Legal Global Privacy Notice
Updated: March 2024
Welcome
Highridge values your privacy and the protection of your personal data. This Highridge Privacy Notice (“Notice”) explains how we collect, use, share, transfer, and process information collected from or about you (“Personal Data”) by any subsidiary or affiliate of Highridge (collectively “Highridge,” “we,” “our,” or “us”).
Scope
This Notice describes the types of Personal Data that Highridge may collect or process, how we may use and disclose that Personal Data, and how you may exercise any rights you may have regarding our processing of your Personal Data. This Notice applies to Personal Data collected or processed by us online (through websites, applications, and otherwise), when we provide products or services to you, your doctor, hospital, medical treatment or scanning facility, or other healthcare provider (collectively, “Healthcare Provider,” which refers both to the Healthcare Provider institution, organization, or company, and individuals employed by or working for or with such organization), or your patients, and in other situations where you interact with us, including anywhere this Notice is posted or referenced (products, services, websites, and other systems will be referred to in this Notice as “Products and Services”). This Notice also applies to Personal Data that is collected or processed when you interact with us in-person, by telephone, or by mail.
Highridg emay have other unique privacy notices that apply to certain specific situations, such as privacy notices for specific Products and Services in various specific circumstances. To the extent you were provided with a different privacy notice or policy and those policies or notices apply, those policies or notices will govern our interactions with you, not this one.
If you provide Personal Data of anyone other than yourself, please note that you are responsible for complying with all applicable privacy and data protection laws prior to providing that information to Highridge (including obtaining consent, if necessary and required).
The Highridge subsidiary or affiliate with whom you, your Healthcare Provider, or your patient is interacting or who owns and operates the Product or Service is, where applicable, the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the data controller). A list of the data controllers can be found in Appendix 1 to this Notice, and contact details can be found in the Contact Us section at the end of this Notice.
Information Collection
Personal Data
“Personal Data” is any information that can be used to identify an individual or that we can link directly to an individual, such as name, address, email address, telephone number, credit card number, or health or treatment information, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person – such as a unique number assigned to a patient by a Healthcare Provider, even absent other identifying information. Please note that, for patients, as described below, we often receive information about you from your Healthcare Provider.
Some examples of instances where we collect Personal Data include if you:
- Register for an account for one of our Products or Services;
- Sign up for newsletters or other informational or marketing materials;
- Participate in our events, conferences, or trainings, including surgery trainings and Product and Service demonstrations;
- Ask us a question by contacting us;
- Apply for employment with us;
- Interact with us as a customer, vendor, supplier, or business partner or an employee or representative of same, including if you provide information about your customers or patients;
- Respond to our surveys or questionnaires;
- Make a complaint to us or to our customers about us; or
- Purchase, use, or receive our Products or Services.
We will process any Personal Data we collect in accordance with applicable law and as explained in this Notice (unless, as explained above, one of our other policies or notices governs). In some circumstances, if you do not want to provide us with your information, certain Products and Services may be unavailable to you.
Below is a summary of how we collect, process, and use Personal Data and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is included below, but please note that not all jurisdictions may recognize all legal bases.
Categories of Personal Data We Collect
For each category of Personal Data listed below, we describe:
- Sources of Personal Data
- Purpose of Processing Personal Data
- Legal Bases of Processing Personal Data
- Recipients of Your Personal Data
Identity and Contact Information
- Examples of Identity and Contact Information: First and last name, email address, postal address, phone number, job title, account username and password, IP address, and National Provider Identifier or state license number
- Sources: Directly from you, your Healthcare Provider, or your patients; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare or treatment, and to ensure high standards of quality and safety of healthcare and medical devices; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: Highridge, our affiliates, subsidiaries, and related companies; Healthcare Providers; patients; and partners that assist us in providing the Products or Services or help us improve our marketing or administration**
Demographic Information
- Examples of Demographic Information: Age, gender, marital status, disability, and date of birth
- Sources: Directly from you, your Healthcare Provider, or your patients; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare or treatment, and to ensure high standards of quality and safety of healthcare and medical devices; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: HIGHRIDGE, our affiliates, subsidiaries, and related companies; Healthcare Providers; patients; and partners that assist us in providing the Products or Services or help us improve our marketing or administration**
Commercial and Financial Information
- Examples of Commercial and Financial Information: Transaction records, Products and Services purchased, obtained, or considered, request documentation, customer service records, financial transaction history, and financial account number
- Sources: Directly from you, your Healthcare Provider, or your patients; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare or treatment, and to ensure high standards of quality and safety of healthcare and medical devices; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: Highridge, our affiliates, subsidiaries, and related companies; Healthcare Providers; and partners that assist us in providing the Products or Services or help us improve our marketing or administration**
Health Information
- Examples of Health Information: Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history, and treatment information, patient-reported outcome measures (e.g., responses to questionnaires and surveys), X-rays, magnetic resonance imaging, medical scans, user activity, pictures and videos of treatment activities, therapy completion and use details, and communications with your Healthcare Provider and/or patient, including audio and/or video from telehealth sessions
- Sources: Directly from you, your Healthcare Provider, or your patients; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare and treatment, for scientific or historical research or statistical purposes, and to ensure high standards of quality and safety of healthcare and medical devices; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: Highridge, our affiliates, subsidiaries, and related companies; Healthcare Providers; patients; and partners that assist us in providing the Products or Services or help us improve our marketing or administration**
Professional and Educational Information
- Examples of Professional and Education Information: Job title or position, employer, National Provider Identifier number, state medical license number, work skills, employment history, graduate degree, certification, specialized training, responses to surveys and questionnaires, and enrollment history for our education and training events
- Sources: Directly from you; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare or treatment, and to ensure high standards of quality and safety of healthcare and medical devices; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: Highridge, our affiliates, subsidiaries, and related companies; Healthcare Providers; and partners that assist us in providing the Products or Services or help us improve our marketing or administration**
Technical Information
- Examples of Technical Information: Internet Protocol (IP) addresses, browser type, browser language, device type, advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)), the date and time you use our Products and Services, Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services, activity on our Products and Services and referring websites or applications, data collected from cookies or other similar technologies**, and geolocation information
- Sources: Directly from you; from your devices; from our business partners
- Purpose: To provide you with our Products and Services; to communicate with you; to identify and authenticate you; to customize content for you; to detect security incidents; to protect against malicious or illegal activity; to ensure the appropriate use of our Products and Services; to improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; and/or for quality assurance
- Legal Bases: For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare or treatment, and to ensure high standards of quality and safety of healthcare and medical devices; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
- Recipients: Highridge, our affiliates, subsidiaries, and related companies; Healthcare Providers; and partners that assist us in providing the Products and Services or help us improve our marketing or administration**
Anonymized / De‑identified Data
- Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer consider Personal Data under data protection laws***
- Sources: Directly from you, your Healthcare Provider, or your patients; from your devices; from our business partners
- Purpose: To improve our Products and Services; for short-term, transient use; for administrative purposes; for marketing, internal research, and development; for quality assurance; and/or for our own purposes
- Legal Bases: We rely on the following purposes to anonymize personal data, after which time the data is no longer Personal Data under relevant data protection laws and does not require a legal bases for processing — For the purposes of our legitimate interests, including to support medical diagnosis and the provision of healthcare and treatment, to ensure high standards of quality and safety of healthcare and medical devices, and for scientific or historical research or statistical purposes; in the public interest; to comply with a legal obligation; to perform a contract; to protect vital interests; in circumstances where we have requested and received consent; and for other purposes that may be required or allowed by law*
*The legal bases relied upon by Highridge under the European Union’s General Data Protection Regulation (“GDPR”) and the UK GDPR include those enumerated in Articles 6 and 9, depending on the type of Personal Data.
**In limited circumstances, recipients may include, (1) in the event of a sale, assignment, or transfer, to the buyer, assignee, or transferee; and, (2) government officials, law enforcement, or others when permitted by this Notice or required by law.
***This includes in the United States the removal of identifiers from protected health information required under the Health Insurance Portability and Accountability Act (HIPAA), 45 CFR § 164.514(b)(2), for such data to be considered deidentified.
Cookies and Similar Tools
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies on our websites. Click on the different category headings in our cookies consent tool to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the website and the services we are able to offer.
You can set up or change your cookies’ preferences at any time by using our cookies consent tool at the bottom of our websites by clicking on the Shield Button.
For further information about cookies including how to see what cookies have been set on your device and how to manage and delete them, please visit www.allaboutcookies.org.
In Europe, you may also visit www.youronlinechoices.eu to exercise choices about certain cookies.
In the U.S. you may also visit the Network Advertising Initiative’s opt-out page at http://optout.networkadvertising.org/#!/ to learn how to opt-out of third-party, interest-based targeting cookies.
Children’s Information
Highridge does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 16 without the permission of such minor’s parents or legal guardians. If you think that we have collected personal information from a child under the age of 16, please contact us using one of the methods specified below, and we will work with you to address this issue.
Combination of Data
We may combine information we collect, whether Personal Data or not, with Personal Data that we may obtain from third parties, including Healthcare Providers.
Interactive Features of our Websites
To the extent we offer any public or group forums on our Products or Services, such as newsfeeds, blogs, message boards, or similar tools (“Interactive Features”), the posts or comments you make may be public and viewed by others. You should use care before posting information about yourself, including Personal Data. You acknowledge and understand that you have no expectation of privacy or confidentiality in the content you submit to Interactive Features over the Products and Services. Except when required to do so by applicable law, we assume no obligation to remove Personal Data you post on our Products and Services, and you disclose any Personal Data at your own risk.
Links to Other Websites
Our Products or Services may contain links to other websites, applications, products, or services that are not owned or operated by Highridge, such as social media websites and applications like Facebook and Twitter. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.
Safeguarding Information
Consistent with applicable laws and requirements, Highridge has put in place physical, technical, and administrative safeguards designed to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure. However, as is the case with all websites, applications, products, and services, we unfortunately are not able to guarantee security for data collected through our websites, applications, Products and Services.
Your Rights Regarding Your Personal Information
Subject to applicable data protection law, you may have a right to some or all of the following with respect to your personal data:
- To request access to your Personal Data (including under GDPR Article 15);
- To request that we rectify or erase your Personal Data (including under GDPR Articles 16 and 17);
- To object to the processing of your Personal Data (including under GDPR Article 21);
- To request that we restrict or block the processing of your Personal Data (including under GDPR Articles 21 and 22);
- To provide your Personal Data directly to another, i.e., a right to data portability (including under GDPR Article 20); and
- When we previously obtained your consent, to withdraw consent to processing (including under GDPR Article 21).
To exercise these rights, please write to us at privacy.emea@zimvie.com or HIGHRIDGE, Attn: HIGHRIDGE Privacy Officer, 10225 Westmoor Dr, Westminster, CO 80021 USA.
You may also contact our Data Protection Officer for the European Union and the United Kingdom at privacy.emea@zimvie.com. For Germany, you may also contact our German Data Protection Officer at dpo.germany@zimvie.com.
California law grants its residents certain rights regarding the collection and use of their personal information. If you are a California resident and would like to exercise your rights, please submit a request using the CA Privacy Request Form linked below or call us at 844-922-2721 so that our support team can communicate with you and provide assistance regarding your request. Please note that we may require additional information from you or your authorized agent to honor your request and may deny your request if we cannot verify your identity or status as a California resident.
CA Privacy Request Form (www.highridgemedical.com)
If you are concerned about how your Personal Data is used, please email us or contact us. You may also have the right to lodge a complaint against us. To do so, contact your local data protection authority (if one exists in your country).
Transfer of Personal Data Across National Borders
Please be aware that Personal Data we collect and process may be transferred and maintained outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including the United States. HighRidge has put in place safeguards, in accordance with applicable legal requirements, to protect your Personal Data irrespective of the standards in the country where your Personal Data may be transferred. This includes entering into agreements with third parties, such as service providers, to require them to adopt standards that ensure an equivalent level of protection for data as those we adopt.
Marketing and Promotional Emails
You may unsubscribe from any marketing or promotional emails. To do so, please email us at communications@highridgemedical.com or use the unsubscribe mechanism offered in our marketing emails or other communications, as applicable. Please note that if you already have requested our Products or Services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request.
How Long Your Personal Information Will Be Retained
We will retain your Personal Data for as long as we maintain a relationship with you, your Healthcare Provider, or your patient and/or for as long as we provide a Product or Service to you or to customers that serve you, plus a reasonable period thereafter to fulfil the purposes described above. Retention periods may be extended if we are required to preserve your Personal Data in connection with litigation, investigations and court or administrative proceedings or if a longer retention period is required or permitted by applicable law.
Special Note to Patients in the United States
- If you are a U.S. patient, please note that this Notice is distinct from your Healthcare Provider’s HIPAA Notice of Privacy Practices, which describes how your Healthcare Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. Highridge collects, uses, and discloses Personal Data it receives on behalf of your Healthcare Provider in accordance with your Healthcare Provider’s HIPAA Notice of Privacy Practices.
- If you are a patient in the E.U., please note that this Notice is distinct from your clinician, hospital, health insurance or institution (“Healthcare Provider”) privacy notice, which describes how they use and disclose your Personal Data that they collect, as well as any other privacy practices they apply.
In accordance with their privacy notices, Highridge receives data from your Healthcare Provider to allow for the proper development of the insurance relation between you and your insurer as permitted by law including minimum data in invoices and delivery notes.
Additionally, Highridge receives data from your Healthcare Provider when they report1 product events that may disclose potential product’s defects / adverse effects including patient identifier, gender, age at the time of the event and weight, and information on Highridge’s devices and products (i.e., number, type, date of use, characteristic, and adverse effects as the case may be). This information is codified by your Healthcare Provider.
The Highridge subsidiary or affiliate with whom your Healthcare Provider is interacting with or who manages the processing of products events reporting or acts as a legal manufacturer of the product (see Appendix 1 for further details) will process the data to manage the reports and evaluate the event that disclosed the product’s defect / adverse effects. This processing is based on its legal obligations and, when shared with group entities, on our legitimate interest to adequately manage such reports (for instance, when transmitting such information for administrative purposes) for which the due balancing test has been done. We are entitled to process health data based on reasons of public interest related to the need to ensure high standards of quality and safety of medicinal products or medical devices. We may also disclose this data to the recipients described above (especially to Highridge group companies as specified in the section related to “health information” in Information Collection of Highridge Global Privacy Notice ).
Personal Data may be transferred outside the European Economic Area under the safeguards described in the section “Transfer of Personal Data Across National Borders”. The information will be retained following the criteria of the section “How Long Your Personal Information Will Be Retained” and particularly to comply with the purposes of the processing as described above.
You can exercise your data protection rights (including addressing the due data protection authority) as described in the section “Your Rights Regarding Your Personal Information” and you can contact the data protection officer at the addresses included in the section “Contact us”.
[1] “*Health Care Providers shall notify product incidents events using Highridge Product Experience Report available in Highridge portal https://eservices.zimviedental.com/ or contacting the local Highridge representative or by email to emeacomplaints@zimvie.com”
EBI, LLC
Health Insurance Portability and Accountability (HIPAA)
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
EBI HIPAA Notice of Privacy Practices
Privacy Policy – Speak Up Channel
The present Privacy Policy is applicable to Highridge´s Speak Up channel (whistleblowing scheme) that allows us to receive and, if applicable, manage, investigate and take actions regarding any information or complaint received about any alleged irregularity or act contrary to the law, Highridge´s internal regulations and policies or industry practice as detailed in our website – Speak Up section (hereinafter, the “Speak Up Channel”).
1. Who is the data controller of the personal data related to Speak Up Channel? Is there a data protection officer?
The Highridge Group entities listed in the following link: Privacy Notice (www.highridgemedical.com) (hereinafter, jointly “Highridge”) are the joint-controllers for the processing of your personal data through the Speak-Up Channel. Notwithstanding this, the data received through the Speak Up Channel will be accessed by the Highridge Group entities and joint-controllers on a strictly “need to know” basis and limited only to what is necessary to carry out the relevant investigations.
The contact address of the joint controllers for the purposes of this Privacy Policy (and in case of any questions about joint-controllership regime and its operation) and the appointed data protection officer is the following: you are based in the EU or EEA privacy.emea@zimvie.com or dpo.germany@zimvie.com if you are based in Germany; in North America privacy.nam@zimvie.com; or APAC privacy.apac@zimvie.com.
2. What data do we process and how do we obtain them?
A. If you are the person filing the complaint / providing the information (hereinafter, the “Whistleblower”):
You can use the Speak Up Channel without identifying yourself directly and remaining anonymous, either completely (neither Highridge nor the platform provider will know your identity) or exclusively towards Highridge (only the platform provider will know your identity). In case you decide to remain anonymous towards Highridge, you may be contacted by our provider managing the Speak-Up Channel Convercent, Inc., to confidentially gather some additional information about the complaint, yet it will not reveal your identity to Highridge.
In any event, personal data may be collected directly from you, or from witnesses or any third party involved in the investigation. These data may include identification data (i.e. name, surname and contact details), economic data, commercial data, professional data (i.e. professional role, department, tasks, employment data), as well as any information that is the subject of the investigation or that is included in the description of the facts of the complaint. While special categories of data (such as health data, data concerning person’s sex life or sexual orientation, sanctions & infringements, etc.) would not generally be processed, depending on the information and investigation exceptionally it may be required.
B. If you are a person under investigation, witness or any third party involved in the investigation:
Your personal data may be collected directly from you, from the Whistleblower or from individuals involved in the investigation. These data may include identification data (i.e. name, surname and contact details), economic data, commercial data, professional data (i.e. professional role, department, tasks, employment data), as well as any information that is the subject of the investigation or that is included in the description of the facts of the complaint. While special categories of data (such as health data, data concerning person’s sex life or sexual orientation, sanctions & infringements, etc.) would not generally be processed, depending on the information and investigation exceptionally it may be required.
3. What are the purposes for the processing of your personal data? What are the applicable lawful bases for such processing?
Your personal data will be processed for the sole purpose of managing the Speak Up Channel and complaint / information received, investigating and taking action in relation to complaints received through Highridge´s Speak-Up Channel. This includes ensuring the protection against any reprisals towards the Whistleblower or towards other persons such as facilitators, colleagues or relative of the Whistleblower who are also in a work-related connection with the reporting person’s employer or customer or recipient of services; taking corrective action or any other action relevant to the specific misconduct/illegal conduct (e.g. informing the competent authorities, disciplinary actions, etc.); and complying with applicable regulations and, in particular, those governing the protection of Whistleblowers, as well as providing our management board with reporting on the complaints received within the Speak Up Channel on an anonymous basis.
If you are an EU resident, we process your personal data in compliance with our legal obligations to the extent that we are legally obliged to establish such a channel (under local laws implementing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law); or, for joint controllers voluntarily adhering to this Channel, on the basis of the public interest to prevent and detect misconducts and unlawful behaviors based on the same laws.
Please avoid providing us special categories of data unless strictly required for the handling of the relevant complaint. As the case may be, we will process it in accordance with the essential public interest recognized by currently applicable laws. Otherwise, we will erase them immediately.
4. Who are the recipients of your personal data?
Your personal data may be communicated to the competent judicial and administrative authorities, following the legal obligations of Highridge. Such communication is always provided to the extent legally required.
Additionally, on certain occasions, Highridge may communicate personal data received through the Speak Up Channel to other companies of the Highridge Group and joint controllers on a “need to know” basis and limited only to what is necessary to carry out the relevant investigations, and third parties, such as external consultants, auditors or persons in charge of managing the processing of the data or investigation according to the instructions received by Highridge (e.g. Convercent, Inc.).
5. Do we carry out international data transfers?
Please access our policy on transfer of personal data across national borders by clicking on this link.
If you are an EU resident, we generally process your personal data within the European Economic Area (EEA) and we procure to contract with service providers located within the EEA or in countries that have been declared as having an adequate level of protection. However, as explained below, certain processing of personal data necessary for the operation of the Speak Up Channel may be also carried out in the United States.
In those cases where we need to share your personal data with entities located outside the EEA in countries that haven´t been declared as having an adequate level of protection, we will adopt the appropriate safeguards in order to ensure the level of protection comparable to that of the European Union.
In particular, your personal data is shared with the entity Biomet 3i, LLC, based in United States, in order to ensure the aligned and coordinated operation of the Speak Up Channel in the HighRidge Group. Those joint-controllers subject to the General Data Protection Regulation 2016/679 have entered into the appropriate standard contractual clauses approved by the European Commission with Biomet 3i, LLC. Additionally, our Speak Up Channel platform provider Convercent, Inc., is also based in United States, processing the personal data on Biomet 3i LLC´s behalf in accordance with Biomet 3i, LLC and Convercent Data privacy agreement whereby Convercent agrees to adopt the required standards to ensure an equivalent level of protection for processed data. For further information, please contact Highridgeby means provided within the section “1. Who is the data controller of the personal data related to Speak Up Channel? Is there a data protection officer?”.
6. For how long do we retain your personal data?
Your personal data will be processed only for as long as necessary to carry out the investigation (including legal proceedings, if applicable) and comply with our legal obligations including the obligation to keep the Speak Up Channel’s registry for no more than 10 years.
In any case, after 3 months from the reception of the complaint in the Speak Up Channel, the personal data will be erased if it is understood that, after examining the complaint, the investigation was not appropriate or when the investigation has not been initiated.
7. Your data protection rights:
You may exercise your rights of access, rectification, erasure, portability, restriction of processing and, as the case may be, objection and/or withdrawal of consent in the terms and conditions provided under applicable data protection laws by addressing to the following email address: privacy.emea@zimvie.com for the EU or EEA; in North America privacy.nam@zimvie.com; or APAC privacy.apac@zimvie.com.
You can also file a complaint before the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The address of the European supervisory authorities can be found here.
Changes to This Privacy Notice
We may update this Notice from time to time without notice. As such, you should review this Notice periodically. We will indicate by the date below when this Notice was most recently updated.
EMEA: Local Data Privacy
Country | Language | Local Privacy Notice (Last Update 06.2023) |
Austria | German | Data Privacy Austria |
Belgium | French | Data Privacy Belgium |
France | French | Data Privacy France |
Germany | German | Data Privacy Germany |
Israel | Hebrew | Data Privacy Israel |
Italy | Italian | Data Privacy Italy |
Netherlands | Dutch | Data Privacy Netherlands |
Switzerland | German | Data Privacy Schweiz / German |
Italian | Data Privacy Schweiz / Italian | |
French | Data Privacy Schweiz / French | |
Spain | Spanish | Data Privacy Spain |
UK | English | Data Privacy UK |
Contact Us
If you have any questions, including how to access this Notice in an alternative format, please email us at privacy.emea@zimvie.com or write to us at Highridge, Attn: Privacy Officer, 10225 Westmoor Drive, Westminster, Colorado 80021 USA.
If you are located outside of the United States, such as in the European Economic Area or the United Kingdom, you may contact our Data Protection Officer at privacy.emea@zimvie.com. For Germany, you may contact our German Data Protection Officer at dpo.germany@zimvie.com. For APAC countries, you may contact our Data Protection Officer at privacy.apac@zimvie.com.You may also write to us at Highridge, Attn: Privacy Officer, 10225 Westmoor Drive, Westminster, Colorado 80021 USA.
Appendix 1: List of Data Controllers
HIGHRIDGE Controllers
Country | HIGHRIDGE Group Entity | Registered Address | Data Protection Inquiries |
Australia | Biomet 3i, Australia Pty Ltd | Suite 5, 8th Floor, 15 Talavera Road, Macquarie Park, NSW 2113, Australia | privacy.apac@zimvie.com |
Austria | ZimVie Austria GmbH | Großmarktstraße 7a1230 WienWienerbergstrasse 11/12a, Vienna, 1100, Austria | privacy.emea@zimvie.com |
Belgium | Biomet 3i Belgium NV | Schaliënhoevedreef 20T2800 Mechelen Belgium | privacy.emea@zimvie.com |
Brazil | ZimVie Brasil Comercio, Importacao e Exportacao de Produtos Medicos Ltda. | Avenida Pereira Barreto, 1.395,19º andar, Paraíso, CEP 09190-610, Santo André, Estado de São Paulo, Brasil | privacy.nam@zimvie.com |
Canada | Zimmer Biomet Dental Canada Inc. | 106-2345 Argentia RoadMississauga, ON L5N 8K4Canada | privacy.nam@zimvie.com |
Chile | ZimVie Chile SpA | Luis Thayer Ojeda, 0130 Of 902, Providencia, Santiago, Chile | privacy.nam@zimvie.com |
China | Zimmer Dental (Shanghai) Medical Device Co., Ltd | Unit 03, 23/F, Metro Plaza 555 Lou Shan Guan Road Shanghai 200 051, PRC | privacy.apac@zimvie.com |
Costa Rica | IC Guided Surgery, SRL | San Jose, Sabana Norte, diagonal al Estadio Nacional, Sabana Business Center, piso nueve | privacy.nam@zimvie.com |
France | LDR Medical SAS | Parc d’entreprises du Grand Troyes, Quartier Europe de l’Ouest, 5 rue de Berlin, 10300 Sainte-Savine, France | privacy.emea@zimvie.com |
France | Zimmer Dental SAS | 19 Rue d’Arcueil, Bâtiment Québec, 94528 Rungis, France | privacy.emea@zimvie.com |
Germany | Zfx GmbH | Kopernikusstrasse. 15,85221 Dachau Germany | dpo.germany@zimvie.com |
Germany | ZimVie Germany GmbH | Wilhelm-Wagenfeld-Strasse 2880807 Munich Germany | dpo.germany@zimvie.com |
India | ZB Dental India Pvt Ltd | 904/905, A-Wing, Damji Shamji Corporate Square, Laxmi Nagar, Andheri-Ghatkopar Link road, Ghatkopar (East), Mumbai -400 075, Maharashtra, India | privacy.apac@zimvie.com |
Israel | Zimmer Dental Ltd. | 13 Amal Street4809280 Rosh Ha’ainIsrael | privacy.emea@zimvie.com |
Italy | Zimmer Dental Italy S.r.l. | Via Italia 205/D,31015 Conegliano, Italy | privacy.emea@zimvie.com |
Italy | 3DIEMME Srl | Via Risorgimento 9 – Cantù (CO) CAP 22063, Italy | privacy.emea@zimvie.com |
Italy | Zfx Innovation GmbH | Gargazzone (BZ), Via Stazione 22, CAP 39010, Italy | privacy.emea@zimvie.com |
Japan | ZimVie Japan G.K. | 1-1 Ichigayahonmura-cho, Shinjuku-ku, Tokyo, Japan | privacy.apac@zimvie.com |
Korea | ZimVie Korea Ltd. | 117, Bundangnaegok-ro, Bundang-su, Seongnam-si, Gyeonggi-do, 4th and 5th floors, Republic of Korea (Baekhyeon-dong, Krafton Tower)” | privacy.apac@zimvie.com |
Luxembourg | JERDS Luxembourg Holding S.ar.l | 6 Rue Eugene Ruppert, L-2453 Luxembourg | privacy.emea@zimvie.com |
Mexico | Biomet 3i Mexico S.A. de C.V. | Avenida Periferico Sur #4829, Int. 402, Colonia Parque del Pedregal, Tlalpan, Zip. Code 14010, Mexico City, Mexico. | privacy.nam@zimvie.com |
Netherlands | ZimVie Netherlands B.V. | Marten Meesweg 25-G Rotterdam, 3068 AV Netherlands (effective as of 1-Feb-2022) | privacy.emea@zimvie.com |
Netherlands | HighRidge ZimVie Global Holding B.V. | Marten Meesweg 25-G Rotterdam, 3068 AV, Netherlands | privacy.emea@zimvie.com |
Portugal | ZimVie Portugal, Lda | Av. António Augusto de Aguiar19, 4º-Dtº, Sala BLisbon, Portugal 1050 012 | privacy.emea@zimvie.com |
United States (Puerto Rico) | EBI Patient Care, Inc. | Los Frailes Industrial Park, 484 Calle E, Guaynabo, Puerto Rico, 00969-3454 | privacy.nam@zimvie.com |
Singapore | ZimVie Singapore Pte. Ltd. | 1 Marina Boulevard #28-00 One Marina Boulevard Singapore 018989 | privacy.apac@zimvie.com |
Spain | Biomet 3i Dental Iberica, S.L.U | WTC Almeda Park, Calle Tirso de Molina 40, Edificia 4, Barcelona, Spain | privacy.emea@zimvie.com |
Switzerland | Biomet 3i Switzerland GmbH | Grüzefeldstrasse 418404 Winterthur Switzerland | privacy.emea@zimvie.com |
Taiwan | ZimVie Taiwan Co., Ltd. | 11th Floor, No.335, Ruiguang Road, Neihu District, Taipei City105410, Taiwan (ROC) | privacy.apac@zimvie.com |
Turkey | Biomet 3i Turkey | Ayazağa Mah. Mimar Sinan Sk. C Apt. No:21 C/44Sarıyer, İstanbul, Turkey | privacy.emea@zimvie.com |
United Kingdom | Biomet 3i UK Ltd | One Glass Wharf, Bristol BS2 OXZ, United Kingdom | privacy.emea@zimvie.com |
United States | Biomet 3i, LLC | 4555 Riverside Drive, Palm Beach Gardens FL 33410, United States | privacy.nam@zimvie.com |
United States | EBI Holdings, LLC | 399 Jefferson Road, Parsippany, NJ 07054 | privacy.nam@zimvie.com |
United States | EBI Medical Systems, LLC | 399 Jefferson Road, Parsippany, NJ 07054, United States | privacy.nam@zimvie.com |
United States | EBI, LLC | 399 Jefferson Road, Parsippany, NJ 07054, United States | privacy.nam@zimvie.com |
United States (PR) | Electro-Biology, LLC | #1 Electro-Biology BoulevardLos Frailes Industrial ParkGuaynabo, PR 00657-1359, Puerto Rico | privacy.nam@zimvie.com |
United States | Implant Concierge, LLC Texas | Suite 212, 11503 NW Military Hwy, San Antonio, TX 78231, United States | privacy.nam@zimvie.com |
United States | Zimmer Biomet Spine, LLC | 10225 Westmoor Dr, Westminster, CO 80021, United States | privacy.nam@zimvie.com |
United States | Zimmer Dental Inc. | 1900 Aston Ave., Carlsbad, CA 92008, United States | privacy.nam@zimvie.com |
United States | ZimVie Inc. | 4555 Riverside Drive, Palm Beach Gardens FL 33410, United States | privacy.nam@zimvie.com |
United States | ZimVie US Corp LLC | 4555 Riverside Drive, Palm Beach Gardens FL 33410, United States | privacy.nam@zimvie.com |