Skip to main content

Privacy Policy

Boston Scientific Website Privacy Policy
Effective Date: October 2025

Policy Scope

This Data Protection Notice (the “Notice”) informs you about Boston Scientific Corporation (“BSC”) privacy practices regarding the collection and use of personal data relating to BSC websites (“Sites”) addressing Europe, UK and Switzerland, including mobile sites and our applications. Additional provisions may apply in other countries based on your local laws. Please consult the country specific section at the end of this Notice for more information.  BSC is committed to the protection of your personal data and dedicated to treating people with respect, transparency, and integrity; therefore, we don’t sell or lease your personal data to a third party.

This Notice also describes how you can access and update your information, and more generally how to exercise your data protection rights under applicable laws. When we refer to BSC, we mean Boston Scientific entities located in Europe acting as data controllers. A list of BSC European entities can be found here

BSC complies with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 also known as the “GDPR” and applicable local data protection laws.

Additional privacy policies may apply depending on the purposes of personal data processing (e.g., for event registration, for management of healthcare professionals, for adverse events and products complaints, etc.). These dedicated notices shall be available at the time of collection of personal data for that specific purpose.

Table of Content

Information Collection & Use

Personal data is data that can be used to identify you, directly or indirectly, such as your name, email address, telephone number, etc. BSC may collect your personal data when you interact with us, such as but not limited to, requesting information via our Sites, online event registration, Site registration, online survey participation, etc.

We also collect personal data about Healthcare Practitioners (“HCPs”) when we engage with them, e.g., when you send us a request, when you fill in our Sites’ forms, when we conclude a contract, collaborate in a scientific project or when you meet with our representatives who inform you about our products or scientific studies.

We may also collect some information from third parties, for example from contact persons of our business partners or services providers, as well as from public sources.

We also collect information about your interactions with our Sites and applications (e.g., browsing behavior), through cookies and other tracking technologies for which we recommend you to read our Cookie Notice.

Information that we may collect about you includes, but is not limited to the following categories:

  • Identity data: first and last names, date of birth, gender, etc.
  • Contact details: email address, phone number, postal address, etc.
  • Professional data: profession, title, position in the company, interests, location, information about your company (company name, company size, business type, etc.), professional ID number or registration, medical specialty, professional affiliations, publications, etc.
  • Information about your preferences: testimonials, site survey responses, responses to market studies in which you have participated, etc.
  • Financial information: payment-related information for payments we may need to perform (account details, bank information, tax-related information, amount to be paid, etc.)
  • Information from your use of our Sites: IP address, the device(s) you are using, your usage of our Sites, etc.

We use this information for the following purposes:

  • Conduct surveys or other market research and studies that you have agreed to participate in for the purpose of collecting your feedback on our products or any other matter related to BSC;
  • Administer your account on our Sites, improve our Sites, optimize user experience and display personalized content, authenticate you when accessing zones with restricted access areas of our Sites (e.g. for healthcare professionals, when authenticating to access our dedicated zones on our Sites);
  • Communicate with you when necessary, including but not limited to, to send you product updates, newsletters, marketing communications, requested product or service information, fulfill services you have requested, respond to your questions, notify you of Notice updates, etc. We may contact you by different means including but not limited to electronic means. We may use profiling to optimize and personalize relationship and information that we make available to HCPs. This profiling can imply managing the type, content and frequency of specific communication for segmented groups;
  • Initiate and perform contracts, in particular to identify, select and collaborate with HCPs for our research and development, medical and scientific activities (such as clinical trials or other scientific studies), consultancy services or speaker engagements;
  • Manage our partners and vendor relationship, including performing due diligences, agreements negotiation and renewals, accounting, billing and collection activities;
  • Provide support services when you are using our digital tools and perform data analysis to determine the effectiveness of our tools, improve them, and/or develop new ones;
  • Fulfil adverse events obligations, if you share information with us about potential adverse events relating to our products, we process such data according to our privacy notice for Adverse Events and Product Complaints, in such case, we may evaluate and verify your information, and/or contact you if we have any questions;
  • Comply with our legal, regulatory and reporting obligations, in particular regarding performing any required administrative formalities, registration and declarations, device tracking for the purposes of event analysis and reporting, transparency, monitoring adverse events you may report to us (including reporting significant adverse events to health authorities worldwide), etc.;
  • As required by any judicial process and law enforcement;
  • As necessary to comply with industry standards and our internal policies; and
  • Where required, to protect our rights or third-party rights, enforce our Terms of Use, agreements concluded with partners and vendors and for the establishment, exercise or defence of legal claims.

Legal basis

We may collect and process your personal data on the following legal grounds, depending on the processing operation:

  • We have collected your prior consent;
  • We have performed a contract with you or taken steps prior to entering into a contract with you;
  • We need to collect and process your personal data to comply with our legal obligations, for example for vigilance obligations, transparency-related obligations, etc.;
  • We rely on our legitimate interests, and we have balanced your interests or fundamental rights and freedom in determining whether the processing is legitimate and lawful.

We may contact and engage with you to inform you about our products and services, such as sending newsletters. When required, we will collect an opt-in and/or verify the existence of an opt-out for this.

Data Retention

We retain your information as needed to provide you the services and/or for the purposes mentioned above. Your personal data are deleted when they are no longer necessary to fulfill the purpose of the processing. We do, however, also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Data Sharing & Transfers

BSC may communicate your personal data to the recipients listed below, in the context of the purposes described above and in compliance with applicable law to:

  • BSC headquarters in the U.S., our affiliates and subsidiaries for purposes consistent with this Notice. Please see a list of BSC entities here;
  • Service providers, suppliers or vendors that are under contract with BSC entities to perform services for or on behalf of BSC (e.g., to maintain computer database, perform marketing activities, or conduct surveys). The agreements concluded between BSC and these providers, suppliers and vendors contain the appropriate safeguards, including but not limited to, the obligation to process personal data following our instructions and the implementation of technical and organizational measures;
  • Potential acquirers and other stakeholders in the event of a corporate sale, merger, reorganization, dissolution or similar event of BSC;
  • Law enforcement personnel, authorities, regulatory bodies, agencies and courts, including to meet national security requirements, or as part of a legal process, in order to protect our property or in furtherance of an investigation regarding a breach of the Sites’ rules and policies, unauthorized access to or use of the Sites or any other illegal activities.

The access granted to our affiliates, subsidiaries and third parties is limited solely to the purpose for which such information was provided. Furthermore, we require our affiliates, subsidiaries and third parties to uphold and maintain BSC’s policies with respect to privacy and the processing of your personal data. Regardless of their locations or the laws of the countries they are based in, they are contractually required to provide at least the same level of protection.

Some of our affiliates, subsidiaries and third parties to whom we transfer personal data are located outside the European Economic Area (EEA), Switzerland or the United Kingdom. To ensure your personal data will still be processed in compliance with our standard of data protection and applicable law, BSC has implemented EU Standard Contractual Clauses between its entities as well as with third parties and has taken additional safeguards such as encryption of the data in transfer. You can ask for more information on the safeguards implemented by BSC as described in the Contact Section.

Your rights

Where applicable, you have the following rights:

  • Right of access: you have the right to obtain confirmation as to whether or not your personal data is processed, and, if so, to request access to the personal data held on you;
  • Right to rectification: you have the right to have inaccurate personal data about you rectified or completed if it is incomplete;
  • Right to erasure: You have the right to have your personal data delated.
  • Right to restriction of processing: you have the right to request from us that we limit the way we use your personal data.
  • Right to withdraw consent: you have the right to withdraw your consent at any time with future effect.  Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent nor of continued processing activities that are not based on consent.
  • Right to object: you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data; and we may have to stop processing the data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; you also have the right to object to the processing for direct marketing purposes.

If you have provided us with your consent, you can withdraw it at any time.

In some countries, you may have the right to provide guidelines about the processing of your personal data after your passing away.

To exercise these rights, please refer to the section “Contacts” below.

You also have the right to lodge a complaint with a competent data protection authority where you believe that your rights have been violated. List of EU data protection authorities is available here.

Security

BSC takes security seriously. We use reasonable and appropriate data protection measures, such as robust technologies, security policies and procedures, to reduce the risk of misuse, alteration, accidental destruction or loss, and unauthorized disclosure or access to our systems and data. For example, we encrypt the transmission of sensitive information using secure socket layer technology (SSL). We follow industry standards and best practices to protect your personal data during transmission and once we receive it.

Access to certain content about products, seminars, events or other information from BSC may be restricted to HCPs under applicable laws. To provide you access to such content and our services on our websites, you may need to register or allow us in other ways to verify that you are eligible to access the restricted content.

Links to Other Sites

This Notice applies only to BSC Sites and applications that link to this Notice. Our Sites include links to both our affiliated sites and to non-BSC web sites, including access to content, products and services of such affiliated and non-affiliated sites (Other Sites). BSC is not responsible for the privacy practices of Other Sites. We recommend you read the Other Sites own privacy policies for more information about their practices.

Minors

Our Sites and applications are not intended for use by minors, and BSC does not knowingly collect personal data from minors. If you are under the majority age in your country, please discontinue the use of our Sites and applications. If we become aware that someone under the majority age has registered, we will expunge any related personal data from our records.

Updates to this Notice

BSC may update this Notice by posting the amended Notice on this Site. We will notify you prior to the changes, where required, of material Notice changes via your account email address or by a Site notice.
This Notice was last updated in September2025.

Contact, Questions, Comments, Complaints

If you want to exercise your rights under the GDPR, please use the contact details below. You can also direct any data protection-related issues, questions, comments or complaints to BSC by using the contact details below:

Email: EuropePrivacy@bsci.com or through our Data Subject Request Form

Postal Mail:
Boston Scientific - DPO
c/Ribera del Loira, 46 Edificio 2
28042 Madrid (Spain)

Country specific provisions for South Africa

These additional provisions apply to website users, HCPs, customers and suppliers in South Africa where their personal information is processed by the below responsible party/ies, and shall be read together with the provisions of the Notice.

The Notice, as read with these country specific provisions for South Africa (“the South African Notice”), provides details relating to the processing of personal information in compliance with the Protection of Personal Information Act (“POPIA”).

Responsible Party: The responsible party for purposes of the South African Notice is Boston Scientific (South Africa) Proprietary Limited with the following address: 8 Anslow Crescent, Anslow Office Park, Bryanston, South Africa, or any other BSC entity which processes personal information in South Africa.

For any questions about the South African Notice, please contact the information officer at EuropePrivacy@bsci.com

Personal information of juristic persons. In addition to the personal information of natural persons set out above, we also collect and process personal information relating to customers, partners (including hospitals) and suppliers that are juristic persons, which information includes, for example:

  • the customer’s and/or supplier’s name and registration number;
  • the customer’s and/or supplier’s telephone number, email address, physical address and postal address;
  • the customer’s and/or supplier’s VAT number, and other tax-related information, if applicable;
  • all relevant Know-Your-Client information as prescribed by applicable legislation;
  • correspondence between us and the customer and/or supplier;
  • the customer’s and/or supplier’s contact persons, and their personal information (including, where applicable, their gender, email address, telephone number, etc.);
  • the customer’s and/or supplier’s authorised signatories;
  • invoices, fees, and payment structures and details relating to the customer and/or supplier; and
  • procurement information.

Purposes for processing. The purposes of the processing of personal information of juristic persons include, amongst others, the following:

  • to carry out the necessary actions for the conclusion or performance of any contract between us;
  • to provide services or products to you upon your request or to obtain services and products from you;
  • to administer your account;
  • to comply with all applicable statutory obligations;
  • to respond to queries received;
  • to carry out and manage our business operations;
  • for corporate security, disaster recovery and legal reporting obligations;
  • for direct marketing purposes, where applicable;
  • to conduct research or surveys or otherwise to collaborate with you;
  • for procurement purposes; and
  • any other legitimate business purposes.

Legislation. The legislation in terms of which personal information may be required to be processed includes the below, as well as any other legislation relating to the specific goods and/or services provided or procured by us:

  • the Income Tax Act
  • the Value-Added Tax Act
  • the Financial Intelligence Centre Act
  • the Broad-Based Black Economic Empowerment Act
  • the Consumer Protection Act
  • the Electronic Communications and Transactions Act

International Data Transfers. Personal information may in appropriate circumstances be transferred outside of South Africa. In circumstances where the recipient entity is not subject to a law that requires the processing and protection of personal information in a manner similar to what is contained in POPIA, we will ensure that the recipient is subject to binding corporate rules, a binding transfer agreement or model clauses that ensures adequate protection.

The supply of personal information. Whilst website users can, for the most part, elect whether to supply personal information (other than mandatory information relating to the use of our Sites), in most instances, the supply of personal information by customers, partners and/or suppliers is mandatory. If you choose not to provide us with your personal information, we may not be able to manage our contractual relationship with you (if applicable), either in whole or in part, we may not be able to proceed with your request to enter into a contract with us, or we may not be able to collaborate with you. Further, we may not be able to comply with our legal obligations. In instances where the supply of personal information is voluntary, we will inform you accordingly.

Your rights. In addition to the rights set out in the Notice, you shall have the following rights.

  • the right to establish whether we hold personal information;
  • the right to request access to your personal information (subject to and in accordance with the provisions of the Promotion of Access to Information Act);
  • the right to submit a complaint to the South African Information Regulator regarding alleged interference with the protection of your personal information; and
  • the right to institute civil proceedings regarding the alleged interference with the protection of your personal information.

Should you wish to exercise your right to request access to, or the correction, destruction or deletion of, your personal information, or to object to the processing of your information, you are required to submit your request in writing to the Information Officer. Depending on your request, we may require you to complete the relevant form prescribed by the POPIA Regulations.