whom we transfer personal data are located outside the European Economic Area (EEA), Switzerland or the United Kingdom. To ensure your personal data will still be processed in compliance with our standard of data protection and applicable law, BSC has implemented EU Standard Contractual Clauses between its entities as well as with third parties and has taken additional safeguards such as encryption of the data in transfer. You can ask for more information on the safeguards implemented by BSC as described in the Contact Section.
Where applicable, you have the following rights:
- Right of access: you have the right to obtain confirmation as to whether or not your personal data is processed, and, if so, to request access to the personal data held on you;
- Right to rectification: you have the right to have inaccurate personal data about you rectified or completed if it is incomplete;
- Right to erasure: You have the right to have your personal data delated.
- Right to restriction of processing: you have the right to request from us that we limit the way we use your personal data.
- Right to withdraw consent: you have the right to withdraw your consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent nor of continued processing activities that are not based on consent.
- Right to object: you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data; and we may have to stop processing the data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; you also have the right to object to the processing for direct marketing purposes.
If you have provided us with your consent, you can withdraw it at any time.
In some countries, you may have the rights to provide guidelines about the processing of your personal data after your passing away.
To exercise these rights, please refer to the section “Contacts” below.
You also have the right to lodge a complaint with a competent data protection authority where you believe that your rights have been violated. List of EU data protection authorities is available here.
BSC takes security seriously. We use reasonable and appropriate data protection measures, such as robust technologies, security policies and procedures, to reduce the risk of misuse, alteration, accidental destruction or loss, and unauthorized disclosure or access to our systems and data. For example, we encrypt the transmission of sensitive information using secure socket layer technology (SSL). We follow industry standards and best practices to protect your personal data during transmission and once we receive it.
Access to certain content about products, seminars, events or other information from BSC may be restricted to HCPs under applicable laws. To provide you access to such content and our services on our websites, you may need to register or allow us in other ways to verify that you are eligible to access the restricted content.
Links to Other Sites
This Notice applies only to BSC Sites and applications that link to this Notice. Our Sites include links to both our affiliated sites and to non-BSC web sites, including access to content, products and services of such affiliated and non-affiliated sites (Other Sites). BSC is not responsible for the privacy practices of Other Sites. We recommend you read the Other Sites own privacy policies for more information about their practices.
Our Sites and applications are not intended for use by minors, and BSC does not knowingly collect personal data from minors. If you are under the majority age in your country, please discontinue the use of our Sites and applications. If we become aware that someone under the majority age has registered, we will expunge any related personal data from our records.
Updates to this Notice
BSC may update this Notice by posting the amended Notice on this Site. We will notify you prior to the changes, where required, of material Notice changes via your account email address or by a Site notice.
This Notice was last updated in December 2022.
Contact, Questions, Comments, Complaints
If you want to exercise your rights under the GDPR, please use the contact details below. You can also direct any data protection-related issues, questions, comments or complaints to BSC by using the contact details below:
Boston Scientific - DPO
c/Ribera del Loira, 46 Edificio 2
28042 Madrid (Spain)