AtriCure GDPR Privacy Notice
AtriCure is a medical device company that provides innovative solutions designed to decrease the global atrial fibrillation (Afib) epidemic. Our first responsibility is to the patients and customers we serve and as part of that service, AtriCure is committed to safeguarding your privacy.
This Privacy Notice (“Notice”) describes how we process your Personal Data when you are visiting our AtriCure Website (“Website”). The Website is provided by AtriCure which, when used on this website, refers to our entire business, including AtriCure, Inc., AtriCure Europe B.V., and all other subsidiaries and affiliates. When we use the words, we or our, we mean AtriCure.
We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your Personal Data after reading this Privacy Notice, you can of course always contact us through the contact details provided below.
2. When does this Privacy Statement apply?
This Privacy Statement is applicable to the Processing by AtriCure of all Personal Data of visitors to our website: www.AtriCure.com. This includes job applicants and healthcare professionals that use our website. This Privacy Notice does not address the Processing of Personal Data of employees in the context of their employment relationship with AtriCure.
3. Who is responsible for your Personal Data?
AtriCure is the Data Controller of the Processing of all Personal Data that falls within the scope of this Privacy Notice. This Privacy Notice indicates what Personal Data are collected and used (processed) by AtriCure and for what purpose, and to which persons or entities the data will or may be provided. AtriCure may share your Personal Data with external parties.
|GDPR||The European General Data Protection Regulation, EU 2016/679. The GDPR is effective per 25 May 2018.|
|Data Controller||The legal person, administrative body or any other entity which, alone or in conjunction with others, determines the purpose of and means for Processing of Personal Data.|
|Data Processor||The person or body which processes Personal Data on behalf of the Data Controller, without being subject to the Data Controller’s direct control.|
|Personal Data||Any information relating to an identified or identifiable natural person (e.g., a person whose identity can be established reasonably without disproportionate effort by means of name, address and date of birth). By way of example but not limitation, video and voice recording are also Personal Data if the video images or the voice recording is identifiable to a natural person. If financial data (such as bank statements) relate to an identifiable natural person, such information is considered Personal Data.|
|Processing||Any operation or any set of operations concerning Personal Data, including in any case the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of Personal Data.|
5. Categories of Personal Data
AtriCure will collect and process the following categories of Personal Data from you when you visit our website (depending on the relationship we have with you).
- For example, the information you share with us when you are contacting us via e-mail or through online forms on our website (first name, last name, e-mail address, phone, gender, message).
- Job applicants who apply for a position with AtriCure through our Website can submit Personal Data through our website (name, email address, phone, position of interest, qualifications and experience, job history, education, references).
Health care professionals
- Certain areas of the AtriCure Website contain information intended only for health care professionals. Accordingly, AtriCure processes Personal Data of health care professionals. For example, when health care professionals request information from Medical Affairs, AtriCure processes their Contact Information (name, email address, mailing address and phone number, and their professional qualifications, including profession and clinical affiliation).
6. Purposes and Legal Basis of the Processing
Depending on your relationship with us, we may use your Personal Data for the following purposes:
- For business purposes: we may use your Personal Data for our business purposes including improving our programs, services and products, for record keeping and maintaining our accounts, and for other operational and administrative reasons.
- For communication and service provision purposes: we may use your Personal Data to respond to questions or comments, communicate with you about our programs, products, and services, and when we receive your Personal Data through surveys and online forms.
- To assess whether you are a suitable candidate to work with us: we may use your Personal Data when you are applying for a job at AtriCure and upload your Personal Data. We process your Personal Data in order to take steps at the request of the candidate prior to entering into a contract.
Depending on the purpose for which we process the personal data and the relationship we have with you, the processing of the Personal Data is based on one of the following legal grounds.
These “legal grounds” are set out in the GDPR and allow Controllers to process Personal Data only when the processing is permitted by that legal ground. The table below provides a description of the legal grounds that we rely on:
|For processing Personal Data and special categories of Personal Data|
|(1) Performance of our contract with you||Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.|
|(2) Consent||Processing based on your explicit consent; such consent may be withdrawn at any time.|
|(3) Compliance with a legal obligation||Processing is necessary for compliance with a legal obligation in the European Union to which we are subject.|
|(4) For our legitimate business interests||Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your Personal Data. These legitimate interests are set out next to each purpose.|
Our website uses “cookies” to help us serve you better on future visits, help you avoid having to re-enter information, and help us improve the functions of our website. A cookie is a small file that the website places on your computer for future identification purposes. A Cookie may contain your personal data if we are able to use it to identify you directly or indirectly.
We use the following cookies:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any of your personal data.
- Performance Cookies. These allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
- Targeting Cookies. Our website makes use of Google Analytics, as described below. If you choose not to allow these cookies, you will experience less targeted advertising.
Should you choose to browse our website without using cookies, if you do not want us to be able to recognize your computer, then you can prevent cookies from being saved by disabling cookies from this website. Please note that it is possible that some features or services on our website may not fully function if cookies are disabled, as described above.
Our website makes use of the Google Analytics web service from Google, Inc. Google Analytics also utilizes cookies. Examples of the items of data collected include your operating system, your browser, the AtriCure web page you accessed, and the time and date of your visit. The information generated by the text file about the use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties when required to do so by law, or where such third parties process the information on Google’s behalf. This use is made anonymously.
8. Who has access to your Personal Data?
8.1 Access to your Personal Data within AtriCure
As a global organization, data we collect may be transferred internationally throughout our worldwide organization. Our employees are authorized to access Personal Data only to the extent necessary to serve the applicable purpose and to perform their jobs.
8.2 Access to your Personal Data by third parties
Under some circumstances the Personal Data we collect may also be shared with third parties. For example, if we partner with a third party to help us provide a service to you or if we are under a duty to disclose or share Personal Data to comply with a legal obligation.
When third parties are given access to your Personal Data, we will take the required contractual, technical, and organizational measures to ensure that your Personal Data are only processed to the extent that such Processing is necessary.
If your Personal Data are transferred to a recipient in a country that does not provide an adequate level of protection for Personal Data, we will take measures to ensure that your Personal Data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.
9. How is your Personal Data secured?
AtriCure has taken adequate safeguards to ensure the confidentiality and security of your Personal Data. We have implemented appropriate technical, physical, and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful Processing (including, but not limited to, unnecessary collection) or further Processing. Examples are IT (Information Technology) security policies, staff training and secure servers.
10. How long is your Personal Data retained?
Your Personal Data will be removed or made anonymous when your Personal Data is no longer necessary for the purposes for which the Personal Data is processed.
11. How can you exercise your Privacy Rights?
Under the GDPR, you have certain rights in relation to your Personal Data. These rights are described below. If you wish to exercise one of these rights, please contact us at Privacy@AtriCure.com. To ensure an efficient follow-up, we ask you to specify your request and to indicate to which Personal Data your request relates.
You have the right to request access to an overview of your Personal Data, and under certain conditions, rectification and/or erasure of Personal Data. In addition, you may also have the right of restriction of Processing concerning your Personal Data, the right to object to Processing, as well as the right to data portability.
To invoke your right of access, rectification, and/or erasure of Personal Data, your right of restriction of Processing, and/or your right to object to Processing as well as to invoke your right to data portability, please contact us by using the contact details at the bottom of this Privacy Notice. Please keep in mind that we may ask for additional information to verify your identity.
If you have given your consent to a certain purpose, you can withdraw your consent at any time. Please keep in mind that withdrawal does not have retrospective effect. You can contact us by using the contact details at the bottom of this Privacy Notice.
12. Consent to Direct Marketing E-Mails
Health Care Professionals and other individuals must actively consent to receive emails from AtriCure containing promotional or marketing materials, product information, newsletters, surveys, professional education opportunities and related information, notice of events or meetings, research opportunities, and/or other opportunities or information that we believe may be of interest to you. AtriCure will never sell your information. We may provide your email address to a third-party vendor that may assist us with promoting some of these opportunities or provide information to you. You may opt-out of receiving emails from AtriCure at any time by clicking the opt-out link included in any email sent to you by AtriCure. AtriCure will process all opt-out requests within the timeframe required by applicable law.
13. Contact Details
Questions and comments regarding this Privacy Notice should be sent to firstname.lastname@example.org.
You may also write to us at:
7555 Innovation Way
Mason, OH 45040
A Dedicated Data Protection Officer has been assigned for data protection services to:
De Entrée 260
1101 EE Amsterdam
Should you still believe your request or complaint was not handled satisfactorily by us, you have the right to lodge a complaint with your local data protection supervisory authority. Please contact your local data protection supervisory authority through the contact details on their website.
This Privacy Notice may be changed over time. The most up-to-date Privacy Notice is published on the AtriCure website. This Privacy Notice applies May 10, 2023. The last modifications to this Privacy Notice were made on May 10, 2023.