Skip to main content

Privacy Policy

Boston Scientific Website Privacy Policy
Effective Date: July 24 , 2024

Introduction

Boston Scientific Corporation (“BSC”) is dedicated to safeguarding your personal data, in compliance with the relevant laws. This Privacy Policy (“Policy”) sets out the commitments of BSC regarding the collection and use of your personal data when accessing our BSC website [BR1] for the Kingdom of Saudi Arabia (the “Kingdom”), including mobile sites [and our applications] (“Sites”). In addition, this Policy

  • Sets out the types of Personal Data we collect about you and how we collect it.
  • Explains why we collect and use your Personal Data.
  • Sets out the legal bases we have for using your Personal Data.
  • Explains how long we keep your Personal Data.
  • Explains how we will share your Personal Data - when, why, and with whom.
  • Explains your rights as the Data Subject.
  • Tells you how to contact us.

When we refer to BSC, we mean Boston Scientific Corporation, including our affiliates and subsidiaries. BSC adheres to privacy best practices, including the Generally Accepted Privacy Principles (GAPP), and complies with international personal data transfer framework requirements.

Table of Contents

  1. Types of personal data we collect
  2. How we use your personal data
  3. Who do we share your personal data with?
  4. Cookies & Similar Technologies
  5. How long do we keep your personal information for?
  6. How do we keep your personal information secure?
  7. Transferring your personal information outside of the Kingdom
  8. What are your data protection rights?
  9. Links to Other Sites
  10. Minors
  11. Updates to Privacy Policy
  12. How to contact us

 

1. Types of personal data we collect

Information we collect directly from you

BSC collects information directly from you when you choose to register on our Sites [or in our mobile applications], call or e-mail us, register with us for an event, provide us with your resumé or otherwise provide information directly to us. The following are examples of information we may collect directly from you:

  • Name
  • Contact details (e-mail address, telephone number, postal address etc.)
  • Username and password
  • Date of birth
  • Gender
  • Communication preferences
  • Business information, including occupation and areas of specialization.
  • Testimonials
  • Site survey responses
  • Site blog and community forum posts
  • Professional identification information (e.g. unique physician ID number, UPIN) and clinical affiliation

Sensitive personal data

We may sometimes need to collect more sensitive personal data about you, but we only do this if it’s necessary and with your written consent. This sensitive personal data (sometimes known as special category personal data) may include things like:

  • Medical conditions

Information we collect when you visit our Sites

When you visit our Sites, we have access to the following types of information about you:

  • Site registration. If you choose to register to use BSC features and services, either as a consumer or a healthcare professional, we will collect personal data from you and this information may be combined, to provide you with services or information you request or to ensure that we maintain complete, current and accurate personal data.
  • IP address. We record the internet protocol (IP) address of your computer when you visit our Sites. The IP address does not identify you personally, but it allows us to maintain communications with you as you move about this website.
  • Site interactions and usage data: [We provide interactive digital health tools through which information is collected from users.] We also collect information about your interactions with our Sites and applications (e.g., browsing behavior). Our Sites automatically track certain behavior (Usage Data) during visits, such as, referring/exit URLs and we also collect other basic information about you which does not directly identify you but which may correspond with you or a particular device.

Information from publicly available sources

We may use the following public sources to collect personal data about you:

  • Social media.
  • Events (e.g. conferences).
  • Directories.

 

2. Why do we collect your personal data?

In most cases, personal information is collected automatically, for our legitimate business interests.

In the Kingdom, we are required to ask for your consent before collecting personal information, in which case you will be presented with a choice as to whether you wish to allow the collection and use of this type of information. You are entitled to withdraw your consent at any time by contacting us (see “How to contact us”, below).

We might also have a legal obligation to process your personal data. 

 

3. How we use your personal data

We use your personal data to:

  • Send you product updates, newsletters, marketing communications, requested product or service information, fulfil services you have requested, and to understand your interests and preferences.
  • Respond to your questions
  • Administer your account
  • To verify your professional accreditation
  • Conduct surveys or other research and analysis
  • Improve our Site and marketing efforts
  • Optimize user experience
  • Display personalized content
  • Deliver promotional material, where allowed by law
  • Enable you to post your resume, search job postings, and contact or be contacted by prospective BSC representatives or agents
  • Notify you of Policy updates
  • In order to share information or messages
  • To learn more about how our Sites and online resources are used and to otherwise improve and administer the Sites.

We may use cookies to automatically collect certain information from your device. Please see the “Cookies” section, below.

We may use your personal data to support the activities of unaffiliated third parties that are under contract to perform services for or on behalf of BSC (including to maintain computer database, perform marketing activities when allowed by law, or conduct surveys). For example, personal data collected through interactive digital health tools we provide may be used to improve these tools and determine payment amounts for vendors who assist us in making these tools available. Please also refer to “Who do we share your personal information with”, below.

Direct Marketing

With your consent, we may send you direct marketing communications regarding our products and services. If you have opted in to receive marketing communications, we may contact you by electronic messages (email, SMS, or website), by mail or other means that you share with us.  You have the right to withdraw consent at any time by contacting us using the details provided in the “How to contact us” section, below, or by clicking the unsubscribe link in our marketing messages. 

 

4. Who do we share your personal data with?

BSC will not sell or lease your personal data to a third party; however, there are certain circumstances where we may share your personal data without additional notice to you:

  • Affiliates and subsidiaries of BSC group of companies: We may share your personal data with other companies in the BSC group. We will only do so for purposes consistent with this Policy. Furthermore, we require our affiliates, subsidiaries and third parties to uphold and maintain BSC’s policies with respect to privacy and the treatment of your personal data.
  • Third party service providers: We may share your personal data with third parties who are under contract with us to perform services for or on behalf of BSC (e.g., to maintain computer database, perform marketing activities, or conduct surveys). If we allow a third party to have access to your personal data, they will only be permitted access for purposes that are consistent with this privacy policy and will be required to protect your personal data in accordance with all applicable data protection laws.
  • Corporate transactions: In the event of a corporate sale, merger, reorganization, dissolution or similar event we may need to share your personal information as part of the transaction.
  • Legal obligation: To other persons as permitted by applicable law or regulation.
  • Law enforcement: We may be required to disclose personal information to law enforcement personnel and agencies, including to meet national security requirements, or as part of a legal process, in order to protect our property or in furtherance of an investigation regarding a breach of the Site rules and policies, unauthorized access to or use of the Site or any other illegal activities.

We may share aggregate data with selected third parties. For example, BSC may disclose aggregate Usage Data to third parties to understand how the Site is used or for marketing purposes. See the "Cookies" section, below. Aggregate data does not identify individuals.

 

5. Cookies & Similar Technologies

BSC and our partners use a variety of technologies to facilitate the delivery of services to you via our Sites and applications and to understand and preserve your personal preferences. Use of these is governed by our Policy or the privacy policy of the third party providing the service.

We may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content. For detailed information about the purposes for which we use cookies, please check our Cookie Policy.

 

6. How long do we keep your personal information for?

We retain your personal information while your account is active or as needed to provide you services. We also retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We will not retain your personal information for longer than is necessary to achieve the purposes for which it was collected, as set out in this Policy.

 

7. How do we keep your personal information secure?

BSC takes the security of your personal information seriously. We use organisational, administrative and technical  measures, such as robust technologies, security policies, and procedures, to ensure the security of personal information and to reduce the risk of misuse, alteration, accidental destruction or loss, and unauthorized disclosure or access to our systems and data. For example, we encrypt the transmission of sensitive information using secure socket layer technology (SSL).

We follow industry standards and best practices, including controls, standards and rules set by the National Cybersecurity Authority, to protect your personal data during transmission and once we receive it. 

 

8. Transferring your personal information outside of the Kingdom

Your personal information may be processed, stored, shared, transferred or disclosed by us within the GSC group of companies or with other third parties for the purposes described in this Policy. We do this in order to operate effectively, efficiently and securely. This may involve processing, storing, sharing, transferring or disclosing your personal information to other jurisdictions.

Where recipients of your personal information are in jurisdictions that are outside the Kingdom, which does not have an adequate level of protection as recognized by the laws of the Kingdom and the competent authority, we will take all reasonable steps necessary to ensure that any transfer of personal information is relying on relevant exceptions and/or applicable safeguards as required to comply with applicable laws.

 

9. What are your data protection rights?

The law provides you with the following rights in relation to your personal information:

  • Right to be informed: you have a right to be informed about how we use the personal information we hold about you. We do this by providing you with this Policy.
  • Right to access a copy of your personal information: you are entitled to request a copy of the personal information we hold about you.
  • Right to rectification: you are entitled to have any personal information we hold about you corrected if it is inaccurate or incomplete.
  • Right to erasure: you are entitled to request that we delete any personal information that we hold about you if there is no compelling reason for us to keep it. There are some exceptions to this right.
  • Right to restrict processing: you have a right to restrict us from using your personal information although we are still allowed to hold that information. 

We may require you to provide additional information necessary to confirm your identity before we comply with any request made by you.

 

10. Links to Other Sites

This Policy applies only to the Sites and applications that link to this Policy. Our Sites include links to both our affiliated sites and to non-BSC web sites, including access to content, products and services of such affiliated and non-affiliated sites (“Other Sites”). BSC is not responsible for the privacy practices of Other Sites. You should directly contact these Other Sites to read their privacy policies and for more information about their practices.

 

11. Minors

Our Sites and applications are not intended for use by individuals under the age of 18, and BSC does not knowingly collect personal data from those in this age group. If you are under 18, please discontinue the use of our Sites and applications. If we become aware that someone under the age of 18 has registered, we will expunge any related personal data from our records.

 

12. Updates to Privacy Policy

BSC may, in its sole discretion, update this Policy by posting the amended Policy on this Site. We will notify you prior to the changes, where required, of material Policy changes via your account email address or by a Site notice.

This Policy was last updated on July 24, 2024.

 

13. How to contact us

If you are unhappy with how we have handled your personal information, or have further questions on the processing of your personal information, this Policy or our privacy practices, you can contact us in any of the following ways:

Email: Globalprivacy@bsci.com 

Post: Boston Scientific Gulf Trading LLC

King Khalid International Airport Road, Roshn Business Front

Riyadh 13413, Saudi Arabia

Data Protection Officer (DPO): Thomas Hamilton, Chief Privacy Officer