Cook Group, Incorporated’s Website Notice of Certification

Under the E.U.-U.S. Privacy Shield Framework

Effective August 1, 2017

 

This website notice of certification to the E.U.-U.S. Privacy Shield Framework is intended to inform you about the specific Cook Group companies that have certified their adherence to, and comply with, the E.U.-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Union to the United States. The Cook Group companies that have certified are: 

  • Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana,
  • Cook MyoSite, Incorporated (Cook MyoSite), which is headquartered in Pittsburgh, Pennsylvania, and
  • MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana 

For ease of reference, these companies are collectively referred to as the “Cook Privacy Shield Companies” in this Website Notice.

For additional information about the E.U.-U.S. Privacy Shield, or to view Privacy Shield certifications of the Cook Privacy Shield Companies on file with the U.S. Department of Commerce, please visit https://www.privacyshield.gov/.

Scope: The Cook Privacy Shield Companies have filed certifications with the U.S. Department of Commerce confirming their adherence to the Privacy Shield framework for E.U. personal information transferred to the U.S., in relation to the following types of personal information: clinical research, patients, human resources, customers, and suppliers. The Cook Privacy Shield Companies limit their collection, processing, and storage of that personal information to situations where they have a legitimate business interest in the information.

Third Party Transfers: In certain situations, the Cook Privacy Shield Companies entrust personal information pertaining to E.U. individuals to third-party partners who assist those companies with their business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. The third parties may include, for example, research recruitment partners; research sites; ethics committees; investigational review boards; IT security partners; auditors; health authorities; business partners assisting with patient data such as in relation to patient registries, signal detection, adverse event reporting, quality improvement, custom device manufacturing and regulatory oversight; organizations assisting with recruitment or human resource activities relating to active or retired personnel, such as those assisting with job applicant websites, immigration, pensions, or other benefits; those assisting in the customer context, such as medical professionals and their staff members who interact with the Cook Privacy Shield Companies in relation to the medical devices that Cook Group develops; and those assisting in the supplier context, such as third parties that provide equipment, services, or other materials to the Cook Privacy Shield Companies in connection with their business activities. The Cook Privacy Shield Companies take steps to ensure that the third parties entrusted with personal information uphold an equivalent level of protection for the data to that required under the Privacy Shield framework. The Cook Privacy Shield Companies also understand that they can be held responsible if their business partners entrusted with E.U. personal information violate those obligations.

Disputes: In compliance with the Privacy Shield principles, the Cook Privacy Shield Companies commit to resolve complaints about their collection or use of personal information. E.U. individuals with inquiries or complaints regarding the Privacy Shield policies or practices should first contact us at: 

2017September_Privacy Shield_Contact Info-1.png

In accordance with its Privacy Shield commitments, the Cook Privacy Shield Companies have adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information within forty-five (45) days of receipt.

Third-Party Dispute Resolution: The Cook Privacy Shield Companies have committed to cooperate with the panel established by the E.U. data protection authorities (DPAs) with regard to unresolved 3 Privacy Shield complaints, including those concerning human resources data transferred from the E.U. in the context of the employment relationship, as well as for all other types of E.U. personal information encompassed within the Privacy Shield certification of the Cook Privacy Shield companies. If you do not receive timely acknowledgment of your complaint from the relevant Cook Privacy Shield Company, or if the company has not addressed your complaint to your satisfaction, you have the right to contact the E.U. supervisory authorities for more information or to file a complaint. The services of E.U. supervisory authorities are provided at no cost to you.

Regulatory Oversight and Enforcement: The Cook Privacy Shield Companies are also subject to investigatory and enforcement authority of the U.S. and E.U. agencies who oversee the Privacy Shield framework, namely the U.S. Federal Trade Commission and the relevant European supervisory authorities. Individuals also have a right to file a complaint with those oversight agencies, particularly if they believe their complaint was not satisfactorily resolved through the company.

Right to Binding Arbitration: Under limited circumstances and in accordance with the Privacy Shield framework, E.U. individuals may be able to invoke binding arbitration before a Privacy Shield Panel.

Rights of Individuals to Access Their Data: E.U. individuals have the right to access personal information about them, and to limit the use and disclosure of their personal information. The Cook Privacy Shield Companies have committed to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact [email protected] or call +353 61 334440 to speak with our Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O'Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. Please note that there are certain limitations on these rights, as described in the Privacy Shield framework.

Law Enforcement Requests: The Cook Privacy Shield Companies are required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.

Conflicts: If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles will govern.