This statement applies to all the personal information collected by Kardium Inc. (henceforth referred to as “Kardium”) from interactions with any individuals or organizations, including consumers and potential consumers of Kardium products and services (which may henceforth be referred to as “you”). The types of interaction that may be subject to data collection include but are not limited to:
- Visiting the Kardium website;
- Using the products or services offered by Kardium;
- Purchasing Kardium products or services;
- Contacting Kardium’s customer service; and
- Engaging with Kardium as a supplier, business customer, or business partner.
This includes all online and offline collections of all types of personal information, except in extraordinary situations (e.g., serious risk to public), in which case the full extent of this privacy statement would not apply. Clinical data collected for the purposes of scientific research are not within the scope of this Privacy Statement and are covered elsewhere.
Kardium collects the following personal identification information, including but not limited to:
- Contact information, such as name, address, email address, telephone number, fax number, organization name, and job title;
- Personal preferences such as food restrictions, lodging, and transportation;
- Passport information for identification or travel, social security number and other government issued details (where applicable and required by law), bank account details, and emergency contact persons;
- Marketing preferences, internet protocol (IP) address, domain, browser type, and pages visited;
- Professional credentials such as work history, qualifications, competencies, accreditations, affiliations, publications, awards, references, and signature;
- Credit status, tax identification and information, and purchase information history;
- Media, such as photos, diagrams, videos, and audio where you have provided Kardium with permission to use these articles;
- Diagnostic solutions device log data for the purposes of internal investigations and product development;
- Sensitive personal information, such as personal health information (PHI) of a patient and/or end-user where the information is legally required;
- Patient pre- and post-operative outcomes for research and marketing purposes;
- Criminal records and personal background for legal purposes.
Legal Basis for Processing
The legal basis that Kardium uses for the processing of this data is for the purposes of conducting business and meeting jurisdictional legal obligations; however, the processing utilized for the data is dependent on the jurisdictional citizenship of the individual. In general, the purposes for which data is used by Kardium include, but are not limited to:
- Establishing a contract and/or performing obligations and services required under contract, which may involve bank account information for an individual or a representative of a company;
- Communicating legitimate interests of consumers or potential consumers, such as:
- Ensuring or improving the quality of service provided;
- Providing information on the developments in the technology, products, and services of Kardium;
- General marketing and business development information;
- Communicating a potential business activity or opportunity;
- Legitimate interests of Kardium and/or the individual where preferences of the individual are beneficial for activities performed in collaboration, for example storing details on lodging information, location, and contact information of an individual who will be receiving training or attending a speaking engagement with Kardium, etc.;
- Obtaining consent for the use of information for marketing related purposes;
- Obtaining consent for the purpose of documenting a patient’s legal acknowledgement of their understanding of the purpose, risks, benefits, rights of the individual, and other important information to patient related to any clinical studies or research;
- Conforming with legal obligations related to the retention of data, such as those provided in the European Union Medical Devices Regulations, Canadian Medical Devices Regulations, 21 CFR 820, and other regulatory or legal requirements that apply to Kardium’s business activities;
- Vital interests in extraordinary cases where the information is critical for determining or communicating a public health threat to competent authorities or the general public;
- Processing special category data such as health and biometrics for the purpose of ensuring high standards of quality and safety of health care and medical devices, archiving purposes in the public interest, scientific or historical research purposes, and statistical purposes; and
- Exercise or defense of legal claims.
Where feasible, appropriate, and legally acceptable, Kardium will make an attempt to anonymize, pseudonymize, or de-identify information for the purposes above to protect the privacy of the individual.
Kardium utilizes physical, electronic, and administrative safeguards to ensure that the integrity and security of your information is protected. Disclosures of this information are only made as permitted and/or required by jurisdictional law. Kardium will only keep your information for the amount of time necessary to comply with legal obligations and/or for the period of time that Kardium has a legitimate business purpose to retain and process the data. Once this time period has expired, your data will be deleted.
As some of the data collected may be obtained by an affiliate or business partner of Kardium, the data may be stored in a country or jurisdiction outside of that in which you reside. This policy applies to all data collected within the scope of the statement and Kardium will take reasonable measures to ensure that this information is protected.
Depending on the jurisdiction in which you reside, certain data rights may apply. If you reside in the European Economic Area, these rights include:
Access – You have the right to request for copies of personal data stored by Kardium. A fee commensurate with the amount of effort required to obtain this information may be charged.
Rectification – You have the right to request that Kardium correct any information reasonably believed to be inaccurate. You also have the right to request that information be completed where it is reasonably believed to be incomplete.
Erasure – You have the right to request that Kardium erase personal data, under certain conditions where required by law. These include where Kardium no longer requires the data for purposes of which it was collected, consent is withdrawn by you, or where your rights override Kardium’s legitimate interests if used as a legal basis.
Restriction – You have the right to request that Kardium restrict the processing of data specific to you, under certain conditions. This includes circumstances where you have reason to believe that the information is incorrect, data was obtained unlawfully, where Kardium no longer has a legal basis for retention of the data, or where you have exercised your right to objection of the use of the data and Kardium is processing the request.
Objection – You have the right to object to the processing of your personal data when Kardium is relying on legitimate interests as the legal basis for processing and your rights take precedence over Kardium’s use of the data. You also have the right to object to processing of your personal data for the purposes of direct marketing.
Portability – You have the right to request that Kardium transfer the data collected to another organization, or directly to you, in circumstances where Kardium is relying on your consent or performance of a contract as a legal basis and the processing is carried out automatically.
If you make a request, Kardium will respond to you within one month. If you would like to exercise any of these rights, please contact Kardium at: firstname.lastname@example.org
Withdrawal – You have the right to withdraw consent where the legal basis for processing of personal data is based upon consent. However, if consent was provided for the purposes of processing special category data, such as data collected in a clinical study, the right to erasure and certain aspects of the right to portability is forfeited for the purposes of legal compliance.
Should you require further information or would like to exercise any of the rights mentioned above, please contact Kardium at:
155 – 8518 Glenlyon Parkway
Complaints – You also have the right to make a complaint about Kardium’s personal data handling practices. To lodge a complaint, contact the jurisdictional authority specific to your region. Citizens of the European Economic Area may lodge complaints by contacting their local Supervisory Authority.
Phone: 0303 123 1113
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit the Kardium website, Kardium may collect information from you automatically through cookies or similar technology.
Browser settings can be adjusted to not accept cookies. For further information, visit allaboutcookies.org. However, some features of the Kardium website may not function as a result.
Privacy Statement Changes
155 – 8518 Glenlyon Parkway