Last updated: June 2021
Data Protection Laws and Regulations
Our legal basis for collecting and processing personal information is for legitimate business purposes, in accordance with applicable laws, based on our interest in helping individuals who may find benefit from Mainstay products and therapy. Mainstay will only share or transmit your personal information on a need-to-know basis to parties authorized to view and/or use it for appropriate purposes.
We only collect and use personal information where we have obtained the necessary consent and/or are in compliance with applicable laws and regulations, including but not limited to: (i) in the US, the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA); (ii) in Europe, the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR and PECR, and the German Bundesdatenschutzgesetz (BDSG); and (iii) in Australia, the Australian Privacy Principles. We reserve the right to access and disclose personal data to comply with applicable laws and government requests and requirements, to operate our systems properly, and to protect both ourselves and our users/visitors. In operating our Website, we may also share your information with contracted, third-party service providers and vendors to assist us in providing certain services and features on the Website. These may include our Mainstay subsidiaries and affiliates, and IT service providers. Only the minimum necessary data will be shared, and any such service providers with access to your data through the Website shall be subject to contractual obligations to ensure that your data is kept confidential and protected in accordance with applicable laws (under GDPR, this would include incorporating Standard Contractual Clauses for data protection when applicable).
Rules and guidance regarding personal data collected by Irish entities are available for review on www.dataprivacy.ie, the website of the Irish Data Protection Commissioner.
Under the GDPR in the European Economic Area, the data controller is Mainstay Medical Distribution Limited of 77 Sir John Rogersons Quay, Block C, Grand Canal Docklands, Dublin 2, D02T804 Dublin, Ireland.
In the UK, you have a right to file a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in the UK, the Information Commissioner’s Office can be contacted as follows:
Telephone: +44 0303 123 1113
Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
Collection and Protection of Your Data
Upon providing us with your contact information, you are consenting to us sending information primarily via email (or, if appropriate, US postal service mail) to those interested in Mainstay and its products. Some users who provide their phone number, at their own option, may receive information by phone. To ensure the privacy of our users and Website visitors, we will present a choice of how you may be contacted and also an ability to opt out of receiving these types of communications. Each webpage and feature will contain details of what you are agreeing to, how your information may be processed, and what information or communications you may receive from Mainstay.
Certain technical information while visiting our Website may be collected to improve your experience on the Website, making your website navigation easier and more convenient and, if applicable, provide you with information that may be of interest to you. This is explained in more detail below.
We will protect the privacy of user information through appropriate use of security and technology, including physical and technological safeguards to protect your information, and we will ensure that any third-party service providers are contracted to have sufficient security measures as well. These measures include limiting access to personal information only to employees and authorized service providers who need to know such information for the purposes described in this Privacy Notice. While we strive to always protect our Website and systems against unauthorized access, due to the inherent nature of the internet and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others (such as hackers).
Please know that the information you provide is completely voluntary and you have a choice on whether or not to disclose any information about yourself. Mainstay shall only use your information in accordance with this Policy, and in a manner consistent with applicable laws and regulations.
Other Company Websites
How We May Use Your Information
The Website provides webpages and features where you may learn more about Mainstay products, contact Mainstay, and/or request specific information, and in doing so, you can provide us with personal and technical information to allow us to interact with you. In most cases, we use the personal information collected from you for the following purposes:
• Criteria for Therapy. To provide general guidance on whether you may meet the initial criteria for therapy with Mainstay products (ReActiv8 implantable neurostimulation system), in response to your completion a general questionnaire.
• Provider/Hospital Locator. If you are interested, to help you connect with the nearest hospital, clinician, or consultant, which you can search for on the Website.
• Compliance with Law. To comply with applicable laws and regulations in your country, including when requested by law enforcement, government authorities, or regulatory agencies, or when we determine that a disclosure of information is necessary and appropriate under the circumstances.
• Your Questions/Requests. For the specific purposes you have requested from us, including answering questions or providing additional information about Mainstay products.
• Health Data. To share or disclose special categories of information such as health data (we will only process such information with your explicit consent in advance).
• Mainstay Operations. To share with our affiliates (including related organizations) to provide Mainstay products and services. This may include companies that are contractually engaged by us, such as software hosting, data storage and processing, order fulfillment, and email management. These companies are obligated by contract to safeguard any personal information they receive from us (or directly from you).
• Product Information/Promotion. To marketing companies and similar organizations with whom Mainstay has partnered, to provide you with product and service news updates, offers, proposals, and educational information (to the extent permitted by the applicable data and privacy laws in your country).
• Product/Technical Updates. To provide important or necessary product or service updates, including potentially technical updates, bulletins, and notices, product recall or field actions, important check-ins and status checks for new product users, and other communications relevant to your beneficial use of Mainstay products.
By providing us with your contact information, you are consenting to us sending information to you (primarily via email, but possibly through other methods if convenient and appropriate) pursuant to your request and to meet your interest in Mainstay products. (Some users who provide their phone number at their own option, may receive information by phone.) To ensure the privacy of our users and Website visitors, we will present a choice of how you may be contacted and also an ability to opt out of receiving these types of communications. Each webpage and feature will provide details of what information may be processed, and what information or communications you may receive from Mainstay (or other affiliated companies).
De-identified or Aggregated Information
In certain cases, we may redact or delete information from your personal information to make it non-identifiable or tabulate/combine de-identified information into aggregated form; we may use such de-identified and/or aggregate data (which is anonymous and cannot identify you) for all legitimate business purposes, such as research and development, product improvements, publications and documents, business operations and process improvements, and marketing purposes.
We may also share de-identified or aggregated demographic information about you and other visitors with outside parties, such as our business partners, national associations, and other contracted parties. Such aggregate or anonymous information does not consist of personal or identifiable information (and is not considered “Protected Health Information” (PHI) under HIPAA, or personal data under GDPR), and cannot be used to identify or locate you individually in any way.
• Technical information, including your IP address, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times and download errors.
• Information about your visit, including how you were directed to our Website.
• Length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse movements) and methods used to browse away from the page.
Among the different types, we may use session cookies (which expire after you close your web browser), persistent cookies (which stay on your computer until you delete them), or other automatic data collection technologies. Cookies allow us to collect technical information such as browser type, time spent viewing our Website, webpages visited, language preferences, and other anonymous web traffic data and statistical information. We and our service providers also use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. Cookies further allow us to select which of our promotional content or offers are most likely to appeal to you, and we may display them while you navigate our Website. Some of the information we gather through cookies may be considered personal information in that we may view your online activities over time and across third-party websites (sometimes referred to as behavioral tracking).
If you do not want information collected through such cookies, you may opt out or decline to accept our cookies policy (you may also erase cookies from particular websites through your browser settings). There are some limited types of essential cookies that are required for appropriate Website operations on your device or computer, which cannot be declined. Also, if you do not accept cookies, it is possible that you may experience some inconvenience when using our Website in terms of design, efficiency, and your individual preferences. (Separately, although we would like to honor web browsers set with a “Do Not Track” signal, our Website currently does not respond to such a signal.)
If you wish to remove your information from our database so as not to receive future communications from us, you can opt out by making a specific request on our Contact Us webpage. (Should you wish to correct or update any information you have previously provided, please use the same form.) In most cases, all communications sent to you (in particular email communications) will also contain an opt-out feature towards the bottom of the message. You may use that link to also express your preference to stop receiving that type of communication.
Information Storage & Transmission
All information you provide to us is stored on secure servers and/or secure cloud storage systems through contracted information companies/vendors. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note that the transmission of information via the internet is not always completely secure. For example, we cannot guarantee the security of your data transmitted from your computer or device to our Website. Once we have received your information, we will use all reasonable security measures and procedures to prevent unauthorized access, and take all steps reasonably necessary to ensure your data is protected in accordance with this Policy.
If you are aged 18 or under, please obtain your parent’s/guardian’s permission before you provide any personal information to us through this Website. Users without this consent are not allowed to provide us with personal information.
Mainstay complies with its labeling and regulatory approvals in all applicable countries and territories, and will only market and promote our products to approved patient groups. Under no circumstances, however, will Mainstay knowingly market, promote, or recommend any products or services to any persons under the age of 13, nor will we knowingly collect any personal information from persons under 13. If you are under the age of 13, please immediately stop using this Website and speak to your parent or guardian about obtaining information regarding Mainstay products and services.
Time Period for Keeping Data
Your personal information will only be stored for as long as necessary for the purposes they were collected, and only to the extent permitted by applicable laws. When we no longer need to use your information, we will remove it from our systems and records. (Aggregated or de-identified data which cannot be used to identify you in any way, may be kept indefinitely.)
Notification of Changes
Your Data Rights
You have various rights in connection with our processing of your personal information. Your data rights include the following:
• Access. You have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form.
• Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
• Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
• Restriction. You have the right to restrict our processing of your personal information where you believe such data is inaccurate, the processing is unlawful, or that we no longer need to process such data for a particular purpose. Where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it, we will mark stored personal information to limit its processing for particular purposes in accordance with your request (or otherwise restrict its processing).
• Objection. Even when there is legal justification for the processing of your personal information, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue processing the data because of a legal claim.
• Withdrawing Consent. Where we process certain personal information on the basis of your consent, you have the right to withdraw your consent.
If you wish to exercise one or more of the above rights, please go to our “Contact Us” webpage, and include your name, email and postal address, as well as your specific request and any other information we may need in order to provide or otherwise process your request.
How to Contact Us
If you have any questions about this Privacy Notice and/or about the privacy policies and practices of our service providers, please contact us through our Contact Us webpage, or by mailing a letter to:
Attention: Privacy Officer, Legal Department
Mainstay Medical International plc
77 Sir John Rogersons Quay, Block C
Grand Canal Docklands, Dublin 2, D02T804, Dublin, Ireland