Privacy Policy

SOS Online Privacy Statement

Last updated: October 9, 2017

Arthrex Inc. (“ARTHREX”) is strongly committed to maintaining the privacy of users of the Surgical Outcomes Systems (“SOS”) Web site and associated information and analytical systems (the “Site”). This ARTHREX Privacy Statement describes the practices that ARTHREX follows with respect to the privacy of users of this Site (i.e. visitors, surgeons and patients) and supplements the Research Participant Information Sheet or the ARTHREX Research Subject Information and Consent Form (which may have a different name depending on the jurisdiction) you may have received from ARTHREX or your healthcare provider when participating in SOS as a patient or the privacy notice provided by ARTHREX when using SOS as a surgeon.

This Privacy Statement is specific for the purposes of the SOS. The goal of this Site is to assemble and analyze medical and health information in order to facilitate treatment, medical research, quality of care improvements, and healthcare operations, including quality of care improvements. We appropriately share data from this Site for these purposes, but we do so with respect for medical privacy and in compliance with medical privacy law and medical ethics. We take the principle of informed consent seriously. We want all users of SOS to understand and be comfortable with our policies.

If you choose to register or submit information to this Site or to permit your healthcare provider to process your information through our online services to facilitate treatment, medical research, and health care operations, including quality of care improvements, or for any other purposes specifically authorized by you, you agree to the use and transfer of the information submitted to the Site in accordance with this Privacy Statement and the associated ARTHREX documents provided to you. Of particular significance for Europeans and Canadians, you agree the disclosure and transfer of your personally identifiable information to ARTHREX affiliates and subsidiaries and to such other recipients which may be located both within and outside the European Economic Area and Canada, as further described in this Privacy Statement.

Depending on your healthcare provider’s intended use of this Site, some individuals may be provided with a Research Participant Information Sheet or an ARTHREX Research Subject Information and Consent Form by ARTHREX or your healthcare provider, which will supplement the information in this Privacy Statement regarding the collection, use, disclosure and storage of your information. Carefully read the Research Participant Information Sheet or the Research Subject Information and Consent Form, and discuss any questions or concerns with your healthcare provider. If there is any inconsistency between express provisions of those other ARTHREX documents provided to you and the following Privacy Statement, the express provisions in those other documents will prevail to the extent of that inconsistency.

If you have any questions about this Privacy Statement, or use of this site, feel free to contact our Webmaster at webmaster@arthrex.com.

a. What and how is information collected?

The Site collects personally identifiable information that is provided by visitors. If you are a visitor to the Site, we collect information about you through the Site’s pages such as your name, email address, street address, telephone number and any information you may provide in the open field "message" section, so that we may enhance your site visit or follow up with you after your visit.

If you are a physician, we will gather information from you as part of the registration process and your ongoing use of the Site as described in this Privacy Statement. This includes your contact information (such as name, email address, street address and telephone number), credit card number, IP address and your SOS login details (login name and password) as well as detailed information about the medical procedures you perform that you choose to voluntarily provide to us.

If you are a patient, you and your healthcare provider will provide personally identifiable information about you, including personally identifiable health information. This information may include your contact information, such as your email address, SOS login details (login name, password and browsing activities while using the Site) as well specific information about your ethnicity, race, date of surgery, medical history, diagnoses, and treatment.

We do not usually seek other sensitive information (e.g., data relating to religious beliefs, criminal record, or sexual orientation), except where relevant to the medical and health information that we collect and process such information with your express consent to collect such information.

b. Cookies, web beacons and other tracking technologies

For all users, ARTHREX may use certain technologies to monitor technical information about the Site and its use. To facilitate easy navigation within the Site, we or our service provider(s) may use cookies (small text files stored in a user's browser) or Web beacons (electronic images that enable counting visitors who have accessed a page or certain cookies) to collect certain aggregated data, such as IP address, domain, browser type and pages visited.

ARTHREX currently uses the following types of cookies and Web beacons: first party session cookies for Site functionality, security and preferences, and analysis cookies, such as Google Analytics, Crashlytics, and New Relic. Further information about these services is available at the following links:

ARTHREX and the Site operators use the information to analyze the number of visitors to different pages and to make sure that the Site is serving you effectively and efficiently.

ARTHREX may empower users to register their desire to opt-out of Internet tracking using the Pardot system based on its pop-up opt-in verification. When users opt-out, they will have a record in Pardot, but with a limited scope of information. Page views, landing page views and file downloads are not tracked for those who choose to opt out. Information on emails activity, however, such as messages sent, opened, clicked on, as well as any information submitted via form or landing page is still visible in Pardot. For more information on the Pardot system see http://www.pardot.com/press/pardot-debuts-new-marketing-automation-privacy-settings-to-protect-website-visitors/. When users opt-in using Pardot, they consent to this collection and use of information, recognizing that ARTHREX and the Site operators can see information such as page views, landing page views and file downloads, and they can use that information to analyze the number of visitors to different pages and to make sure that our Site is serving you effectively and efficiently. ARTHREX can also use that Pardot information about an individual’s online activities over time and across third-party Web sites or online services.

Our cookies and Web beacons generally do not collect information that identifies individuals by name, and ARTHREX does not permit other third parties to track consumer behavior over time across third party sites or services when you use our Site. ARTHREX uses this system instead of “Do Not Track” signals that are sent by certain browsers, and so our information collection and disclosure practices will continue to apply as described in this Privacy Statement, regardless of such “Do Not Track” signals. Cookies can also be rejected entirely by some browser settings, but users may be denied access to some parts of the Site if their browsers reject all cookies.

Our Site also passively and automatically collect certain information about a user's traffic patterns linked to their Internet Protocol (IP) addresses. These are unique Internet "addresses" assigned to all web users by their Internet Service Providers (ISP). IP addresses are automatically logged by web servers. While the IP address does not generally identify an individual on its face, it may, with the cooperation of the ISP, be used to locate and identify an individual using the internet.

Servers also automatically log information about visits to our in the normal course of establishing and maintaining web connections. Likewise, server logs record network information, such as visitors' IP addresses, type of operating systems, time and duration of visit, web pages requested, and identify categories of visitors by items such as domains and browser types. SOS also logs all changes that are made to the patient record including the user that made the changes, when the change occurred and what was changed in addition to standard web server logs. While we do not in general link standard server log information to any other data in a way that would enable us to identify individual visitors, we may review server logs for security purposes, for example, to detect intrusions into our network and identify the individuals responsible for the intrusion. 

c. How is personally identifiable information used?

Personally identifiable information is used only for limited purposes described in this Privacy Statement except as you otherwise authorize, such as through the ARTHREX Research Subject Information and Consent Form, or as otherwise allowed by U.S. health privacy laws or any other applicable laws. Personally identifying information about patients, including personally identifying health information, is used and/or released to support healthcare operations, including to quality of care improvements, to facilitate your treatment, as well as for research purposes. Personally identifying patient information may be shared with your physician, aggregated with other patients’ data and anonymized so that medical providers can compare medical outcomes over a broad patient population and for use in clinical studies that may be published.

ARTHREX may use de-identified, aggregate data for any legitimate business purpose, including for research, education, product development, or to otherwise support its operations as well as in connection with legal, regulatory, compliance, insurance, and security purposes as well as in connection with the investigation, establishment and defense of its legal interests.

Personally identifiable information of visitors will be used for the purpose of handling the messages sent to us through the open field “message” section and to enhance your Site visit or to follow up with you after your visit.

Personally identifiable information of surgeons will be used as described in the privacy notice provided to them when enrolling in SOS. We will ensure that our marketing activities comply with applicable law. You may at any time request that we discontinue sending you such materials.

Your identifiable information may be processed by ARTHREX or its affiliates and sub-contractors for any of the purposes described above.

d. When is personally identifiable information disclosed to third parties?

Personally identifiable information is disclosed to third parties only in limited circumstances except as you otherwise authorize, such as through the ARTHREX Research Subject Information and Consent Form, or as otherwise allowed by U.S. health privacy laws or other applicable laws. Patient information is shared with your healthcare provider, and any third parties that your healthcare provider authorizes to access this information. ARTHREX does not sell or rent personally identifying information collected through this Site–whether about patients or health care providers—to anyone when such a sale would violate applicable law.

ARTHREX may disclose identifiable information to our subsidiaries and affiliates, for internal audit, management, billing, mailing, call center, information technology, data hosting, data processing, or similar administrative purposes, including as permitted or required by law, or to enforce our legal rights. ARTHREX may also disclose your personally identifiable information to third parties that provide services to us, such as agents, consultants, contractors, accountants, vendors, attorneys, database administrators, providers of technology services and other service providers. All such third parties are required to comply with ARTHREX’s privacy policies, and are permitted to use personally identifiable information only for the purposes referred to in this Privacy Statement and/or to perform services on behalf of ARTHREX.

Aggregated and anonymized information, formerly personally identifiable information may be disclosed to other healthcare providers, or for publication of outcomes of clinical trials.

We may, where appropriate, disclose personally identifying information of users collected from our Site to law enforcement, regulatory or other government agencies, or third parties where necessary or desirable to comply with legal or regulatory obligations or requests, including reporting and submitting information to health and other regulatory, judicial and law enforcement authorities, or when ARTHREX believes in good faith that disclosure is legally required or otherwise necessary to protect ARTHREX’s or others’ rights, safety or property to the extent ARTHREX complies with applicable law.

Personally identifiable information of users collected from the Site may also be transferred as part of a proposed or actual financing, corporate sale, securitization, insuring, restructuring, bankruptcy, transfer of assets, assignment or other disposal of all or part of our business or assets, or for the purposes of evaluating and/or performing the proposed transaction. If required by applicable law, we may request your consent with certain transfers. Assignees or successors of our business or assets may use and disclose your personal information for purposes materially similar to those described in this Privacy Statement. Visitor’s consent with this transfer shall be implied if you decide to provide us with your personal information and you continue to use the Site.

e. How can you correct, access, update and delete your information, object to the processing, or withdraw your consent?

We are willing to providing reasonable access to any users of this Site who wish to review their personally identifiable information and to correct any inaccuracies. Users who choose to register may access their user profile, correct and update certain personal information in it, or unsubscribe at any time. Depending on your jurisdiction, you may have a right to reasonable access to the personally identifiable information about you that ARTHREX processes for the purposes of SOS, and, in accordance with applicable data protection laws, you may also have a reasonable right to correct and amend where it is incomplete or inaccurate and, under certain circumstances, delete your personal information or, to object to the processing of your information.

Users who have any problem accessing their profiles, or would like access to any of their personally identifiable information or to request a copy of their personally identifiable information should contact webmaster@arthrex.com.You may view and edit your personally identifiable information at any time by contacting us using the link provided on the Contact Arthrex link on the Site. Or if you prefer, you may contact our Webmaster at webmaster@arthrex.com. In all cases we will treat your requests in accordance with applicable legal requirements.

If an individual is not capable of consenting to the collection, use or disclosure of his or her own personal information in accordance with this Privacy Statement, consent must be obtained from the person who is legally entitled to consent on behalf of the individual.

You may withdraw your consent to our collection, use, storage and disclosure of personal information at any time, subject to contractual and legal restrictions and reasonable notice. If you withdraw your consent to certain uses of your personally identifiable information, we may no longer be able to provide some services. In certain circumstances, you may not be permitted to withdraw consent to particularly necessary uses and disclosures of the personally identifiable information for which you originally consented. For example, we may need to retain your information to ensure the integrity of research.

f. How do we protect your information?

We protect your personally identifiable information, using physical, electronic or procedural safety measures as appropriate to the sensitivity of the information in our control, where we deem it appropriate to do so in our network architecture.

Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via e-mail. We will review and may alter our security arrangements from time to time as we deem appropriate.

In the event of a breach of unsecured Protected Health Information or other sensitive personal information, we will provide you with notification if required under applicable law.

g. How can you help protect your information?

If you are using the Site for which you registered and chose a password, you are responsible for the security of that password. Do not share or otherwise divulge your password to any third parties. ARTHREX will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. You should also remember to sign out of the registered Site by closing your browser window when you have finished your work to ensure that others cannot access personally identifiable information.

h. What about links to other sites?

The Site may contain links to other sites, including those of our business partners. We are not responsible for the privacy practices employed by other sites.

i. Children's Privacy Protection

ARTHREX understands the importance of protecting children's privacy in the interactive online world. The Site covered by this Privacy Statement is not designed for or intentionally targeted at children 13 years of age or younger. While this Site may collect information related to pediatric orthopedic procedures, any such information must be provided by the patient’s health care provider, parent or guardian. It is not our policy to intentionally collect or maintain information from anyone under the age of 13 without proper consent by their legal representative.

j. Privacy Shield Data Transfer Commitment

Ideas and laws about medical privacy vary around the world. This site operates under United States law, medical ethics, and privacy laws. We may transfer any information on this Site internationally for any of the purposes mentioned in this notice.

Transfers may involve the transfer of your information between jurisdictions and outside of the jurisdiction in which you submitted your information, including to jurisdictions which the European Union may deem not to provide “adequate” data protection or which not are equivalent to those in effect in your country of residence. Please do not provide us any information that you do not wish to be transferred to the United States for these purposes.By providing information to ARTHREX through this site, you are consenting to such transfers.

ARTHREX relies on and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce as well as the Model Contracts/ Standard Contractual Clauses set forth by the European Commission and the Swiss Federal Data Protection and Information Commissioner, respectively, regarding the collection, use, and retention of all personally identifying information that it processes and which is transferred from countries in the European Economic Area and Switzerland to the United States, both in electronic or paper form, including Personal Information and Sensitive Personal Information (defined below). ARTHREX has certified that it adheres to the data protection principles of: notice, choice and consent, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

ARTHREX complies with the Privacy Shield Principles for onward transfers of personal data from the EU and Switzerland, including onward transfer liability provisions, relating to transfers of data to a third party acting as an agent on its behalf.

This EU-U.S. and Swiss-U.S. Data Transfer Commitment covers both “Personal information” which means any information from which an individual can be directly or indirectly identified, as well as “Sensitive Personal Information” which means Personal Information revealing an individual’s racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional or trade organization or union, physical or mental health including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior. In addition for Switzerland, the definition of sensitive data includes ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.

With respect to personally-identifiable information received or transferred following the Privacy Shield Framework, ARTHREX in subject to the investigatory regulatory enforcement powers of the Federal Trade Commission (FTC). In certain situations, ARTHREX may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions as described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, individuals may invoke binding arbitration when other dispute resolution measures have been exhausted.

To learn more about the Privacy Shield Program, and to view ARTHREX’s certification, please visit:https://www.privacyshield.gov/

For more information, please also see the following links:

- European Commission Model Contracts/Standard Contractual Clauses: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
- EU General Data Protection Regulation (GDPR): http://ec.europa.eu/justice/data-protection/reform/index_en.htm

k. Will this Privacy Statement change?

ARTHREX reserves the right to modify or amend this Privacy Statement at any time and for any reason. If we update our Privacy Statement, we will post a prominent notice on our Site to notify you of any material changes to this Privacy Statement so that you can always know what information we collect, how we use it, and when and how we will disclose it. We will also indicate on this Privacy Statement when it has been most recently updated. We urge you to review this Privacy Statement frequently to obtain the current version. Your continued provision of personal information or use of our services or Site following any changes to this Privacy Statement constitutes your acceptance of any such changes.

l. Your California Privacy Rights

California law permits its residents to request and receive information about a business’ disclosure of certain categories of personally identifiable information to other companies for their use in direct marketing. If you are a California resident, you can request a copy of this information by sending an email to webmaster@arthrex.com or a letter to:

ARTHREXCorporate Headquarters
attn: Legal / Privacy Officer

1370 Creekside Boulevard
Naples, Florida 34108-1945
USA

Please include your name and email address in email requests, and your name and postal address in mail requests.

m. Inquiries and Address of Data Protection Office

If you have any questions, comments, concerns or suggestions about ARTHREX’s privacy practices, please contact ARTHREX by calling (800) 933-7001, or by sending an email to AskCompliance@arthrex.com or a letter to:

Patricia Hilbrands
Privacy Officer
ARTHREX Inc.
1370 Creekside Blvd.
Naples, Florida 34108-1945
USA