Data Privacy Statement

Ottobock offers orthopaedic technology services and products (hereafter referred to as “the services”). Our customers are located in several countries in both the private and public sectors. We also offer services and products to private individuals. Ottobock collects, processes and stores personal data in a lawful, correct, transparent and appropriate manner, and only to the extent that Ottobock deems this necessary. We safeguard your privacy and observe applicable legislation that is in place to protect you as an individual. We process various categories of personal data, some of which are sensitive, and some of which also fall under the national Patient Data Act.

This policy explains how we collect and use your personal data. It also describes your rights and how you can exercise these.

Please read this privacy policy carefully to understand how and for which purposes we process your personal data. By submitting your personal data to us and accepting the applicable terms and conditions, you agree to your personal data being processed as specified in the specific terms and conditions of the respective service and in this privacy policy. If more specific consent is required from you by law, we will of course ask for this.

It is important to us that you feel assured by how we process your data. Please contact us if you have any questions.

1. Data Controller

Our companies that comply with this policy are part of the Ottobock Group’s Nordic and Benelux organisations and are referred to as “Ottobock” below. The following companies are included: Ottobock Scandinavia AB, Ottobock Benelux N.V., Aktiv Ortopedteknik with 14 different companies (Aktiv Ortopedteknik i Dalarna AB, Aktiv Ortopedteknik i Gävleborg AB, Aktiv Ortopedteknik i Jämtland AB, Aktiv Ortopedteknik i Malmö AB, Aktiv ortopedteknik i Skåne Öst AB, Aktiv Ortopedteknik i Stockholm AB, Aktiv Ortopedteknik i Sörmland AB, Aktiv Ortopedteknik i Uppsala AB, Aktiv Ortopedteknik i Värmland AB, Aktiv Ortopedteknik i Västernorrland AB, Aktiv Ortopedteknik i Västmanland AB, Aktiv Ortopedteknik i Ängelholm AB, Aktiv Ortopedteknik Support i Norrköping AB, Aktiv Ortopedteknik Syd AB) and Respecta OY.

Ottobock is the data controller for the company’s processing of personal data. “Personal data” is taken to mean any information that can be directly or indirectly linked to a currently living natural person. “Processing” is taken to mean any action taken with the personal data.

If you disclose other people’s personal data, you are responsible for ensuring that Ottobock processes that personal data in accordance with the applicable terms and conditions of the privacy policy.

2. We protect your personal data – who has access to the personal data?

Only those who absolutely must have access to your personal data have access (the principle of least privilege), e.g. only those:

• participating in the care of a patient, i.e. the staff you encounter during your contact with Ottobock

• requiring the data for their work in healthcare, e.g. the reception staff when booking appointments.

Other employees at Ottobock are subject to the same principle – access is limited to those requiring it to perform their work tasks.

We use IT systems to safeguard confidentiality, privacy and access to personal data, and we take security measures to protect your personal data against unlawful or unauthorised processing (such as unauthorised access, loss, destruction or corruption). Only those individuals who actually need to process your personal data in order for us to achieve our stated objectives have access to it.

Avoid providing personal data if you contact Ottobock on social media, as it is difficult for us to protect your personal data on these platforms.

3. Purpose, processing and legal basis for processing personal data

We are transparent about the personal data we collect and how it is processed. We only collect the personal data that is necessary for the purpose.

Ottobock collects and processes your personal data when, e.g. you visit one of our centres or our website. Where it is required by law that consent be obtained for the processing of certain types of personal data or for certain forms of processing, consent will be obtained from you before processing takes place.

The data we collect depends on the context of your interactions with Ottobock.

3.1. Personal data we collect about you – Patients

PurposeProcessing performedCategories of personal data
We process your data in order to ensure a high quality of service and medical care and treatment, and to ensure patient safety.• Record keeping
• Appointment booking
• Dealing with any customer matters, such as orders, complaints and questions
• Providing advice
• Providing you with information regarding Ottobock’s business
• Conducting customer surveys
Contact details, name, address, e-mail address and phone number
Personal ID number
Photos, videos

Sensitive personal data:
Biometric data
Health data
Credit card information
Legal basis: Patient records and billing and payment information are processed in accordance with legal requirements. Other processing is carried out on the basis of performance of agreements when we fulfil our obligations towards you as a patient. Some of our centres allow you to book appointments online if you consent to the processing of your personal data during the booking process.
Storage period: Patient records are archived and saved in accordance with legal requirements until 10 years after the patient’s death in Sweden and 12 years after the patient’s death in Finland. Billing and payment information is stored in accordance with the National Accounting Act. Other data will be retained for as long as you are a customer of ours or until you actively ask us to delete your data from our services.

3.2. Personal data we collect about you – Private customers

PurposeProcessing performedCategories of personal data
We process your data in order to ensure the high quality of our services and contact with you.

In some cases, e.g. when you see a licensed orthopaedic engineer, your appointment will be documented in the same way as for a patient and a record will be kept; see the section above about Personal data we collect about you – Patients
• Appointment booking
• Dealing with any customer matters, such as orders, complaints and questions
• Providing advice
• Documenting appointments and interactions with you
• Providing you with information regarding Ottobock’s business
• Providing both general and personalised information and other offers regarding the services we provide
• Conducting customer surveys

Contact details, name, address, e-mail address and phone number
Personal ID number
Photos, videos

Sensitive personal data:
Biometric data
Health data
Credit card information
Legal basis: In cases where we have an agreement with you, e.g. through a purchase in one of our shops, the legal basis is the performance of the agreement. Billing and payment information is processed in accordance with legal requirements. If you are a potential future customer who has e.g. contacted us via our website, we believe we have a legitimate interest in contacting you. You always have the option of opting out of continued contact.
Storage period: Billing and payment information is stored in accordance with the National Accounting Act. If we have an agreement, information about you is saved for as long as you are a customer of ours and then for no more than 36 months after the end of the agreement or final contact. You have the right to object to processing relying on a legitimate interest that we have if you have personal reasons relating to the situation.

3.3. Personal data we collect about you – Corporate customers

PurposeProcessing performedCategories of personal data
We process personal data in order to ensure the high quality of our services and contact with you.• Dealing with any customer matters, such as orders, complaints and questions
• Providing advice
• Documenting appointments and interactions with you
• Providing you with information regarding Ottobock’s business
• Providing both general and personalised information and other offers regarding the services we provide
• Conducting customer surveys
• Correspondence
Contact details, name, address, e-mail address and phone number
Role
Company
Legal basis: In cases where we have an agreement, the legal basis is the performance of the agreement. If you are a potential future customer, the legal basis is legitimate interest. Billing and payment information is processed in accordance with legal requirements.
Storage period: Billing and payment information is stored in accordance with the National Accounting Act. If we have an agreement, information about you is saved for as long as you are a customer of ours and then for no more than 36 months after the end of the agreement or final contact. You have the right to object to processing relying on a legitimate interest that we have if you have personal reasons relating to the situation.

3.4. Personal data we collect about you – Suppliers

PurposeProcessing performedCategories of personal data
We process personal data to ensure deliveries and services in accordance with agreements. • Administration of agreements
• Follow-up of agreements
• Handling of complaints and other customer cases
• Implementation of other cooperation in accordance with agreements
• Correspondence

Contact details, name, address, e-mail address and phone number
Role
Information about the company
Billing and payment information
Legal basis: In cases where we have an agreement, the legal basis is the performance of the agreement. Billing and payment information is processed in accordance with legal requirements.
Storage period: Billing and payment information is stored in accordance with the National Accounting Act. If we have an agreement, the information is saved for as long as you are one of our suppliers and then for no more than 36 months after the end of the agreement or final contact.

3.5. Personal data we collect about you – Consultants, partners

PurposeProcessing performedCategories of personal data
We process personal data to ensure deliveries and services in accordance with agreements.• Depending on the purpose, this is described in the agreement with the consultant or other partner
Contact details, name, address, e-mail address and phone number
Role
Employer
Billing and payment information
Legal basis: The legal basis is the performance of agreements. Billing and payment information is processed in accordance with legal requirements.
Storage period: Billing and payment information is stored in accordance with the National Accounting Act. If we have an agreement, the personal data is saved for as long as you are one of our suppliers and then for no more than 36 months after the end of the agreement or final contact. Any results from completed assignments can be saved for as long as the project is still relevant to the business.

3.6. Personal data we collect about you – Participants in our training and events

PurposeProcessing performedCategories of personal data
The personal data is processed in order to manage applications for and participation in training and events, and in order to provide information on our business.• Applications and registration
• Communication concerning training and events
• Sending of newsletters and training materials
• Publication of e.g. images on our website or other communication material
• Correspondence

Contact details, name, e-mail address, phone number
Employer
Information on any allergies
Billing information
Photos and videos
Other information you provide
Legal basis: Performance of agreements; in order to provide training and events, we need to process your personal data.
We process photos and videos in accordance with legitimate interest, since the processing is deemed necessary to provide information about the business. As a participant, you will always be informed that the photos may be used to provide information about the business, and you will always be able to object to this.
We have a legal obligation to process billing and payment information.
Consent; Ottobock avoids processing sensitive personal data if there is no legal basis. We ask that you do not send us sensitive personal data (e.g. data on health, ethnic origin, political or religious beliefs). If you do provide us with such information, Ottobock will interpret this as you consenting to the registration of this information in the manner described in this privacy policy and in accordance with the purpose stated in connection with the submission of the data. This means that if you provide information, e.g. before training, stating that you are allergic to something and have dietary requirements, we will assume that you want this information to be registered with us. This information will be deleted after the training or event.
Storage period: Information about any allergies will be deleted after the training or event. Other information will be saved for as long as there is a specified purpose and we can ascribe this to balance of interests.
If you have personal reasons relating to the situation, you have the right to object to processing relying on a legitimate interest.
Billing and payment information is stored in accordance with the National Accounting Act.

3.7. Personal data we collect about you – When completing forms on our websites

PurposeProcessing performedCategories of personal data
We process your data in order to sign you up to receive Ottobock’s newsletter.
It may also be for the purpose of processing and managing your enquiry, answering questions and managing your case, or improving our services and contact with you.
• Registering your enquiry
• Providing you with information on Ottobock’s business
• Providing both general and personalised information and other offers regarding the services we provide.
Contact details, name, e-mail address, phone number, address.
Area of interest
Who you are, e.g. healthcare professional, user, relative
Your correspondence
Legal basis: Performance of agreement; if you are a customer with us and have a question about any of our products, you can contact us via our website.
Legitimate interest; the information you provide to us via the website is voluntarily provided. Ottobock has limited the information we request to a minimum to be able to handle your enquiry or your case.
Consent; it is possible to provide additional information in free text fields. If you provide personal data in the field, including sensitive personal data, Ottobock will interpret this as you consenting to the registration of this data.
Storage period: The data will be saved until the case is closed, and then for another 12 months to ensure traceability in your communication with us.
Ottobock may still use the data if there is a specified purpose and we can ascribe this to balance of interests. If you have personal reasons relating to the situation, you have the right to object to processing relying on a legitimate interest.
If you no longer wish to receive newsletters or other information from us, you can always opt out by following the instructions in our e-mails or contacting us using the contact information in this document.

3.8. Personal data we collect about you – Job applicants

PurposeProcessing performedCategories of personal data
Managing the recruitment of new employees in connection with applications for an advertised role or registration of interest for future roles.• Administration and recruitment to select suitable candidates and future employeesContact details, name, address, phone number, e-mail address
Personal ID number
Your correspondence
Other information you provide in your CV and cover letter, e.g. education, work experience, title, photograph and health information
Certificates and information from referees
Results from personality tests
Notes from interviews with you and referees
Legal basis: The legal basis for this processing is the conclusion of an employment contract. Spontaneous applications sent to us are processed based on our and your legitimate interest in managing upcoming recruitment.
When recruitment is complete, it is a legal obligation to save the documents so that any disagreement on compliance with discrimination legislation can be handled.
Consent; Ottobock avoids processing sensitive personal data if there is no legal basis. We ask that you do not send us sensitive personal data (e.g. data on health, ethnic origin, political or religious beliefs). If you do provide us with such information, Ottobock will interpret this as you consenting to the registration of this information in the manner described in this privacy policy and in accordance with the purpose stated in connection with the submission of the data. This means that if you provide information, e.g. health information in a job application, we will assume that you want this information to be registered with us.
Storage period: Your data is saved for the duration of the recruitment process and then for the remainder of the current year and for another two years. Spontaneous applications are saved for up to three years if you do not recall your application before this.

3.9. Personal data we collect about you – In the event of other contact with us

PurposeProcessing performedCategories of personal data
For the purpose of processing and managing your enquiry, answering questions and handling your case, supplying ordered information, and improving our services, our contact with you and the information we provide and publish via our website.• Registering your case and your contact information
• Communicating about your case
• Providing you with information on Ottobock’s business
Contact details, name, phone number, address, e-mail address
Any company information
Information you provide as part of your case
Your correspondence
Legal basis: Consent; you decide for yourself what information you provide to us in connection with your case.
The legal basis for dealing with your case is legitimate interest.
Storage period: The data will be saved until the case is closed, and then for another 12 months to ensure traceability in your communication with us.

4. Where do we collect your personal data from?

We collect personal data from you when you visit one of our centres, but we may also have received it via the medical referral sent to us.

Other methods we use include cookies and web beacons when you visit our website, complete our customer surveys or participate in any of our training or events.

Ottobock occasionally coordinates or imports personal data from databases within and outside of Ottobock (e.g. from Facebook or Google). We may receive personal data about you from other companies within Ottobock or our partners.

It is important for Ottobock to always keep your personal data up to date and accurate, which is why we may import personal data about you from external sources such as public registers.

5. We may share your personal data with others

In some cases, we employ companies to act as data processors on our behalf, in which case a data processor agreement has been drawn up. Examples of services where we use data processors include IT services (technical operations, support and maintenance), payroll administration, and communication (print and distribution, social media).

To offer you high quality services and contact with us, we may also share your personal data with companies that are independent data controllers. Independent data controllers with which we share your personal data may be suppliers of products requiring the information in order to e.g. manufacture the product or deliver the correct size. In some cases, products are also delivered directly to you from our suppliers.

There may also be companies that offer solutions used within the business to handle orders and purchases, e.g. in a shop.

Ottobock may disclose personal data to third parties, such as e.g. the police or another authority, if they are investigating a criminal offence or if Ottobock is otherwise obliged to disclose such data by law or pursuant to an authority decision.

If we sell, reorganise or otherwise transfer all or part of our business, your personal data may be transferred at the same time.

6. Storage of personal data

Ottobock stores personal data in accordance with this privacy policy and applicable legislation. Personal data may be transferred between companies within Ottobock to be processed for the purposes specified in the terms and conditions of the privacy policy. Ottobock uses subcontractors for e.g. computer services, and personal data may therefore be transferred to these subcontractors. Our subcontractors will only process your personal data on behalf of Ottobock, in accordance with our instructions and only after they have signed a data processor agreement pursuant to applicable law in order to ensure a high level of protection for your personal data.

Ottobock does not normally transfer personal data to countries outside the EU/EEA, but if we e.g. have a subcontractor in a country outside the EU/EEA or this is necessary for us to fulfil our contractual obligations, the transfer of personal data outside the EU/EEA may take place even if that country, according to the European Commission, does not have adequate protection of personal data. The level of protection is guaranteed either by a decision from the European Commission that the country in question will ensure an adequate level of protection or by the use of so-called appropriate safeguards. Examples of appropriate safeguards include model contract clauses, binding corporate rules or Ottobock entering into data processor agreements with such subcontractors. Such data processor agreements govern the processing of personal data by subcontractors and, where applicable, the transfer of personal data in accordance with the EU/EEA rules on the protection of personal data. These agreements contain terms and conditions required by the European Commission and which satisfy the requirements stipulated by applicable law to protect the transferred personal data.

7. Other applications/websites

The services may contain links to other applications and/or websites that are not controlled by Ottobock. This privacy policy only applies to your use of the services. Ottobock is not responsible for the content of linked applications/websites and the processing of personal data that may be carried out by owners or operators of linked websites.

Google Analytics collects data when you visit our site. You can prevent your data from being collected by Google Analytics by clicking the link below. An opt-out cookie will be set to prevent your data from being collected during future visits to this website: Turn off collection of information via Google Analytics .

More information about how Google Analytics handles data can be found in Google’s privacy policy

8. Protection and deletion of personal data

Ottobock has taken appropriate technical and organisational measures to protect your personal data against e.g. manipulation or unauthorised access. We continuously adapt our security measures to ongoing technological developments.

Ottobock deletes personal data in accordance with applicable law. This means e.g. that Ottobock deletes or de-identifies personal data when the purpose of processing the personal data no longer exists. The purpose of our processing of your personal data is set out in section 3 above.

9. What rights do I have?

You have several rights regarding data protection. We describe your rights and how you can exercise these below.

  • Right of access (register extract) – a right to obtain confirmation of and information about your personal data processing.
  • Right of correction – a right to have incorrect information corrected.
  • Right of deletion – a right to have certain data deleted.
  • Right of objection – a right to object to our processing if this is done for balance of interests or direct marketing purposes.
  • Right to limited processing – a right to demand the limitation of personal data processing, e.g. if you deem the data to be inaccurate.
  • Right to data portability – a right to demand that personal data be transferred from us to another data controller.
  • Right to revoke consent – a right to revoke your consent at any time.
  • Right to file a complaint – a right to complain to the National Data Protection Authority if you believe that your personal data is being processed in violation of the applicable regulations.

If your personal data has changed, please inform Ottobock of this when you are next in contact with us or using the contact information in section 12 of this policy.

Ottobock will, at your request or when Ottobock detects this, correct or delete incorrect or incomplete information.

9.1. How do you exercise your rights?

If you have any questions or wish to get in touch with us regarding your rights, please feel free to contact us at the address given in section 12.

Requests for extracts must be made in writing to Ottobock at the address given in section 12, and must be signed by you personally and include your name, postal address, telephone number and e-mail address (used in communication with Ottobock). The extract will be sent to your registered address within one month of the application being submitted to Ottobock. How often you have the right to receive an extract may vary depending on where you live.

10. Cooperation with authorities and the National Data Protection Authority as supervisory authority

Ottobock will cooperate with the relevant supervisory authorities including the National Data Protection Authority in accordance with applicable data protection regulations. The National Data Protection Authority will be consulted if necessary. In the event of written complaints, the person concerned will be contacted and the case followed up. If the case cannot be resolved within a reasonable time, Ottobock will request the assistance and support of the relevant authority.

If you believe that Ottobock is not satisfying the current requirements of the General Data Protection Regulation (GDPR), you may file a complaint with the National Data Protection Authority.

E-mail: datainspektionen@datainspektionen.se
Telephone: +46 (0)8-657 61 00
Postal address: Datainspektionen, Box 8114, SE-104 20 Stockholm

11. Changes to the policy

Changes to this privacy policy will be announced through the publication of the new terms and conditions on Ottobock’s websites, and we therefore recommend that you check these regularly.

12. Contact

If you have any questions or concerns regarding our processing of your personal data, please feel free to contact us via privacy@ottobock.se

If necessary, Ottobock will ensure that your e-mail is forwarded to and handled by the relevant Ottobock company.