Privacy Policy - HOLOGIC

19 July 2021 – Data Privacy Notice GYN SURGICAL SOLUTION WEBSITE

This Privacy Notice informs you of important information about how Hologic Ltd and our family of companies (together, “Hologic” “we” or “our”) process the personal data that we collect when using the Website gynsurgicalsolutions.co.uk.

Hologic is comprised of Hologic Ltd and its group of subsidiary companies which are different legal entities. These Disclosures are issued on behalf of this group of entities so when we mention ”Hologic”, “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in the group responsible for processing your data.

The data controller responsible for this website is Hologic Ltd. Heron House, Oaks Business Park, Crewe Road, Wythenshawe, Manchester, M23 9HZ, UK.

Our General Data Privacy Statement of the Hologic Group you can find here https://www.hologic.com/privacy-policy.

When we use the term “Services” we mean to refer collectively to:

The provision of medical technology and related services to our customers including technical support (“Customer Services”);
The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
Interactions with prospective customers and marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).

When we use the term “personal data” we mean data that reasonably can be used to identify a person, or that reasonably relates to a person.

How we collect and use personal data

We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our Sites, vendors, and other individuals.

Contact possibility via the Site: The Site contains information that enables a quick electronic contact to us, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

Social media links via graphics: Social media channels, pages and blogs offered as a service to users of the Services (“Social Media”) are hosted by third-party vendors. We integrate the following Social Media sites into our Site. The integration takes place via a linked graphic of the Site. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.

Once you click, that network may record information about you and your visit to our Site. Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.

The following social networks are integrated into our Site by linked graphics

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Twitter

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Glassdoor

Glassdoor Hiring Solutions Ireland Ltd., 70 Sir John Rogerson’s Quay, Grand Canal Dock, Dublin 2, D02 R296, Ireland, a subsidiary of Glassdoor, Inc., a Delaware corporation with offices at 100 Shoreline Highway, Mill Valley California, USA.

Analyses Tools:

Use of Google Analytics

Our Site uses Google Analytics, operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. Google Analytics uses cookies. Each team you visit our site the cookie stores information such as access time, the location from which access was made and the frequency of site visits, as well as the IP address you use.

You can configure the use of cookies by reviewing your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of this Site. You can also opt-out of having made your activity on this Site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. Please visit the Google Analytics Opt-out Browser Add-on to learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies,

For further information to Google and Data Privacy see https://policies.google.com/privacy?hl=en&gl=en

Other Tools:

Use of Google Tag Manager

Our website uses the Google Tag Manager. This service enables website tags to be managed via an interface. The Goolge Tag Manager only implements tags. This means that no cookies are set and no personal data is recorded. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data.

Cookies

We use Cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Site to enhance and personalize the experience, to understand usage patterns, and to improve our Site, products, and Services. Cookies are small text files or other storage technologies stored on your computer by your browser. These Cookies process certain specific information about you, such as your browser, location data, or IP address. This processing makes our Site more user-friendly, efficient, and secure. For more information on our specific Cookies used please see our Cookie settings on the Site. The legal basis for such processing is Art. 6 Para. 1 lit. f) GDPR/UK GDPR.

Additional uses of personal data

In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, are necessary to serve our legitimate interests in the following business operations, or to comply with our legal obligations:

Operating our business, administering the Services and managing your accounts;
Contacting you to respond to your requests or inquiries;
Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
Providing you with marketing information, and other information that is tailored to your interests;
Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
Enforcing our Terms of Use and other agreements

How we share and disclose personal data

We share personal data with the following categories of recipients.

Service Providers: We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.

Affiliates: We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior customer service and engagement experience that our customers have come to expect from us around the world.

Authorized Distributors: In some regions, we sell our products through distributors rather than directly to buyers. In these regions, we may disclose personal data in order to provide the Services, complete transactions, address product deliver and warranties.

To Perform Customer Services: We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.

Corporate Transactions or Events: We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.

Other Legal Reasons: In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Hologic, our affiliates, you and others; and (7) to enforce our terms and conditions.

Data Retention

We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in the Hologic Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR/UK GDPR.

The criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:

Legitimate Interests	For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
Contractual Necessity	For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
Legal Obligation	For the duration of time we are legally obligated to keep the information.
Consent	For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see Data Subject Rights below).

We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

Transfers of information across borders

Any information that you provide to us is stored and processed in, and transferred between, any of the countries in which Hologic and its agents, contractors and affiliated organizations have offices, in order to enable Hologic to use that information as set out in this Privacy Notice.

Not all of these countries have data protection laws equivalent to those in force in the UK or EEA. In order to ensure the protection of your personal data outside of the UK and EEA we have put in place or ensured at least one of the following safeguards:

Using approved Standard Contractual Clauses approved by relevant authorities as ensuring adequate safeguards.
Transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by relevant authorities.
Obtaining your consent to transfer personal data after first informing you about the possible risks of such transfers.
Transferring personal data where it is necessary for the performance of a contract between you and us, or if the transfer is necessary for the performance of a contract between us and a third party that was entered into in your interest.
Transferring personal data where it is necessary to establish, exercise or defend legal claims.

Data Security

We seek to use reasonable organizational, technical and administrative measures to protect personal data within Hologic. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.

Data Subject Rights

Individuals whose personal data we process subject to the GDPR/UK GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.

Access: Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.

Rectification: Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.

Restriction: Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.

Objection: Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.

Withdrawal of Consent: Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.

Erasure: Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent, or where we are relying on legitimate interests as a legal basis and the individual’s rights override our legitimate interests.

Portability: Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.

Make a Complaint: Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority https://ico.org.uk/make-a-complaint/

E-mail Marketing

We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.

Updates to this Privacy Notice

Although most changes are likely to be minor, Hologic may change its Privacy Notice from time to time, and at Hologic’s sole discretion. Hologic encourages visitors to frequently check this page for any changes to its Privacy Notice.

How to contact us

To assert one of your legal rights described in these Disclosures, or if you have questions about these Disclosures or our data handling practices, please email data.privacy@hologic.com or write to:

Hologic Ltd. Heron House, Oaks Business Park, Crewe Road, Wythenshawe, Manchester, M23 9HZ, UK