PRIVACY STATEMENT
Privacy is very important to us. We also understand that privacy is very important to you. This Privacy Statement tells you how we protect and use information that we gather through this MCMS Application (the “Licensed Application”). This Privacy Statement does not apply to other applications provided by MCMS or its parent or other affiliates. You should review the privacy statement provided for other applications when you use them. This Privacy Statement is intended for a U.S. audience.
This Privacy Statement was last revised on August 28, 2018. We may change this Privacy Statement at any time and for any reason.
Please read our Terms of Use to understand the general rules about your use of this Licensed Application. Except as written in any other disclaimers, policies, terms of use, or other notices on this Licensed Application, this Privacy Statement and the Terms of Use are the complete agreement between you and Medtronic with respect to your use of this Licensed Application.
This Licensed Application is owned and operated by Medtronic Care Management Services, LLC ("MCMS"). MCMS is the name we use to refer to our business, which is owned/controlled by parent Medtronic plc. . When we use the words "we" or "our," we mean MCMS. The information we receive, and how we use it, depends on what you do when using the Licensed Application.
We collect and use both personal information (information that is identifiable to you personally) and non-personal information about you through this Licensed Application. Please see below for a definition of personal and non-personal information, and how MCMS may use them.
Personal information is information we collect through this Licensed Application that can specifically identify you and your care givers (i.e., individuals who you authorize to access your information). Personal Information includes, but is not limited to:
User Name
First name
Last name
Biometric Health Data, e.g., blood pressure, blood glucose
App Activity
Phone number
Device Serial Number
E-mail address
Model Number
Images and videos
IP addresses
Other device identifiers that may identify you
Any other information that you provide to us through this Licensed Application
We may keep and use personal information from you through this Licensed Application to provide you with access to this Licensed Application. In addition, we may collect and use your personal information:
If you are a Patient, to transmit data to your Health Care Provider
To send you push notification, such as to let you know of recent updates
To send you reminders
To respond to your requests
To develop records including reports of your personal information, e.g., goals, educational content, and interactive sessions for your use
For analytical purposes and to research, develop and improve programs, products, services and content
To create a set of data that has only non-personal information. In this case, we would remove your personal identifiers (your name, biometric data, etc.) and we may treat it like other non-personal information
To enforce this Privacy Statement and other rules about your use of this Licensed Application
To protect our rights or property
To protect someone's health, safety or welfare
To comply with a law or regulation, court order or other legal process
MCMS will not share your personal information collected from this Licensed Application with an unrelated third-party without your permission, except as described below. Note that we do not consider health care providers that utilize our services on your behalf, or insurers that pay for your care, to be third parties.
In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. In all cases in which we share your personal information with a third-party, we will only allow them to keep, disclose or use your information to provide the services we asked them to provide. We will not sell, exchange or publish your personal information, except in conjunction with a corporate sale, merger, dissolution, or acquisition.
We may be required to release your Personal Information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in
investigating and prosecuting users of this Licensed Application who violate our rules or engage in behavior which is harmful to other users (or illegal). In addition, we may keep, disclose, and use your Personal Information in order to comply with FDA and other governmental guidance, directions, regulations, and laws.
We may disclose your personal information to third parties if we feel that the disclosure is necessary to:
Enforce this Privacy Statement and the other rules about your use of this Licensed Application
Protect our rights or property
Protect someone's health, safety or welfare
Comply with a law or regulation, court order or other legal process
Non-personal information is information we collect through this Licensed Application that does not identify you as an individual. It may include information such as the following:
The date and time you access this Licensed Application
The links within this Licensed Application on which you click
Wi-Fi/Cell status
Links you click on our mobile application
How you use this Licensed Application
Data about the performance of this Licensed Application
Because non-personal information cannot identify you, there are no restrictions on the ways that we can use or share non-personal information. We are always looking for ways to better serve you and improve this Licensed Application. We will use non-personal information from you to help us make this Licensed Application more useful to users. We also will use non-personal information for other business purposes. For example, we may use non-personal information or aggregate non-personal information to:
Create reports for internal use to develop programs, products, services or content
Customize the information or services that are of interest to you (including determine which features to show.
Share it with third parties
This Licensed Application may contain links to other apps or websites. Some of those websites or apps may be operated by MCMS, and some may be operated by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites or apps operated by others. This Privacy Statement does not apply to any other
application or website, even if operated by MCMS or its parent or other affiliates. We are not responsible for the performance of applications or websites operated by third parties or for your business dealings with them. Therefore, whenever you leave this Licensed Application we recommend that you review each application or website's privacy practices and make your own conclusions regarding the adequacy of these practices.
We may contact you periodically through this Licensed Application using secure two-way messaging as part of the services that we or your health care team provide.
California law (CalOPPA) requires MCMS to let you know how we respond to web browser "Do Not Track (DNT) signals". Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.
Security is very important to us. We also understand that security is important to you. We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You should keep in mind that no online database or Internet transmission is ever 100% secure or error-free. You acknowledge that you are solely responsible for maintaining the confidentiality and security of any of your data available via this Licensed Application on your mobile device, by using an ID and password credentials for your mobile device.
Supplemental Privacy Notice for California Residents
This notice for California residents supplements the information contained in our Privacy Statement and applies solely to residents of the State of California. We adopt this Supplemental Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Supplemental Notice. Under the California Consumer Privacy Act (“CCPA”), you have certain rights in relation to some of your personal data, including the right to certain disclosures and explanations of rights. This section explains your rights under California law.
California law (CalOPPA) requires Medtronic, plc to let you know how we respond to web browser 'Do Not Track (DNT) signals'. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.
Categories of Personal Information We Collect
Medtronic collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“personal information”). We may have collected the following categories of personal information from consumers through our websites, apps, services, devices, or other services within the twelve (12) months preceding the effective date of this Privacy Statement:
Identifiers such as
Name
Address
Unique personal identifier (e.g., device ID, online identifier)
Internet Protocol address
Email address
Account name
Social security number
Driver’s license number, or
Other similar identifiers
Characteristics of protected classifications under California/federal law (e.g., age, race, sex, medical condition, etc.)
Medical information
Health insurance information
Financial information, including credit card numbers
Biometric information (e.g., imagery of the iris, retina, fingerprint, face, or other data that contain identifying information)
Commercial information (e.g., purchase history)
Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
Professional, employment-related, or other similar information
publicly available from government records,
de-identified or aggregated consumer information,
health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, or
certain personal or financial information covered under certain sector-specific privacy laws.
For additional information, please see How Does Medtronic Keep and Use Personal Information.
We obtain the categories of personal information listed above from the following categories of sources:
Directly from consumers’ interactions with us, including with our devices, applications, websites, services, and representatives
Publicly available sources
Customers, including health care providers and insurance providers
Organizations with whom we partner to provide services to consumers
In the past 12 months, we have used or disclosed the personal information we collect for our operational purposes and for one or more of the following business purposes:
To provide products and services to consumers
To respond to consumer requests
To improve and personalize consumer access to and experience on our website, for example, by telling consumers about new features, products, or services that may be of interest to them
To develop records, including records of consumers’ personal information
To contact consumers with information that might be of interest to them, including information about clinical trials and about products and services of ours and of others
For analytical purposes and to research, develop, and improve programs, products, services and content
For activities to monitor and maintain the quality or safety of our products and services
For activities described to consumers when collecting their personal information or as otherwise permitted under CCPA
For U.S. healthcare providers, to link name, National Provider Identifier (NPI), state license number, and/or IP address to web pages they visit, for compliance, marketing, and sales activities
To conduct audits and perform troubleshooting activities of our websites, products, and services
To detect and protect against security incidents and deceptive, malicious, or fraudulent activity
To ensure our website, products, apps, and services function as intended, including debugging and repairing
To comply with a law or regulation, court order or other legal process
Please see How does Medtronic Keep and Use Personal Information in our Privacy Statement for more information.
Medtronic will not share consumers’ personal information with an unrelated third party without permission, except as described below. Medtronic may share personal information with any member of our corporate group, including parent companies, subsidiaries, and affiliates, and other companies in which we have an ownership or economic interest for purposes that are consistent with those identified in our Privacy Statement and this Notice.
In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. In all cases in which we share consumers’ personal information with a third party, we will only allow them to keep, disclose, or use consumers’ information to provide the services we asked them to provide.
We may be required to release consumers’ personal information in response to a court order, subpoena, search warrant, law, or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting users who violate our rules or engage in behavior which is harmful to other users or illegal. In addition, we may keep, disclose, and use consumers’ personal information in order to comply with U.S. FDA and other governmental guidance, directions, regulations, and laws.
We do not sell personal information of California consumers.
This does not include disclosures that are not a “sale” under the CCPA, including when
consumers instruct us to disclose their personal information,
a consumer instructs us to interact with a third party that does not sell that information,
we use or share consumers’ personal information pursuant to a written contract with a service provider that is necessary to perform a business purpose, where our contract prevents the provider from using, keeping, or disclosing consumers’ personal information for any purpose other than the reason supplied in the contract, or
consumers’ personal information is transferred as part of a transaction in which the third party assumes control of all or part of our business.
Personal Information on Minors
We do not sell personal information of California consumers, including minors.
Right to Access. If you are a California consumer, you have the right to ask us to send you the following information up to two times in a twelve-month period:
The categories of personal data we have collected about you.
The categories of sources from which we collected the personal data.
Our business or commercial purpose for collecting personal data.
The categories of third parties with whom we share personal data.
What categories of personal data we disclose about you for business purposes.
What categories of personal data we sell or exchange for consideration about you.
The specific pieces of personal information we have collected about you.
Right to Delete. If you are a California consumer, you have the right to ask us to delete the personal data about you we have collected. We may deny the request if the information is necessary to:
complete a transaction, including providing a requested or reasonably anticipated good or service, or fulfill a contract between the consumer and Medtronic;
detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity, or take against those responsible for such activity;
debug to identify and repair errors impairing intended functionality;
exercise free speech or another right provided for by law;
comply with the California Electronic Communications Privacy Act;
engage in research in the public interest adhering to applicable ethics and privacy laws where the consumer has provided informed consent;
enable solely internal uses reasonably aligned with the consumer’s expectations based on the consumer’s relationship with Medtronic;
comply with a legal obligation; or
otherwise use the information internally in a lawful manner compatible with the context in which the consumer provided the information.
Right to Opt-out. If a business sells personal information to third parties, California consumers have the right, at any time, to opt out of the sale or disclosure of their personal information to third parties. Medtronic does not sell personal information to third parties.
If you are a California resident and you want to submit a request or inquiry to us regarding your California rights, you or your authorized agent can contact us here or call us at 1-866-639-6907 starting January 1, 2020. You do not have to create an account with us to submit a request.
Your request will be confirmed within ten days of receipt and we will respond within 45 days. If we need more than 45 days, we will notify you that your request is being delayed.
We can only respond to your request if it is verifiable. This means we are obligated to take reasonable steps to verify your identity or your authorized agent’s authority and your right to access the information you request. We may ask for additional information that will help us do
so. We will only use that additional information in the verification process, and not for any other purpose.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you have questions or comments about this Privacy Statement, please use using one of the following methods:
Mail:
Medtronic Care Management Services 7980 Century Boulevard
Chanhassen, MN 55317 Phone:
+1-952-361-6467 or Toll-Free at +1-888-243-8881
Fax:
+1-888-320-8881