Medtecs Group's Global Privacy Notice

Version: January, 2024

In the course of its global business Medtecs International Corporation Limited, Clarendon House 2 Church Street Hamilton HM11, Bermuda and its affiliated companies and subsidiaries (collectively, “Medtecs”) is collecting and using personal information. For information on the Medtecs entity that is responsible for collecting and processing in your country please consult: support@medtecs.com.

Medtecs’ collection and use of personal information covers information about Medtecs’ employees, customers, partners, health care professionals, end-users, job applicants, persons acting on behalf of any of the previous, and other persons that engage with Medtecs. Medtecs’ Global Privacy Notice applies to this collection and use of personal information in general, but Medtecs may make specific notices for certain collection and use. Medtecs complies with applicable data privacy law, including the U.S. California Consumer Privacy Act (“CCPA”) and EU General Data Protection Regulation (“GDPR”).

The purpose of this page is to give you – if you are a person Medtecs has information on– easily accessible information about Medtecs’ collection and use of your personal data. By clicking the topics below you will find more information about the different aspects of Medtecs’ handling of personal data:

Why does Medtecs collect your personal information?

Medtecs’ websites collect personal information to provide its products, services and support to its customers. Our services require you to set up an account and complete your purchase. This information is helpful in providing you the services and support you expect from Medtecs and that is of interest to you.

Where is the information collected?

Medtecs may collect information about you from different sources.

Information we collect from direct interaction with you (e.g. in meetings or phone calls)
Information we collect when you visit our sites, account registration, orders, exchange e-mails with us, use our online forms and services or engage with us on social media and other platforms
From other sources (e.g. from our logistic partners that send products directly to you)

How do we process the information?

Medtecs is processing personal information for a variety of purposes, depending on the nature of the relationship we have with you. For illustration see the following examples:

For GDPR

*Type of relationship*	*For what purpose(s) do we collect and use information about you?*	*On what legal basis do we process this information?*	*For how long do we keep this information?*
Contact persons with our customers and business partners (e.g. logistics partners)	To communicate and exchange products and services with our customers and partners.	To comply with contractual obligations and to pursue our legitimate interest in communicating with customers and partners, cf. articles 6(1)(b) and (f) of GDPR.	As long as we have an active relationship with the contact person. A relationship is deemed active for five years after the last interaction with the contact (e.g. calls, orders, e-mails, letters, events). Data about transactions is kept in accordance with applicable local law.
	To maintain and improve our offerings.	To pursue our legitimate interest in improving our services and offerings, cf. article 6(1)(f) of GDPR.
	To comply with quality and safety requirements (in case of reported incidents).	To comply with legal obligations and ensure high standards of product quality and safety, cf. articles 6(1)(c) and 9(2)(i) of GDPR.	As long as required pursuant to applicable quality and safety rules and requirements.
Users of our products	To deliver products and services.	To comply with contractual obligations and on basis of consent, cf. articles 6(1)(a), 6(1)(b) and 9(2)(a) of GDPR.	Data about transactions is kept for documentation purposes in accordance with applicable local law, e.g. law within the field of bookkeeping, tax or limitation of actions. Data regarding health information will be processed as long as consent from the user applies. Users will be asked to re-consent periodically (typically with 3-5 year intervals). Data will be deleted if a user withdraws consent or does not re-consent upon request.
	To provide customer support.	To comply with contractual obligations and on basis of consent, cf. articles 6(1)(a), 6(1)(b) and 9(2)(a) of GDPR.	As long as consent from the user applies. Users will be asked to re-consent periodically (typically with 3-5 year intervals). Data will be deleted if a user withdraws consent or does not re-consent upon request.
	To maintain and improve our offerings.	On basis of consent, cf. articles 6(1)(a) and 9(2)(a) of GDPR.	As long as consent from the user applies. Users will be asked to re-consent periodically (typically with 3-5 year intervals). Data will be deleted if a user withdraws consent or does not re-consent upon request.
	To comply with quality and safety requirements (in case of reported incidents).	To comply with legal obligations and ensure high standards of product quality and safety, cf. articles 6(1)(c) and 9(2)(i) of GDPR.	As long as required pursuant to applicable quality and safety rules and requirements.
Recipients of newsletters and marketing materials	To deliver newsletters and marketing materials (brochures etc.).	To comply with contractual obligations and to pursue our legitimate interest in communicating with recipients, cf. articles 6(1)(b) and (f) of GDPR – and where consent is obtained for sending newsletters – article 6(1)(a) of GDPR.	As long as the recipient is enrolled to receive materials. Data will be deleted if a recipient unsubscribes.
Recipients of newsletters and marketing materials	To maintain and improve our offerings.	To pursue our legitimate interest in improving our services and offerings, cf. article 6(1)(f) of GDPR.
Visitors on social media platforms	To market Medtecs’ products and services and to communicate with actual and potential customers. This includes tracking and analyzing traffic on our social media sites (statistics cookies) and providing tailored and targeted advertising (marketing cookies).	On basis of consent for your use of the social media platform in question and to the placement of cookies, cf. article 6(1)(a) of GDPR, and to pursue our legitimate interest in improving our services and offerings, cf. article 6(1)(f) of GDPR.	Posts, comments or likes on our social media platforms will be deleted if you decide to delete them from your profile. Statistical data do not contain personal information. However, you are free to delete cookies on your device, including statistics and marketing cookies, which means that we will no longer collect data through the said cookies. For further information about cookie retention and guidance on how to delete cookies, please refer to our cookie policy available . For further information about the social media platforms processing of your personal data, please refer to the social medias’ privacy notices.
Visitors on websites	To enable website functionality (necessary cookies).	On basis of consent for cookies from website visitors, cf. article 6(1)(a) of GDPR and to pursue our legitimate interest in improving our services and offerings, cf. article 6(1)(f) of GDPR. See consent options and details in the cookie declaration .	See details for each type of cookie in the cookie declaration.
	To allow use of visitor preferences (preference cookies)
	To track and analyze traffic on websites and social media sites (statistics cookies).
	To provide tailored and targeted advertising (marketing cookies).

For CCPA

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Personal information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information.
Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services or products to them.
Directly and indirectly from activity on our websites and e-stores. For example, from submissions through our website portal or website usage details collected automatically.
From third-parties that interact with us in connection with the services we perform.

Medtecs protects your personal information and will only allow it to be used for the mentioned purposes. Medtecs will not sell your personal information to third parties or in similar ways send it to third parties for their exploitation. Medtecs does not make use of automated decision-making, such as profiling, that will affect you as a person.

Who is handling the information?

Medtecs is responsible for handling your personal information for the specific purposes mentioned above. All personal information is handled on a need to know basis only. In some cases the information is stored or handled by third party processors that assist Medtecs with a specific service, such as online payment service providers and e-invoice providers. The third-party processors will only process the information in accordance with Medtecs’ instructions and for Medtecs’ purposes. They will not share the information with others, and they will delete the information when their tasks are completed.

We may disclose your personal data to third-party legal counsel in order to fulfill our legal or contractual obligations. This includes the transfer of information to:

logistics firms when information is needed to distribute products,
local authorities when reimbursement, fees, sponsorships or grants must be reported
If public authorities request access to your information we make a legal assessment of the request, and if applicable law requires us to disclose the information, we will comply with the request. You will be notified in accordance with applicable law in the event of any such disclosure of your information.

How is transfer of information handled securely?

Medtecs and its hosting providers maintain servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy. An adequate level of protection is ensured by use of the standard contractual clauses on data protection adopted by the EU and California protection where required. For further information about this please consult support@medtecs.com.

What are your rights?

Social medias

Medtecs and the individual social media are joint data controllers in the processing of your personal data. Medtecs complies with the guidelines of the European supervisory authorities concerning joint controllership and Medtecs attempts to ensure that you receive information on the processing of your personal information when you visit our sites on the social medias. This notice is a supplement to the general privacy policy issued by the social medias individually. Facebook, Twitter and LinkedIn have published an addendum on the joint controllership which you may go to by clicking here (FB, LinkedIn or Twitter). Since Instagram is part of Facebook, Inc., and shares the same infrastructure, systems and technology with Facebook and other Facebook affiliates, please refer to Facebook’s joint controllership addendum.

How do we process your personal data through social medias?

Medtecs uses your personal data such as behavior (e.g. based on your likes, comments or visits) or other information available on the social medias to develop, improve and protect our products and services and to perform research activities and statistics. Medtecs processes your personal data on the basis of our legitimate interest in being able to improve our products and services, cf. article 6(1)(f) of GDPR.

The social medias collect statistical data on the visitors behavior for their own purposes through cookies and pixels on your device when you visit the sites. Each cookie contains a unique identification code which remains active for a certain period, unless it is deleted prior to expiry of such period. You can read more about the social medias processing of personal data by visiting their privacy policies (FB, IG, Twitter or LinkedIn) and cookie policies (FB, IG, Twitter or LinkedIn).

How do we share your personal data?

Medtecs will at no point disclose your personal data collected via social medias to third parties.

The social medias may share your personal data internally among its subsidiaries and externally among its partners using analytical services, advertisers, other individuals, surveying partners and researchers and academics. Such transfers may include transfers to countries outside EU. For more information, please refer to the social medias’ terms and conditions and privacy policies linked to above.

How do I use my rights towards the social medias?

The social medias’ general set-up dictate that you must contact the social media in question if you wish to exercise your rights. This is why only the social medias are, in pure functional terms, capable of taking the steps necessary to comply with most of your requests. If, however, you are of the opinion that Medtecs is capable of complying with your request, please do not hesitate to contact us.

If you are a Facebook, Instagram, Twitter or LinkedIn user, you may exercise your rights by changing your privacy settings (FB, IG, Twitter or LinkedIn) or configure your preferences in order to have an influence on how your personal data will be collected and processed when you visit and use the Facebook Site.

Children

Medtecs does not knowingly collect personal information from children under the age of 13. If we learn that we have collected the personal information of a child under the age of 13, Medtecs will promptly delete such information.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA or GDPR rights.

Unless permitted by the CCPA or GDPR, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Updates and legal information

Medtecs reserves the right to make changes to this privacy notice. These changes will take effect immediately upon posting. For your convenience, the last revised date of the current notice will be posted at the bottom of this page.

This privacy notice shall, save for mandatory local law, be governed and construed in accordance with the laws of Taiwan and be subject to the jurisdiction of the courts of Taiwan.