Effective: May 25th, 2018
This Privacy Notice applies to the use of the website https://www.merit.com.
The responsible data controller for any personal data collected and processed in connection with the use of the website https://www.merit.com is Merit Medical Systems, Inc., 1600 West Merit Parkway, South Jordan, UT 84095. (“Merit Medical™”, “we” or “us”)
If you have any questions etc. about or in connection with this Privacy Notice or would like to complain about our handling of your personal data or exercise any of your rights (see 8. below), please contact us by using the following contact details:
Compliance Department, Merit Medical Systems, Inc., 1600 West Merit Parkway, South Jordan, UT 84095
Email address: [email protected]
This Privacy Notice applies to the collection and processing of personal data of users of the website https://www.merit.com.
5. CATEGORIES OF DATA, PURPOSES OF THE PROCESSING AND LEGAL BASIS
We collect and process your personal data only for the following purposes:5.1 Website – Allow website users to access and browse our website it is technically required that we process certain data transmitted by the browser used to access and browse our website.
5.2 Newsletter – Allow website users to subscribe to our newsletter and provide website users with newsletters.
5.3 Surveys – From time to time we conduct surveys in which users of our website can participate.
5.4 Contact form – Allow website users to contact us via an online form.
5.5 Product ordering – Process, fill, ship, and obtain payment for the order.
5.6 Job application – Allow Apply for a job online.
5.8 The Appendix Website Data and Cookies contains detailed information on:
- the categories of personal data we collect from you or from third parties (e.g., public authorities or public resources) in addition to other personal data that you actively provide to us (e.g., when you send an e-mail to us);
- the purposes for which we process these personal data; and
- the legal basis for the collection and processing of your personal data (unless otherwise provided, e.g., at the time we collect the data from you) we collect and process your personal data.
Please note that we process your personal data for other purposes only if we are obligated to do so on the basis of legal requirements (e.g., transfer to courts or criminal prosecution authorities), if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. If processing for another purpose takes place we may provide you with additional information.
6. RECIPIENTS AND CATEGORIES OF RECIPIENTS
Any access to your personal data by us is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.
We may transfer your personal data for the respective purposes to the recipients and categories of recipients listed below – more details regarding the recipients and categories of recipients mentioned under 6.1 and 6.2 below can be found in the Appendix Website Data and Cookies.
6.1 Private third parties – Affiliated or unaffiliated private bodies other than us.
6.2 Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.
6.3 Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.
7. CROSS-BORDER DATA TRANSFER
Some of the recipients of your personal data will be located or may have relevant operations outside of your country and the EU, such as in the USA, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Switzerland, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Jersey, New Zealand and the Eastern Republic of Uruguay. Recipients in the USA may partially be certified under the EU-U.S. Privacy Shield and thereby recognized as providing an adequate level of data protection from a European data protection law perspective. With regard to data transfers to such recipients outside of the EU we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC)) with the recipients or taking other measures to provide an adequate level of data protection. We will provide you with a copy of the respective measure we have taken upon request (for contact details see 3. above).
Details regarding cross-border data transfers, existence or absence of adequacy decisions and the appropriate safeguards taken with regard to cross-border data transfers can be found in the Appendix Website Data and Cookies.
8. STORAGE PERIOD
Your personal data is stored by us and/or our service providers, to the extent necessary for the performance of our obligations and for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws. When we no longer need to process your personal data, we will erase it from our systems and/or records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject. E.g., personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require retention of up to 10 years. If applicable, any other personal data will in principle be deleted 5 years after the termination of the respective related contractual relationship between you and us, if applicable). For more detailed information regarding the actual storage periods please refer to the Appendix Website Data and Cookies.
9. YOUR RIGHTS
If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
Pursuant to applicable data protection law you may have the right to: request access to your personal data, request rectification of your personal data; request erasure of your personal data, request restriction of processing of your personal data; request data portability, and object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable national data protection law. For further information on these rights please refer to Appendix Your Rights.
You also have the right to lodge a complaint with the competent data protection supervisory authority. To exercise your rights please contact us as stated in section (3.1) above.
10. COOKIES AND SIMILAR TECHNOLOGIES
10.1 Cookies. When you use our website, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits of our website. Your web browser may provide you with some options regarding cookies. Please note that if you delete, or choose not to accept, cookies, you may not be able to utilize the features of the services provided via our website to their fullest potential. We may use third party cookies in connection with the services provided via our website as well. For instance, we use Google Analytics to collect and process certain analytics data. We may not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our website or use the services provided via our website.
10.2 Clear GIFs/Web Beacons. Clear GIFs (also known as Web Beacons) are typically transparent very small graphic images (usually 1 pixel x 1 pixel) that are placed on a website that may be included on our services provided via our website and typically work in conjunction with cookies to identify our users and user behavior.
10.4 For detailed information regarding cookies and related data processing activities please refer to the Appendix Website Data and Cookies.
11. CHANGES TO THE WEBSITE PRIVACY NOTICE
This Privacy Notice may require an update from time to time – e.g. due to the implementation of new technologies or the introduction of new services. We reserve the right to change or supplement this Privacy Notice at any time. We will publish the changes on https://www.merit.com. and/or inform you accordingly (e.g., via email).
Appendix Your Rights
(a) Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
(b) Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(c) Right to erasure (“right to be forgotten”): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
(d) Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
(e) Right to data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
(f) Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, or where personal data are processed for direct marketing purposes at any time to the processing of your personal data by us and we can be required to no longer process your personal data.
Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.
12. California-Specific Description of Consumers’ Privacy Rights
Under the California Consumer Privacy Act (“CCPA”), California consumers have the right to request that we delete any personal information (as defined in the CCPA) we have about them, and that we explain how we have collected, used, sold, and disclosed personal information about them. Merit Medical may require that a request include information that enables us to verify who is making a request. This may depend on the type of request and the information we already have. If we cannot verify a requestor’s identity, we may ask for additional information. In any event, we will endeavor to respond to requests within 45 days and if we are unable to, we will let you know.
To make a request, email us at [email protected] or write to us at:
Attn: Beth French
Merit Medical Systems, Inc.
1600 West Merit Parkway, South Jordan
Merit Medical does not and will not sell personal information and we will not discriminate against anyone who asks you if we ask and you do not allow us to sell it.
Updated: August 25, 2020.
Under the CCPA (Cal. Civil Code § 1798.140):
(o) (1) “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
(B) Any categories of personal information described in subdivision (e) of Section 1798.80.
(C) Characteristics of protected classifications under California or federal law.
(D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
(E) Biometric information.
(F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
(G) Geolocation data.
(H) Audio, electronic, visual, thermal, olfactory, or similar information.
(I) Professional or employment-related information.
(J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
(2) “Personal information” does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
(3) “Personal information” does not include consumer information that is deidentified or aggregate consumer information.”