EEA Privacy Notice

 

About Boston Scientific Cardiac Diagnostics

Boston Scientific Cardiac Diagnostics, Inc, is a United States-based corporation focused on mobile health solutions and remote monitoring services that connect healthcare providers and patients threatened by cardiac arrhythmias. 

Our tech-enabled, service-based approach utilizes our cloud-based infrastructure, data analytics and machine learning capabilities to facilitate the clinical decision-making of treating providers. We listen closely to the needs of our customers to create revolutionary remote care technologies and services that connect patients and providers in a way that redefines healthcare – and works without interruption to daily life.  

Boston Scientific Cardiac Diagnostics Services, LLC, and Boston Scientific Cardiac Diagnostics Technologies, Inc. (collectively, “BSC CDx”) are the primary data controllers of your personal data. 

Please note this privacy notice is not addressed to patients.

About This Privacy Notice

At BSC CDx, your privacy is important to us. This Privacy Notice is intended to provide information about how we process the personal data of individuals in the European Economic Area (EEA), United Kingdom and Switzerland. We collect and process personal data in different contexts, and we do so in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 also known as the “GDPR”, the Data Protection Act 2018 (the “UKDPA”), and applicable local data protection laws.

This privacy notice applies to information collected by BSC CDx, as data controller, through our website, our monitors and portals, or in the course of our business activities; including all personal data in any format or medium, relating to all healthcare providers, vendors and others who do business with BSC CDx. 

Additional privacy notices may apply depending on the purposes of personal data processing. These dedicated notices shall be available at the time of collection of personal data for that specific purpose.

Information Collection and Use

Personal data is data that can be used to identify you, directly or indirectly. The main categories of personal data BSC CDx may collect about you are described below along with the main purposes for which they are processed and legal grounds for the processing:

  • Business contact information. We collect business contact information (such as names, email address, telephone number etc.) from current and potential customers, and from marketing activities and events, in order to provide information regarding our products and services, facilitate the provision of those products and services (for example, when you create an account within our portal to utilize and access our services), deliver monitoring services and supplies, and ensure quality, security and compliance. We also collect such information from current and potential business partners and vendors to assess and facilitate those business relationships set up and management. We will also collect your contact details if you request information or submit questions to us via this website, including other personal data that you decide to share with us.
  • Job applicant and human resources related information. We may collect certain employment-related data if you apply for and/or accept employment with BSC CDx .This includes username and password, full name, email address, telephone number, mailing address, driver’s license number, social security number or other unique personal identifier, emergency contact information, educational and work experience information, certification and licensure information, resume, language(s), job and salary preferences and expectations, professional references, employment benefit and beneficiary information, financial information, work performance, and training information. This information will mainly be processed for evaluating and considering you for the position(s) which you have applied; this may include communicating with you for job interviews and to update you on your status and respond to your inquiries.
  • Cardiac and health related information. We generally process, as data processor, patient and study subject information related to arrhythmia monitoring, cardiac event, digital holter, pacemaker monitoring and ambulatory blood pressure monitoring (such as, patient electrocardiogram data, date of birth and/or age, relevant symptoms and diagnoses). This information may also include contact information for the patient or study subject, emergency contact information, mailing address, information about health insurance and/or other information necessary for BSC CDx to provide the technology and/or monitoring services. This information is owned by the physicians, healthcare practices, hospitals or clinical research, which act as data controllers. BSC CDx will process these data as data processor following the instructions of the healthcare providers. Please note the sections of this website addressed to patients are only addressed to US patients. In the event that BSC CDx acts as data controller of patient data, it will ensure that a dedicated privacy notice is provided to patients.
  • Cookies. BSC CDx only uses strictly necessary cookies for operating this website and making it available to you. We do not perform any analytics or tracking about your online behavior when you visit or navigate this website. 

Legal Basis for Data Collection and Use

We may collect and process your personal data on the following legal grounds, depending on the processing operation at hand:

  • We have collected your prior consent;
  • We have performed a contract with you or taken steps prior to entering into a contract with you;
  • We need to collect and process your personal data to comply with our legal obligations, for example for vigilance obligations, transparency-related obligations, etc.;
  • We rely on our legitimate interests, and we have balanced your interests or fundamental rights and freedom in determining whether the processing is legitimate and lawful. For example, to conduct our day-to-day business operations, to facilitate coordination and communication with healthcare providers to process payments, etc.

Data Sharing and Transfers

BSC CDx may only share your personal data on a need-to-know basis to the recipients listed below, in the context of the purposes described above and in compliance with applicable law.  Such access will be limited to the amount of information necessary to carry out the appropriate purpose:

  • Group of companies. BSC headquarters in the U.S., our affiliates and subsidiaries for purposes consistent with this Notice. Please see a list of BSC entities here;
  • Service providers that perform various activities on behalf and following the instructions of BSC CDx, such as those that provide services related to report processing, billing, quality, security, compliance, legal, product development, information technology and other such services. The agreement concluded between BSC CDx and these service providers contain the appropriate safeguards, including but not limited to the obligation to implement technical and organizational measures.
  • Data Controllers: We may share patients’ personal data with data controllers such as an ordering or treating healthcare provider, a study sponsor or investigator, or other appropriate individuals at a hospital, clinic or other such facility participating in your study, diagnosis or care, and insurance companies and other payers if required to and only following their instructions.
  • Government agencies, law enforcement personnel, authorities and other regulatory bodies. We may only disclose your personal data to public authorities, if permitted by law to meet national security requirements, or as part of a legal process, in order to protect our property or legal rights to report adverse events, product defects, problems or biologic product deviations, to track products in order to enable product recalls, to make repairs or replacements, to conduct post-marketing surveillance, or other such purposes as may be required by applicable law, regulation or guideline.
  • Potential acquirers and other stakeholders in the event of a corporate sale, merger, reorganization, dissolution or similar event of BSC CDx;
  • Emergency Situations. In certain circumstances, where the health or security of an individual may be endangered, we may share your personal data with an emergency contact, healthcare worker, emergency responder or other such individual.

Some of our affiliates, subsidiaries and third parties to whom we transfer personal data are located outside the European Economic Area (EEA), Switzerland or the United Kingdom. To ensure your personal data will still be processed in compliance with our standard of data protection and applicable law, BSC CDx has implemented EU Standard Contractual Clauses as adopted by the European Commission between its entities as well as with third parties and has taken additional safeguards such as encryption of the data in transfer. You can ask for more information on the safeguards implemented by BSC as described in the Contact Section.

Your Rights

Where applicable, you have the following rights:

  • Right of access: you have the right to obtain confirmation as to whether or not your personal data is processed, and, if so, to request access to the personal data held on you;
  • Right to rectification: you have the right to have inaccurate personal data about you rectified or completed if it is incomplete;
  • Right to erasure: You have the right to have your personal data delated.
  • Right to restriction of processing: you have the right to request from us that we limit the way we use your personal data.
  • Right to withdraw consent: you have the right to withdraw your consent at any time with future effect.  Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent nor of continued processing activities that are not based on consent.
  • Right to object: you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data; and we may have to stop processing the data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; you also have the right to object to the processing for direct marketing purposes. Each individual marketing email that we send out gives recipients the chance to easily opt out of future marketing. The right to object for other processing activities will be balanced to ensure that it is not incompatible with local regulations or our legitimate interests.

If you have provided us with your consent, you can withdraw it at any time.

In some countries, you may have the rights to provide guidelines about the processing of your personal data after your passing away.

You also have the right to lodge a complaint with a competent data protection authority where you believe where you believe that your rights have been violated. List of EU data protection authorities is available here.

You can exercise any of the above rights by contacting us using any of the methods in the Contact Information section below.

BSC CDx will attend to your request in a timely manner within thirty (30) days after receiving your request and appropriate identity-verifying information. If for any reason we need to extend this time period, we will contact you.

Children’s Data Protection

BSC CDx does not knowingly solicit or collect personal information from or about children through its services or technologies except as permitted under applicable law. Where consent may be required for purposes of a cardiac study or clinical research, parents or legal guardians must provide consent on behalf of any minors (with the age of minority as determined by the relevant jurisdiction). This website is not intended for use by minors without the explicit consent of a parent or legal guardian. If your child has submitted personal information and you would like to request that such information be deleted from our records, you may do so by contacting us via the contact options below.

Security 

BSC CDx takes security seriously. We use reasonable and appropriate data protection measures, such as robust technologies, security policies and procedures, to reduce the risk of misuse, alteration, accidental destruction or loss, and unauthorized disclosure or access to our systems and data. We follow industry standards and best practices to protect your personal data during transmission and once we receive it.

Retention Periods

BSC CDx applies the storage limitation principle to retain personal data in our records only for the length of time required to fulfill the purpose for which the data was collected. We will only retain your personal data for as long as it is necessary to achieve the purposes listed above, or alternatively, until you object to the processing of your data or withdraw the consent which you have previously provided. However, where BSC CDx is required by law, regulation or contractual obligation to retain your personal data longer, or where your personal data is required for BSC CDx to assert or defend against legal claims, we will retain your personal data until the end of the relevant retention period or until the claims in question have been settled.

Changes to This Privacy Policy

We may modify this policy, and all modifications will be effective immediately upon our posting of the modifications on this website. The time stamp you see on the policy will indicate the last date it was revised. Changes to this notice will be available by accessing our website www.cdx.bostonscientific.com (the “Website”) or by contacting us and requesting that a revised copy be mailed to you. If BSC CDx makes a material change to this policy, we will notify you prior to the changes, where required, via your account email address or by a Website notice.

Other Websites

Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites, we recommend you to read their own privacy policies.

Contact Information

If you want to exercise your rights under the GDPR, please use the contact details below. You can also direct any data protection-related issues, questions, comments or complaints to BSC CDx by using the contact details below:

Email: EuropePrivacy@bsci.com or through our Data Subject Request Form

Postal Mail:
Boston Scientific - DPO
c/Ribera del Loira, 46 Edificio 2
28042 Madrid (Spain)

Please note, when you contact us, you may be required to appropriately verify your identity.

Last Updated June 2023

BODYGUARDIAN: Indications, Safety and Warnings