Cook Group, Incorporated’s Website Notice of Certification

Under the E.U.-U.S. Privacy Shield Framework

Effective 4/30/2017

This website notice of certification to the E.U.-U.S. Privacy Shield Framework is intended to inform you about the specific companies in the Cook Group that have certified their adherence to, and comply with, the E.U.-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Union to the United States. The companies that have certified are:

• Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
• Cook MyoSite, Incorporated (Cook MyoSite), which is headquartered in Pittsburgh, Pennsylvania, and
• MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana

For ease of reference, these companies are collectively referred to as the “Cook Privacy Shield Companies” in this Website Notice. 

For additional information about the E.U.-U.S. Privacy Shield, or to view Privacy Shield certifications of the Cook Privacy Shield Companies on file with the U.S. Department of Commerce, please visit https://www.privacyshield.gov/.

Scope: The Cook Privacy Shield Companies have filed certifications with the U.S. Department of Commerce confirming their adherence to the Privacy Shield framework for E.U. personal information transferred to the U.S., in relation to clinical research, patients, human resources, customers or suppliers. The Cook Privacy Shield Companies limit their collection, processing and storage of personal information to situations where they have a legitimate business interest in the information.

Third Party Transfers: The Cook Privacy Shield Companies entrust certain personal information pertaining to E.U. individuals to third-party partners who assist those companies with their business activities, or who have regulatory or legal oversight
responsibilities in relation to certain business activities. In the context of clinical research information, the third parties include recruitment partners, research sites, ethics committees, investigational review boards, IT security partners, auditors, health authorities, and others assisting with research activities. In the context of patient information, the third parties may include organizations entrusted with patient data in relation to patient registries, as well as those who assist with signal detection, adverse event reporting, quality improvement, custom device manufacturing, or regulatory oversight. In the human resource context, the third parties may include organizations assisting the company in relation to job applicants, current employees, retirees or temporary personnel. This may include, for example, organizations that assist with job applicant websites, immigration, or providing pensions or benefits to employees or retirees. In the customer context, the third parties may include medical professionals and their staff members who interact with us in relation to the medical devices that Cook Group develops. In the supplier context, the third parties may include companies that provide equipment, services or other materials to the Cook Privacy Shield Companies in connection with their business activities. For all of these categories, the Cook Privacy Shield Companies take steps to ensure that the third parties entrusted with personal information uphold an equivalent level of protection for the data. The Cook Privacy Shield Companies also understand that they can be held responsible if their business partners entrusted with E.U. personal information violate those obligations.

Disputes: In compliance with the Privacy Shield principles, the Cook Privacy Shield Companies commit to resolve complaints about their collection or use of personal information. E.U. individuals with inquiries or complaints regarding the Privacy Shield
policies or practices should first contact dataprotectioneurope@cookmedical.com or calling us at +353 61 334440 to speak with the company’s Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O’Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. In accordance with its Privacy Shield commitments, the Cook Privacy Shield Companies have adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information within forty-five (45) days of receipt.

Third Party Dispute Resolution: The Cook Privacy Shield Companies have committed to cooperate with the E.U. supervisory authorities (SAs) with regard to unresolved Privacy Shield complaints, including those concerning human resources data transferred from the E.U. in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from the relevant Cook Privacy Shield Company, or if the company has not addressed your complaint to your satisfaction, you have the right to contact the E.U. supervisory authorities for more information or to file a complaint. The
services of E.U. supervisory authorities are provided at no cost to you.

Regulatory Oversight and Enforcement: The Cook Privacy Shield Companies are also subject to investigatory and enforcement authority of the U.S. and E.U. agencies who oversee the Privacy Shield framework, namely the U.S. Federal Trade Commission and the relevant European supervisory authorities. Individuals also have a right to file a complaint with those oversight agencies, particularly if they believe their complaint was not satisfactorily resolved through the company.

Right to Binding Arbitration: Under limited circumstances and in accordance with the Privacy Shield framework, E.U. individuals may be able to invoke binding arbitration before a Privacy Shield Panel.

Rights of Individuals to Access Their Data: E.U. individuals have the right to access personal information about them, and to limit the use and disclosure of their personal information. The Cook Privacy Shield Companies have committed to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact dataprotectioneurope@cookmedical.com or call +353 61 334440 to speak with our Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O'Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. Please note that there are certain limitations on these rights, as described in the Privacy Shield framework. 

Law Enforcement Requests: The Cook Privacy Shield Companies are required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.

Conflicts: If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles will govern.