Össur Custom Solutions Privacy Notice – 1st of August, 2019

Introduction

Össur is a global leader in non-invasive orthopedics; innovating, producing, and providing advanced technological solutions within prosthetics and bracing & supports.

Össur Custom Solutions is an app for iPads® specially designed to order new lower limb prosthetic sockets and custom liners. The Custom Solution app is used to scan residual limbs, record measurements and submit orders for sockets and custom liners.

We understand that you are aware of and care about your own and your patient’s personal privacy interests, and we take that seriously. This Privacy Notice describes Össur´ policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

This Privacy Notice is intended to provide you with information about what personal data Össur collects about you and how it is used. If you have any questions, please contact us at [email protected]

This privacy notice applies solely to the collection and processing of information through the application Össur Custom Solutions. Processing includes the collection, use, storage and disclosure of information by Össur.

The content of this page was last updated on 1st of August, 2019

Data Protection Officer

Össur is headquartered in Reykjavík, Iceland. Össur has appointed an internal data protection officer for you to contact if you have any questions or concerns about the Össur’s personal data policies or practices. The Össur´s data protection officer’s contact information are as follows:

[email protected]
Össur hf.
Grjótháls 5
110 Reykjavík, Iceland

How we collect and use (process) your personal information

Össur collects personal information about the users of the application Össur Custom Solution in the following ways:

Custom Solutions collects information about you, including patient information you provided on submitted orders. We receive your personal information when you register to use the application. Custom Solutions also collects information about how you use the app. That is:

  • We collect your name and email address that helps secure your account and provide you with access to the app. That also helps us to respond to your support requests and comments.
  • We collect information about your orders, that is patient identifier, measurements, and pictures taken by you of the residual limb to provide the Össur manufacturing process with the required data to produce your order.
  • If you include patient pictures on your Custom Solutions order, that information will be stored by Össur.
  • We collect information from your mobile device, which provide us with technical information when you access or use the application Custom Solution. This technical information includes, device and analytics information, mobile client type and mobile client operating system.

Data subject rights

The European Union’s General Data Protection Regulation 2016/679 (GDPR) and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office.

If you wish to confirm that Össur is processing your personal data, or to have access to the personal data Össur may have about you, please contact us at [email protected]

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Össur might have received the data from Össur; what the source of the information was (if you didn’t provide it directly to Össur); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Össur if it is inaccurate. You may request that Össur erases that data or ceases processing it, subject to certain exceptions. You may also request that Össur ceases using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Össur processes your personal data. When technically feasible, Össur will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost upon request made to Össur at [email protected]. If access cannot be provided within a reasonable time frame, Össur will provide you with a date when the information will be provided. If for some reason access is denied, Össur will provide an explanation as to why access has been denied.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of the application Custom Solutions, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you.

Data storage and retention

Össur uses a cloud solution called Azure. Azure is a solution provided by Microsoft and the data is stored on Azures servers in Virgina, US. Microsoft is self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Framework. We encourage you to learn more about Microsoft´s privacy practices, https://privacy.microsoft.com

Custom Solutions is an app specially designed to order new lower limb prosthetic sockets and custom liners. These products have a typical lifetime of up to 5 years. Össur will store the information for that period plus additional 2 years as a part of historical record keeping, in total 7 years. If you have any questions regarding the data storage or retention, please contact Össur´s data protection officer at [email protected].

Third Party Information

Third party information is handled in the same way as personal information described above.

If you put information about another person (for example - if you are a health care professional) into the app you are the data controller, as defined within the GDPR. As a data controller you have multiple obligations regarding the processing of personal information and as such all third-party information’s is your responsibility. It is your obligation to assure that the third-party information collected, stored and processed within the application is collected in a legitimate way and that you have fulfilled your duties.

For example:

  • Ensuring that the data is collected lawfully
  • Ensuring that the individuals the information concern are informed of your activities or have clear options to become informed
  • Ensuring that the data is accurate and up-to-date
  • Ensuring that the data is only processed within the purpose originally stated
  • Ensuring you are able to demonstrate compliance to the applicable Data Protection legislation
  • Ensuring that the information is handled with integrity and confidentiality
  • Ensuring that parental consent is provided if the information concerns children under 16 years old

Changes and updates to the Privacy Notice

As our organization, our products and this app changes this Privacy Notice is expected to change as well. We reserve the right to amend the Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice within this app. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail Custom Solutions users of material changes thereto, but you should then refer to the application to see the current Privacy Notice that is in effect and check for application updates frequently to see changes that may have been made to it.