Össur Portal Privacy Notice – 1st of May 2020

Introduction

Össur is a global leader in non-invasive orthopedics; innovating, producing, and providing advanced technological solutions within prosthetics and bracing & supports.

The Össur Portal is an online platform for the ordering of products. Given the right information the platform has the ability to recommend applicable products from Össur´s wide range of products.

We understand that you are aware of and care about your own and your patient’s personal privacy interests, and we take that seriously. This Privacy Notice describes Össur´ policies and practices regarding its collection and use of your personal data and sets forth your privacy rights.

We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

This Privacy Notice is intended to provide you with information about what personal data Össur collects about you and how it is used. If you have any questions, please contact us at [email protected]

This privacy notice applies solely to the collection and processing of information through the application Össur Portal. Processing includes the collection, use, storage and disclosure of information by Össur.

The content of this page was last updated on 1st of January, 2020

Data Protection Officer

Össur is headquartered in Reykjavík, Iceland. Össur has appointed an internal data protection officer for you to contact if you have any questions or concerns about the Össur’s personal data policies or practices. The Össur´s data protection officer’s contact information are as follows:

[email protected]
Össur hf.
Grjótháls 5
110 Reykjavík, Iceland

Your rights

If you reside in the EU/EEA, you may exercise any of the rights described in this section by contacting us at [email protected]. Please note that we may ask you to verify your identity before taking further action on your request.

If you wish to confirm that Össur is processing your personal data, or to have access to the personal data Össur may have about you, please contact us at [email protected]

You may also request information about:

  • the purpose of the processing; the categories of personal data concerned;
  • who else outside Össur might have received the data from Össur;
  • what the source of the information was (if you didn’t provide it directly to Össur);
  • and how long it will be stored.

You have a right to correct (rectify) the record of your personal data maintained by Össur if it is inaccurate.

You may request that Össur erases that data or ceases processing it, subject to certain exceptions.

You may also request that Össur ceases using your data for direct marketing purposes.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Össur processes your personal data.

When technically feasible, Össur will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost upon request made to Össur at [email protected]. If access cannot be provided within a reasonable time frame, Össur will provide you with a date when the information will be provided. If for some reason access is denied, Össur will provide an explanation as to why access has been denied.

The data we collect about you 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender. 
  • Contact Data includes billing address, delivery address, email address and telephone numbers. 
  • Financial Data includes bank information and payment card details. 
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. 
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites, applications and services.  
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.   
  • Usage Data includes information about how you use our website, products, applications and services.  
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

Special Categories of Personal Data 

Being that Össur´s services and products are often related to the health of individuals we might store Special Categories of Personal Data  (this includes information about health and biometric data) if such data is provided to us when purchasing our products, using our services and/or applications and/or if such data is provided by a medical practitioner or other organisation who are authorized to enter personal data on others behalf into our sites, systems or applications.  

How we collect and use (process) your personal information

Össur collects personal information about the users of the Össur Portal in the following ways:

  • Direct interactions. You may give us your Identity, Contact, Health and Financial Data by filling in forms or by corresponding with us. This includes personal data you provide when you:
    ·        create an account on the application;
    ·        apply for our products or services;
    ·        use the application;
    ·        request marketing to be sent to you;
    ·        request marketing to be sent to you;
    ·        enter a competition, promotion, seminar, or survey; or give us feedback or contact us.
  • Automated technologies or interactions. As you interact with application, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

Why we collect and use (process) your personal information

We collect your name and email address to secure and provide you with access to the Össur Portal. That also helps us to respond to your support requests and comments.

If you request so, we will use your name and email address to provide you with marketing material. That includes new products, update to services, updates to the app, regular marketing material, events and material related to our services and products.

We collect information about your orders, that is patient identifier, measurements, and pictures taken by you of the residual limb to provide the Össur manufacturing process with the required data to produce your order.

If you include patient pictures on your Portal order, that information will be stored by Össur.

We collect information from your mobile device, which provide us with technical information when you access or use the Össur Portal. This technical information includes, device and analytics information, mobile client type and mobile client operating system.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of the application Össur Portal, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you.

Data storage and retention

To help protect the privacy of data and personally identifiable information you transmit through use of the application Össur Portal, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you.

Azure
Össur uses a cloud solution called Azure. Azure is a solution provided by Microsoft and the data is stored on Azures servers in Virgina, US. Microsoft is self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Framework. For more information about Microsoft´s privacy practices, click here

SalesForce
Össur also uses a cloud solution provided by Salesforce. The data is stored on Salesforce servers in Frankfurt, Germany (GER) and Paris, France (FRA). Salesforce is self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Framework. For more information about Salesforce´s privacy practices, click here

Pardot
Pardot is a B2B marketing automation by Salesforce which we use to keep customers informed about upcoming events, product updates/ new features, etc. When you consent to receiving our marketing material we log that consent, along with your email address, with Pardot. We do this to comply with legal requirements and to improve our marketing campaigns and make their content more relevant for you. For more information on Pardot's privacy policy, click here.

Retention
Össur Portal is a platform specially designed to order new lower limb prosthetic sockets and custom liners. These products have a typical lifetime of up to 5 years. Össur will store the information for that period plus additional 2 years as a part of historical record keeping, in total 7 years. If you have any questions regarding the data storage or retention, please contact Össur´s data protection officer at [email protected].

Third Party Information

Third party information is handled in the same way as personal information described above.

If you transfer information about another person (for example - if you are a health care professional) into the application you are the data controller, as defined within the GDPR. As a data controller you have multiple obligations regarding the processing of personal information and as such all third-party information’s is your responsibility. It is your obligation to assure that the third-party information collected, stored and processed within the application is collected in a legitimate way and that you have fulfilled your duties.

For example:

  • Ensuring that the data is collected lawfully;
  • Ensuring that the individuals the information concern are informed of your activities or have clear options to become informed;
  • Ensuring that the data is accurate and up-to-date;
  • Ensuring that the data is only processed within the purpose originally stated;
  • Ensuring you are able to demonstrate compliance to the applicable Data Protection legislation;
  • Ensuring that the information is handled with integrity and confidentiality;
  • Ensuring that parental consent is provided if the information concerns children under 16 years old

Changes and updates to the Privacy Notice

As our organization, our products and this app changes this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice within this app. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail Össur Portal users of material changes thereto, but you should then refer to the application to see the current Privacy Notice that is in effect and check for application updates frequently to see changes that may have been made to it.