RTI Surgical, Inc’s Web Privacy Policy and Transparency Disclosure Notice
RTI Surgical, Inc’s Web Privacy Policy and Transparency Disclosure Notice
General Information
RTI Surgical, Inc. and its subsidiary and affiliate entities (“RTI”) are committed to protecting the privacy and security of personal data in our custody.
RTI maintains a network of websites, including http://www.myrtix.com/ and http://mydonorservices.org (collectively referred to as the “Site”). RTI Surgical, Inc.’s Web Privacy Policy and Transparency Disclosure Notice (“Policy”) describes how RTI collects and uses personal data received through its Site and is provided as part of RTI’s compliance with the European General Data Protection Regulation (“GDPR”).
All references to “you” and “your” in this document refer to the individual whose personal data may be processed by RTI.
It is important that you read this notice so that you are aware of and understand how and why we are using such information and how your personal data is processed.
RTI is a data controller. This means that we are responsible for deciding how we hold personal data about you. Our Data Protection Officer or his/her designee oversees compliance with issues in relation to this notice. If you have any questions about this notice, require this notice in a different language, or have a request to exercise your legal rights as set forth in this notice, please contact our Data Protection Officer using the details set out below:
Data Protection Officer
RTI Surgical, Inc.
11621 Research Circle
Alachua, FL 32615
dpo@rtix.com
This notice may be updated from time to time. This version is dated May 25, 2018. Previous versions may be obtained by contacting our Data Protection Officer. By agreeing to this Policy and continuing to use the Site, you are consenting the use of your personal data as outlined in this Policy and representing that you are sixteen (16) years of age or older or have the consent of a parent/legal guardian processing of your personal data related to your use of this Site. You will also be asked to review and consent to this Policy prior to submission of the webforms noted below.
What Data We May Collect
General Browsing - when you visit our website, RTI collects information about you including:
- IP address
- Cookies
- Device information
- Log file
Some of this data may be “non-personally identifiable information,” meaning that standing alone it is insufficient to identify a specific individual. However, if combined with other personal information, it may be sufficient to identify an individual and will be treated as personal data for as long as it is combined.
Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the Site and to compile statistical reports on Site activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. You will still be able to use our Site with cookies disabled, however, some of our Site features may not function as a result.
The Site is intended for use by approved users only and contains webforms in which users may request access to restricted areas.
Personal data RTI collects from you to review a user request includes:
- Name
- Requested username for the platform
- Requested password for the platform
- Email address
- Company affiliation
- Job title
- Phone number
- Address
- Age (verification that you are over the age of sixteen)
Where We Might Collect Data
RTI might collect your personal data from various sources, including:
- You (e.g. by visiting our Site and/or filling out forms)
- Your company (e.g. in verifying your employment)
Purpose, Legal Basis, and Retention Period of Data Collected
General Browsing
Personal data collected for general browsing purposes is used to provide you a better experience in using our Site as well as for us to improve our Site design and services. The legal basis for this processing of your personal data is your consent. You are free to withdraw your consent by contacting our Data Protection Officer. RTI will not engage in further processing of your personal data after the point of revoking consent, however, returning to our Site would constitute renewed consent for collection of personal data related to general browsing.
User Requests
RTI provides some materials and/or communications forums on web-based platforms that are intended for approved users in furtherance of RTI’s business objectives. Personal data collected as part of user requests to access this restricted area is reviewed to confirm the individual is appropriate for admission to the restricted area. The legal basis for this processing of your personal data is that it is necessary to RTI’s legitimate business interest of ensuring only approved users have access to the restricted area. Additional information regarding collection and processing of personal data within the restricted area is outlined in the privacy statement available within the restricted area.
RTI does not use personal data collected from its Site for profiling or marketing. Automated decision-making processing of personal data is limited to cookies and other web browsing tools that allow us to provide you with a better and more personalized experience on the Site (i.e., detecting your general location and related language to present the site in the language we believe you are most likely to be fluent) and verification of credentials for approved users logging into the restricted area.
Personal data will only be used for the purpose(s) outlined above unless RTI reasonably considers that it needs to use it for another reason that is compatible with the original purpose. If you wish to determine if your personal information has been used for another purpose and, if applicable, receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer.
If RTI needs to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which would allow RTI to do so.
Please note that RTI may process your personal data without your knowledge or consent where such is required by law.
RTI only maintains personal data only as long as necessary to conduct the legitimate business purposes outlined above or as may be otherwise required by law. After this time, personal data is securely destroyed. For unapproved user requests, your personal data is securely destroyed within sixty days of the decision to deny your request. For approved user requests, your personal data submitted as part of this portion of the Site as well as other personal data submitted within the restricted area is maintained as outlined in the privacy statement available within the restricted area. RTI may continue to store anonymous or anonymized information, such as Site visits, without identifiers, in order to improve our Site design and services. If you want further details related to the period of time your personal data will be stored, please contact our Data Protection Officer.
Identities of Data Controllers and Data Security Measures
To protect your personal data, RTI ensures that access to your personal data is limited to individuals performing functions related to the legitimate business purpose for which it was collected. Additionally, individuals engaged in compliance, internal audit, or data protection and security functions on behalf of RTI may have access to your personal data. These individuals are usually RTI employees, however, on occasion RTI employees third parties for some of these functions. To protect your personal data, RTI requires that third parties with which it shares personal data contractually agree to the relevant privacy principles of this Policy or with relevant data protection principles called for under the GDPR or other relevant data protection laws based on the type of personal data shared.
Our Data Protection Officer can advise you on the identities of other parties or individuals with whom we have shared your personal data.
RTI has put into place appropriate security measures to prevent your personal data from being accidentally lost, used/accessed in an unauthorized way, altered, or disclosed.
RTI has put into place procedures to deal with any suspected data breach which exposes personal data and will notify you and any applicable data protection authority of a breach where we are legally required to do so.
Hyperlinks
RTI’s Site may contain links to websites operated by other entities. This Policy applies only to the websites outlined in the “General Information” section in which “Site” is defined. Privacy policies for any third party sites and services may differ from RTI’s Policy. Upon linking to a third party website, you should read and review their privacy policies to ensure protection of your personal data.
International Transfers
RTI’s has its headquarters in Alachua, Florida, USA. As such, personal data outlined above will be transferred outside of the European Economic Area (EEA). Such transfers would always be made in compliance with the requirements of the GDPR. If you would like further details on how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer.
Your Rights
If you have any questions about this privacy notice or about RTI’s use of your personal data, please contact our Data Protection Officer. Under certain conditions, you may have the right to require RTI to:
- Provide you with further details on the use RTI makes of your personal data
- Provide you with a copy of the personal data you have provided to RTI in a format that facilitates portability of your personal data
- Provide you with a copy of the personal data RTI has about you from other sources as well as the source from which RTI obtained this data, and if applicable, whether it came from a publicly accessible source(s)
- Update any inaccuracies in your personal data RTI holds
- Delete any personal data that RTI no longer has a lawful basis to hold or use
- Where processing is based on consent, withdraw your consent so that RTI stops that particular processing
- Object to any processing based on the legitimate interests ground unless RTI’s reasons for undertaking that processing outweigh any prejudice to your data protection rights
- Restrict how RTI uses your personal data while a complaint is being investigated
- Have RTI pass along to any entities with which it has shared your personal data your request to update inaccuracies, delete data, or restrict processing
In certain circumstances, RTI may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of a crime) and RTI’s interests (e.g., the maintenance of legal privilege).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, RTI may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternately, we may refuse to comply with your request in these circumstances.
RTI may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to an unauthorized person (i.e. someone who may be impersonating you).
RTI tries to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made multiple requests. In this situation, RTI will notify you and keep you updated as to a timeline for completion of your request.
For residents of the European Union, if you are not satisfied with RTI’s use of your personal data or RTI’s response to any request by you to exercise any of your rights, or if you suspect that RTI may have breached the requirements of the GDPR, then you have the right to lodge a complaint with a member state supervisory authority for data protection issues. You may locate the relevant data protection authority by consulting the European Commission’s online directory.
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
RTI would appreciate the opportunity to deal with your concerns directly before you approach a supervisory authority and respectfully request you contact us prior to engaging a data protection authority. Please direct communication to
Data Protection Officer
RTI Surgical, Inc.
11621 Research Circle
Alachua, FL 32615
dpo@rtix.com