Privacy Policy

1. About Medistim. We protect and respect your privacy

Medistim is a medical technology company that designs, develops, produces, brings to the market and services ultrasonic imaging systems and accessories, which are used for guidance and quality assessment within cardiac-, vascular- and transplant surgery. In addition, the company distributes third party products in certain territories.

Medistim is committed to protecting and respecting your privacy. As the controller of your data, Medistim comply with the EU General Data Protection Regulations (GDPR). This policy establishes how we handle the information we receive or collect from external customers, clinical trial participants, suppliers, job applicants, employees, former employees, distributors and other contractors, third parties and visitors to Medistim either directly or via our websites. Protecting the privacy and personal data of our customers and visitors is of utmost importance to us. Protecting your privacy and your personal data is an important aspect of the way we create, organize and implement our activities on-line and off-line.

This policy applies to:

  • Medistim ASA headquarters, located in Oslo, Norway
  • Medistim ASA manufacturing site, located in Horten, Norway
  • Medistim subsidiaries

hereinafter referred to as “Medistim” or “us” or “we”.

2. The personal data we collect about you

Please note that we collect, use, store and transfer two different categories of data:

➢ Personal data – all data that may be collected, used, stored and transferred by us – for the purposes as described in section 3, in which the Personal Data is collected by using the following methods:

Direct interactions with Medistim in person, by post, phone, email or otherwise.
Through third parties (e.g. hospitals, recruitment agencies)
Interactions with our websites, by using the web enquiry form

➢ Anonymized patient data – which is not considered Personal Data, and as such, not comprised of this Privacy Policy / GDPR regulations, please see further information in 2.2. below.

2.1 Personal Data – comprised by Privacy Policy and GDPR

Personal data collected, used, stored and transferred by us may include

  • Identity Data including forenames, last name or similar identifier
  • Contact Data including business address, email address and telephone numbers
  • Transaction Data including payments and banking details for products and services you have purchased from us or we from you
  • Employment Related Data including further data about you – if you apply for employment in our company, such as birthdate/social security number, employment history and work-related skills, and any other info related to your resume, application and possible interview in regards to the qualifications for employment
  • Technical Data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the Medistim websites
  • Profile and Usage Data including purchases made by you, feedback and survey responses, and how you use our websites, products and services
  • Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences

We may also complete your registered data with other data featured in the communication or possibly also through publicly available information. If you are a customer to us, we may also complete your data with additional contact information.

Medistim does not process sensitive personal data. To the extent you make sensitive personal data, excluding special categories of personal data as defined under art. 9 of the GDPR, available to Medistim, you consent to Medistim processing such personal data in accordance with this Privacy Policy.

2.2 Anonymized data – Non-Personal Data
Personal patient data received by Medistim shall be anonymized, meaning that the information is impossible to connect to individual(s). Such data is not considered personal data according to GDPR. However, should any non-anonymized personal patient data be provided to Medistim, Medistim has implemented procedures in handling and deleting this data, making sure that only anonymized personal patient data is registered, handled and stored in our systems.

3. How do we use your personal data

We use your personal data in the following circumstances for contractual and legitimate business reasons/purposes:

  • To fulfill any contractual obligation and or commitments we may have with you, including companies within our same company group, partners or suppliers, cf. also section 4 below
  • To process and deliver any product or service
  • To initially discuss your requirements or job application
  • To manage our relationship with you including:
    ➢ Notifying you about changes to terms and conditions or privacy policy
    ➢ Customer reviews/surveys
    ➢ Notifying you of new products and services which we think will be of interest to you
    ➢ To respond to enquiries or complaints (customer care)

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. To whom we disclose personal data

We constantly strive to make sure that your personal data is only processed by those who need to.

In addition, your personal data may be shared with third parties for the following purposes:

  • External Suppliers – Specialist IT system providers to facilitate the sourcing of products, to provide continuing advice, to inform you about relevant products and services and to request feedback on customer service standards. It may also be necessary to share your personal information with non-affiliated companies who perform support services on our behalf including those that provide professional, legal or accounting advice to Medistim
  • Regulators – Sharing of information may be necessary to fulfil our legal obligations as a regulated medical devices company or cooperate with law enforcement, legal proceedings or regulatory authorities.
  • Others – Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

5. Newsletters and other marketing communication

You can opt-out of receiving marketing information at any time by contacting dataprivacy@medistim.com or by clicking on the relevant link in email communications you receive from us. Your personal information will not be passed on to any third-party organization for marketing purposes.

6. Cookies and other technologies

We sometimes collect anonymous information from visits to our site to help us provide better customer service. For example, we keep track of the domains from which people visit and we also measure visitor activity on the Medistim websites, but we do so in ways that keep the information anonymous. We use the information that we collect to measure the number of visitors to the different areas of our site and to help us make the site more useful to visitors. This includes periodical analysis to measure website traffic, the number of pages visited and the level of demand for pages and topics of interest. This information may be preserved indefinitely and used at any time and in any way to prevent security breaches and to ensure the integrity of the data on our website servers. We collect the anonymous information we mentioned above through the use of various technologies, one of which is called “cookies”. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. For example, on a website with a login system (if users register for it), cookies are used to save the visitor’s password so that it does not have to be entered at each new visit. This anonymous information is used and analyzed only at an aggregate level to help us understand trends and patterns. None of this information is reviewed at an individual level. If you do not want any transaction details used in this manner, you can disable your cookies.

You may read our cookie policy here.

7. Individual participation/access and requests related to your data

You can ask us whether we are keeping personal data about you, and you can request to receive a copy of that personal data. Before sending you any personal data, we will ask you to provide proof of your identity. If you are not able to provide proof of identity, we reserve the right to refuse to send you the personal data. We will make a sincere effort to respond in a one-month period to your request and/or correct inaccuracies in your personal information. At any time, you may request that we delete or correct your personal information. For such requests, please contact dataprivacy@medistim.com Please also find further information in section 11 and 13 below.

8. Security

We will protect the quality and integrity of your personal information. Medistim has implemented technologies and security policies to protect the stored personal data of our users from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. Medistim employees and processors who have access to personal data are obliged to respect the privacy of our visitors and the confidentiality of their personal data. Medistim will not sell or rent your personal information to anyone. We will only send personally identifiable information about you to other companies or people acting as Medistim contractors or when legitimately requested by authorities.

Any transfer of data outside the EU / EEA is made in accordance with applicable data protection laws. If there is no other legitimate reason, our international transfers of personal data (including transfers outside the EU / EEA) are based on the EU Commission’s standard contractual clauses.

We ensure that any transfer of data, made to servers in so-called third countries, lives up to the rules of secure data transfer under the GDPR and in accordance with the adequacy decisionfor the EU-US Data Privacy Framework (DPF). More information about the DPF can be found here: https://www.dataprivacyframework.gov/

9. Links to third party websites

Throughout the Medistim websites, you may find links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy notice of every website you visit.

10. Retention period and your rights

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by applicable law.

Employment Related Data will be deleted upon completion of the recruitment process unless you have given your consent to keep it, or we are required by law or other reasonable grounds be processed further.

Your legal rights regarding your personal data are as follows: You have the right to:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. You can also to ask us to delete your personal data where you have successfully objected to the processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to delete the data for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
  • Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    In addition, you have theright to make a complaint with the local supervisory authority, the Norwegian DataProtection Authority (Datatilsynet), with respect to the way Medistim isprocessing your personal data or the way your rights are handled. Applicable supervisory authority should beincluded

11. Changes to our privacy statement

Any changes we make to our Privacy Statement in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Statement.

12. Contact details to Medistim ASA – privacy support

If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact the compliance team by emailing dataprivacy@medistim.com or writing to Medistim at the below address. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.

Medistim ASA
Økernveien 94
0579 Oslo
Norway

This Privacy Policy was last updated on April 4, 2024.