PRIVACY

PRIVACY | POLICY

Introduction


At Carilex Medical Group we are committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Policy describes the personal information that Carilex Medical Group collects from or about you, and how we use and to whom we disclose that information.


Application


Carilex Medical has adopted a series of Privacy Policies in order to address the specific privacy concerns of certain groupings of individuals and specific issues relating to the use of our website, customer database, and email server. This Privacy Policy applies to the personal information of all individuals who, including but not limited to, has or seek to have business relationship with Carilex Medical Group, or who seek to be, are, or were employed by Carilex Medical Group.


Organizations Covered by this Policy


The Carilex Medical Group (“Carilex”) includes the parent company, Carilex Medical Inc. and its affiliated entities.

All references in this Privacy Policy to "Carilex", "we", "us", "our" and like terms should be interpreted accordingly.


Policy of Compliance


It is Carilex’s policy to comply with the privacy legislation within each jurisdiction in which we operate. Sometimes the privacy legislation and / or an individual's right to privacy are different from one jurisdiction to another. This Privacy Policy was developed to guide the activities of Carilex. In addition, specific privacy practices may be adopted to address the specific privacy requirements of particular jurisdictions.

This Privacy Policy has a limited scope and application and the rights and obligations contained in this Privacy Policy may not be available to all individuals or in all jurisdictions. If you are unsure if or how this Privacy Policy applies to you, please contact the office of our Privacy Officer for more information.


What is Personal Information?


We collect and maintain different types of personal information including the personal information contained in:

  • Company trading name;
  • Delivery and site addresses;
  • Company registration number;
  • Sales and accounts contact name, email, and telephone number;
  • Company telephone numbers;
  • Company VAT;
  • Invoice activity;
  • Full bank details;
  • Other information essential for the trading relationship;
  • Photographs and video;
  • Email correspondence that may be stored on Carilex server;
  • mandatory policy acknowledgement sign-off sheets;
  • payroll information; including but not limited to social insurance number, pay cheque deposit information;
  • wage and benefit information;
  • forms relating to the application for, or in respect of changes to, employee health and welfare benefits; including, short and long term disability, medical and dental care; and
  • beneficiary and emergency contact information.

    In addition to the examples listed above, personal information also includes information such as name, home address, telephone, personal email address, date of birth, customer identification number, employee identification number and marital status, and any other information necessary to Carilex’s business purposes, which is voluntarily disclosed to Carilex.

    In addition to the examples listed above, personal information also includes information such as name, home address, telephone, personal email address, date of birth, customer identification number, employee identification number and marital status, and any other information necessary to Carilex’s business purposes, which is voluntarily disclosed to Carilex.

    From time to time, we may utilize the services of third parties in our business and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.

    Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.

    The type of data we collect from you will depend upon the type of interaction you have with us:

  • From our customers and vendors:

    When you are a customer or vendor, we may collect the following types of personal data in the context of our interaction with you: full name, employer name, work contact details (including address, phone number, fax number and email address), account number, financial information (including card number, card expiration date, bank details and VAT-number), credit check information, logo, photos, videos, biographies and CV’s for educational programs, contract information (including start and end date of rental of products), insurance information and order and delivery information (such as ship to locations);

  • From patients who use our products or services:

    When you are a patient using one of our products or services, we may collect the following personal data or sensitive personal data about you: your name, date of birth, date of death, gender, address, phone number, identification number, wound details (including descriptions, measurements and photographs), other health-related information, therapy information (including therapy date, prescription information and diagnosis);

  • From job applicants:

    When you apply for a job at Carilex we may collect the following personal data: full name, contact details (i.e., address, phone number and email address, etc), date of birth, driver’s license details, passport details, work permit if applicable, employment history and education details, names and contact details of referees, next of kin details (in the event of an emergency), bank details, tax code. Information not relevant to the application will not be collected; and

  • From visitors of our websites:

    In addition to the data which you actively provide to us through our websites (for example, by submitting your email address), we may collect certain personal data by automated means, such as cookies, internet tags, web beacons and similar automated data collection means when you visit our websites.

    Cookies are files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings on your device. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. Please note, however, that without cookies you may not be able to use all of the features of our websites and online services.

    In conjunction with gathering information through cookies, our web servers may log information such as your browser type and version, as well as the domain from which you access the internet. We also record the address of the web page that referred you to our websites and the IP address of the device you use to connect to our websites. We also log information about your interactions with the websites, such as which pages you visit, date and time of your visit, search terms you used and links on which you clicked. To control which web servers collect information by automated means, we may place tags on our web pages called “web beacons,” which are small files that link web pages to particular web servers and their cookies. We also may send instructions to your device using JavaScript or other computer languages to gather the types of personal data described above. We may use third party web analytics services on our websites, such as those of Google Analytics. These service providers help us analyze how visitors use the websites. The information obtained for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers.

    The providers of third party plug-ins and widgets on our websites, such as embedded videos and social media-sharing tools, may use automated means to collect information regarding your use of the websites and your interactions with the plug-ins and widgets. This information is subject to the privacy policies or notices of the providers of the plug-ins and widget.

    We use the following types of cookies:

    Name of Cookie Purpose of Cookie Session/Persistent Cookies
    JSESSIONID Session

    To the extent required by local applicable law, we will obtain your consent before collecting your personal data via cookies or similar automated means.

    Please also note that our websites may contain links to third party websites, which are not subject to this EU Privacy Policy or our privacy standards and procedures. Please be aware that we are not responsible for, nor do we endorse, the content or privacy of these third party sites. We strongly encourage you to review the privacy policies applicable to such sites before interacting with them.

    In general, we may collect the above mentioned personal data or sensitive personal data from individuals when they:

    • contact us by phone, email, post or via the website;
    • manage or change their accounts;
    • participate in surveys.

    Furthermore, we may collect personal data in a variety of ways depending on your interaction with us:

  • From our customers, when they:
    • - request the supply and/or delivery of one of our products or services;
    • - request a quote for our products or services;
    • - arrange payment for use of our products or services;
    • - enter into a contract as well as during the performance of such contract
  • From our vendors or suppliers, when they enter into a contract for the delivery of products or services to us, as well as during the performance of such contract.
  • From patients who use our products or services, we may collect personal data or sensitive personal data during the adverse event reporting process directly from the patient when using our products or services, as well as from their treating doctor, clinic, hospital, nursing service providers, duly authorized representatives.
  • From job applicants, when they apply for a job at Carilex via post or in any other way, as well as from recruiters we have retained and from referees which have been provided by the job applicants in support of their job application (where required, consent is obtained from applicant before approaching previous employers).
  • From visitors of our websites, when they visit and interact with our websites and any other webpage that we own and manage.

Why Do We Collect Personal Information?


The personal information collected is used and disclosed for our business purposes, including establishing, managing or terminating your relationship with Carilex. Such uses include:

  • Fulfilling legal obligations in accordance with Article 6(1)(c) GDPR;
  • Protecting legitimate interests in accordance with Article 6(1)(f) GDPR;
  • Fulfilling duties and exercising our specific company rights in terms of Article 9(2)(b) GDPR;
  • Enforcing, exercising or defending legal claims in accordance with Article 9(2)(f) GDPR; and
  • Other legitimate purposes for the purposes of Article 5(1)(b) GDPR.
  • processing employee work-related claims (e.g. worker compensation, insurance claims, etc.)
  • establishing training and/or development requirements;
  • conducting performance reviews and determining performance requirements;
  • gathering evidence for disciplinary action, or termination;
  • establishing a contact point in the event of an emergency (such as next of kin);
  • complying with applicable labor or employment statutes;
  • compiling directories;
  • ensuring the security of company-held information; and
  • such other purposes as are reasonably required by Carilex.


How Do We Use Your Personal Information?


We may use your personal information:

  • for the purposes described in this Privacy Policy; or
  • for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information.

    We may use your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

    We process personal data when it is necessary for the purposes of the legitimate interests pursued by us and/or by a third party partner, except where such interests are overridden by the interests or fundamental rights and freedoms of individuals, such as the following:

    1. Collecting and analyzing product performance, service and reliability data;
    2. Organizing education and training sessions for healthcare professionals or technicians in respect of the use of our products;
    3. Carrying out market research and product development;
    4. Training our staff; and
    5. Conducting our internal business and management processes, for example, accounting, auditing and master data management.

    We also process personal data when it is necessary for complying with our obligations under local national applicable law, including our statutory and financial reporting, adverse event reporting, and tax obligations.

    In addition, we process personal data when it is necessary for the performance of a contract to which the individual is a party or in order to take steps at the request of the individual prior to entering into a contract, such as the following:

    1. Service delivery and order fulfillment, for example, providing our products to hospitals for use with patients and arranging for the pick-up and delivery of our products to customers
    2. Invoicing, managing accounts and carrying out debt-recovery functions;
    3. Collecting and processing payments;
    4. Performing credit checks;
    5. Providing customer and/or technical support and other customer relationship management functions (for example, enabling the fitting, activation, maintenance and management of a patient’s use of our products);
    6. Dealing with enquiries or complaints and resolving disputes; and

    Finally, we process personal data when the individual has given (explicit) consent to the processing of his or her personal data for one or more specific purposes. This is the case for the following purposes:

    1. Marketing our products or services when you have given us permission to do so, by telephone, email, text messaging or other established electronic methods;
    2. Any other purposes of which we have informed you at the time of the data collection.

    In addition to the purposes listed above, personal data and/ or sensitive personal data collected from you during your visit to our websites may be used to:

    • provide better website services and customize the website based on your preferences and interests;
    • compile statistics and analyze trends about the use of our websites;
    • perform market research;
    • create reports for internal use to develop programs, products, services and content; and
    • provide aggregated “traffic statistics” and “response rates” to third parties.

    Carilex limits the processing of your personal data and/or sensitive personal data to what is strictly necessary for the purposes for which it is collected.


When Do We Disclose Your Personal Information?


We may share your personal information with our employees, contractors, consultants and other parties who require such information to assist us with establishing, managing or terminating our relationship with you, including: parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of products or services to you. In some instances, such parties may also provide certain information technology and data processing services to us so that we may operate our business. We may share personal information with such parties both in and outside of your home jurisdiction, and as result, your personal information may be collected, used, processed, stored or disclosed in Taiwan, United Kingdom, Italy, San Marino, United States of America, and in some cases, other countries.

When we share personal information with such parties we typically require that they only use or disclose such personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy.

In addition, personal information may be disclosed or transferred to another party in the event of a change in ownership of, or a grant of a security interest in, all or a part of Carilex through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise.

Further, your personal information may be disclosed:

  • as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavor to not disclose more personal information than is required under the circumstances;
  • to comply with valid legal processes such as search warrants, subpoenas or court orders;
  • as part of Carilex’s regular reporting activities to other members of the Carilex Medical Group (including outside of your home jurisdiction);
  • to protect the rights and property of Carilex;
  • during emergency situations or where necessary to protect the safety of a person or group of persons;
  • where the personal information is publicly available; or
  • with your consent where such consent is required by law.

Monitoring


The work output of Carilex’s employees, whether in paper record, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by Carilex.

In the course of conducting our business, we may monitor employee activities and our premises and property. For example, some of our locations are equipped with surveillance cameras. These cameras are generally in high risk areas or plant sites. Where in use, surveillance cameras are there for the protection of employees and third parties, and to protect against theft, vandalism and damage to Carilex’s goods and property. Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority. Pursuant to our Acceptable Use of Computer Systems, Equipment, Infrastructure and Internet Systems Policy, we have the capability to monitor all employees' computer and e-mail use.

This section is not meant to suggest that all employees and affiliates will in fact be monitored or their actions subject to constant surveillance. We have no duty to so monitor. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information from employees and affiliates (e.g. through their use of our resources). When using Carilex equipment or resources employees and affiliates should not have any expectation of privacy with respect to their use of such equipment or resources.


Notification and Consent


Privacy laws do not generally require Carilex to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating your relationship. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

To the extent that your consent is required, we will assume, unless you advise us otherwise, that you have consented to Carilex collecting, using and disclosing your personal information for the purposes stated above (including any other purposes stated or reasonably implied at the time such personal information was provided to us).

Where your consent was required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer.


How is Your Personal Information Protected?


Carilex endeavors to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.


How Long is Your Personal Information Retained?


Except as otherwise permitted or required by applicable law or regulatory requirements, Carilex endeavors to retain your personal information only for as long as it believes is necessary to fulfill the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you.


Updating Your Personal Information


It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your relationship with us, please keep us informed of such changes.

In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.


Access to Your Personal Information


You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the office of our Privacy Officer using the contact information set out below. Please note that any such communication must be in writing.

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact the office of our Privacy Officer.

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.


International Data Transfers


We may transfer your personal data and/or sensitive personal data to recipients located outside of the EU, for example, when we store your data on servers that are located at our headquarter in Taiwan. In each case, Carilex shall take the necessary measures to ensure that all personal data and/or sensitive personal data transferred to recipients in countries outside of the EU receives an adequate level of protection as required by EU data protection law. Carilex has implemented appropriate international data transfer agreements based on the EU Standard Contractual Clauses.


Inquiries or Concerns?


If you have any questions about this Privacy Policy or concerns about how we manage your personal information, please contact the office of our Privacy Officer by telephone, in writing or by e-mail. We will endeavor to answer your questions and advise you of any steps taken to address the issues raised by you. If you are unsatisfied with our response, you may be entitled to make a written submission to the Privacy Commissioner applicable for your jurisdiction.


Privacy Officer


We have appointed a Privacy Officer to oversee compliance with this Privacy Policy. The contact information for our Privacy Officer is as follows:

+886-3-328-7882
privacyofficer@carilexmedical.com


Revisions to this Privacy Policy


Carilex may from time to time make changes to this Privacy Policy to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. We will communicate any revised version of this Privacy Policy. Any changes to this Privacy Policy will be effective from the time they are communicated, provided that any change that relates to why we collect, use or disclose your personal information will not apply to you, where your consent is required to such collection, use or disclosure, until we have obtained your consent to such change. This Privacy Policy was last reviewed January 1, 2018.


Interpretation of this Privacy Policy


Any interpretation associated with this Privacy Policy will be made by the Privacy Officer. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word 'including' is used, it shall mean 'including without limitation. This Privacy Policy does not create or confer upon any individual any rights, or impose upon Carilex any rights or obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to such individual's personal information. Should there be, in a specific case, any inconsistency between this Privacy Policy and such privacy laws, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.