Data Privacy Notice
Hollister Incorporated and its subsidiaries around the world, including the Dansac-brand entity that acts as controller as identified in the section Data Controller and Contact Information below (such entity referred to as “Hollister”, "we", "our" and "us"), is committed to protecting and safeguarding the privacy of our associates, end-users, customers, and other business partners. We comply with the EU General Data Protection Legislation and national applicable laws in the countries where we are located. As such, we only collect personal data when it is either required for your desired purpose, we are obligated to do so due to legal regulations or contracts, we have a legitimate business interest, or you have voluntarily provided your consent. This notice provides information about how we process personal data that may be provided to us by you, in particular in connection with use of this website (and all of its related subsites) (“Website”) or when you interact with us directly, such as by calling or emailing us.
This Privacy Notice describes:
As of May 25, 2018, a new privacy law is in effect in the European Union (EU) called the General Data Protection Regulation (GDPR). The GDPR expands privacy rights granted to individuals in the EU. Hollister has taken many steps to comply with the GDPR. We have updated many of our policies, procedures, and practices, and will continue to asses our business and customers in our effort to ensure we are using and protecting your personal data as required and expected under the GDPR and by our customers and partners. We are committed to transparency and to ensuring that you understand what personal data we collect and for what purpose, as well as what your rights are with respect to your personal data.
Under the GDPR, personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The responsible data controller (meaning the person who determines the purpose for which your personal data is processed) for any personal data collected and processed in connection with the use of this Website is Hollister Limited.
If you have any questions, comments, or concerns about or in connection with this Privacy Notice, or would like to make a complaint about our handling of your personal data or exercise any of your rights regarding your personal data (see section “Your rights” below), please contact us by using one of the following methods:
To contact Hollister Limited directly:
Data Officer
Building 1010
Winnersh Triangle Business Park
Eskdale Road
Winnersh
Wokingham
RG41 5TS
England
01189 89 5000
Data.Officer@Dansac.com
To contact our Chief Data Protection Counsel:
2000 Hollister Drive, Libertyville, Illinois, USA, 60048
1-847-680-2800
privacy@hollister.com
Hollister collects personal data directly from you when you voluntary provide such information for a particular purpose, for example, when you order product samples, send an inquiry or request advice on the utilisation or choice of a product or service. We also collect personal data about you from third parties such as your healthcare professional so that we can provide you with service, advice or product assistance.
Hollister does not seek to collect or request personal data from children under the age of 16. Consent to provide us with personal data of a child under the age of 16 must be provided to us by the parent or legal guardian of that child.
Unless as described in this policy, Hollister will not pass on, sell or lease your personal data to third parties. We process your personal data for other purposes than set forth in this Privacy Notice only if we are obligated to do so on the basis of legal requirements (e.g., transfer to courts or criminal prosecution authorities), if you have consented to the respective processing, or if the processing is otherwise lawful under applicable law. If processing for another purpose takes place, we will provide you with additional information in accordance with the requirements of applicable law.
You may choose not to provide certain types of personal data to us, unless the provision of that personal data is required for the purpose for which it is being collected (for example, performance of a contract you conclude with us or as necessary to respond to an inquiry received from you). However, if you choose not to provide certain types of personal data, our ability to provide you with the products or services you have requested, and your ability to make use of the Website or its features and services, may be affected.
We may process your personal data in the following situations:
- To allow you to use our Website.
Purposes of the Processing: when you visit the Website, Hollister collects the below listed personal data for administration, operation, maintenance (including maintenance of security), and improvement of the Website. These data are stored for the purpose of compiling statistical information (such as visitor numbers, page clicks, download numbers, number of video views) about the use of this Website. See also “Information about cookies and other technology” below for more information on the technology Hollister uses.
Categories of personal data processed:
- Internet Protocol (IP) address, operating system, browser type, browser version, browser configuration, name of internet service provider, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
- Uniform Resource Locator (URL) and IP address of the website from which you accessed, or were directed to, our Website, including date and time;
- Subpages visited while on our Website, links followed on the Website, including date, time, and duration;
- The full URL click stream to, through and from the Website, including date and time.
Legal basis for the processing: our legitimate interests ((Art. 6 (1) (f) GDPR)) of providing the Website and the Website services you requested, ensuring proper functioning of the Website, and improving the content of the Website and the user experience.
- Analytics and customer research.
Purposes of the Processing: when you visit the Website, Hollister collects the below listed personal data for performance of analytics and conducting customer research related to the use of the Website, including general market research or surveying our customers' needs and opinions on specific issues, generating traffic patterns, and analyzing advertising effectiveness, both on an anonymous basis (e.g., by aggregating data) or on an individual basis in order to tailor our Website and our services and products to the needs of our customers.
Categories of personal data processed (including by use of cookies):
- IP address, operating system, browser type, browser version, browser configuration, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
- URL and IP address of the website from which you accessed, or were directed to, our Website, including date and time;
- Subpages visited while on our Website, links followed on the Website, including date, time, and duration;
- Search terms entered;
- Services/products viewed or searched for on the Website;
- Consents, authorizations, etc. granted;
- User profile information (for registered users);
- Survey answers, reviews, ratings and other types of feedback provided.
Legal basis for the processing: our legitimate interests ((Art. 6 (1) (f) GDPR)) of using web analytics to determine and enhance the effectiveness of our advertising and to improve the website user experience, and your consent as requested in specific circumstances.
- To provide you with product samples.
Purposes of the Processing: To provide you with samples of our products if requested by you through forms provided in sections of this Website and/or in other contexts, such as when calling customer service or attending an event. This service may also include advice and/or recommendations regarding our products and services, including follow-up calls to see how the samples worked for you. We also use your personal data in this context for market analysis purposes.
Categories of personal data processed: name, address, email and/or telephone number, and if you are an end-user, information about your health, including your medical condition which results in your use of a Dansac product.
Legal basis for the processing: If you are an end-user, we use the personal data you provide in this context based on your consent and in connection with our performance of a contract (Art. 6 (1) (b) GDPR). If you are not an end-user, we use the personal data you provide in this context based on your consent or in connection with our performance of a contract (Art. 6 (1) (b) GDPR) and/or our legitimate business interest ((Art. 6 (1) (f) GDPR)) of marketing and selling our products and services.
- To respond to your requests regarding our products and services.
Purposes of the Processing: To respond to your questions, requests and inquiries regarding our products and/or services made through forms provided in sections of this Website and/or in other contexts, such as when calling customer service or attending an event.
Categories of personal data processed: name, address, email and/or telephone number, content of any communication sent through the Website (e.g., by sending questions, inquiries, and requests via the Website’s contact form), and if you are an end-user, information about your health, including your medical condition which results in your interest in a Dansac product.
Legal basis for the processing: if you provide us with health-related personal data, we use the personal data you provide in this context based on your consent. If you do not provide us with health-related personal data, we use the personal data you provide in this context in connection with your consent or our legitimate business interest ((Art. 6 (1) (f) GDPR)) to respond to your questions, requests and inquiries.
- To provide you with information about our products and services (direct marketing).
Purposes of the Processing: To communicate with you about products and services that may be of interest to you performed through traditional mail, email, and newsletter channels, including periodically sending promotional materials on products, services, and promotions of Dansac products (direct marketing) as requested by you through forms provided in sections of this Website and/or in other contexts, such as when calling customer service or attending an event.
At any time, you can decide to stop receiving this type of communication by contacting us as provided here.
Categories of personal data processed: name, address, email address, and telephone and mobile phone number. If you are an end-user of our products, we will also collect and process information about your health, including your medical condition which results in your use of a Dansac product.
Legal basis for the processing: We process your personal data in this context according to your consent.
- To request that you provide us with information about yourself, or about our products and services.
Purposes of the Processing: To contact you to ask you questions about our products and/or services, including for participation in surveys, product or service evaluations, and/or clinical trial activities as permitted by you through forms provided in sections of this Website and/or in other contexts, such as when calling customer service or attending an event. Depending on the individual case, we may also ask you to share your experiences, including personal stories and case studies. The information you share will be used for the following purposes: product design and development, internal and external marketing, and training/education.
Categories of personal data processed: name, address, email address, telephone and mobile phone number, information that you enter on, or upload to, the Website (e.g., content that you fill into an online form, a photo that you upload), and consents, authorizations, etc. granted. Personal data may also include information about your background, health and medical history, and experiences with our and other medical products.
Legal basis for the processing: we process your personal data in this context according to your explicit consent if you provide us with health or medical information, or in the context of performance of a contract (established or pending) and/or our legitimate interest ((Art. 6 (1) (f) GDPR)) of evaluating and improving our products and services if you do not provide us with health or medical information.
- To identify potential business opportunities.
Purposes of the Processing: to evaluate and perform certain business opportunities, including new product development ideas and potential business, product, or service acquisitions as identified by you through forms provided in sections of this Website and/or in other contexts such as by contacting us directly.
Categories of personal data processed: name, address, email address, telephone and mobile phone number, content of any communication sent through the Website (e.g., by filling out a contact or suggestion form).
Legal basis for the processing: we use the personal data you provide in this context in connection with our performance of a contract and/or our legitimate business interest ((Art. 6 (1) (f) GDPR)) of product research and development.
- When you apply for a position within Hollister.
Purposes of the Processing: To determine your suitability for the position you are applying for as part of the application process based on the application provided by you through forms provided in sections of this Website and/or in other contexts, such as by participating in a career fair or responding to a job advertisement. We also collect your personal data for this purpose from our various recruitment agencies with whom we partner to fill employment positions. Your decision to provide us with any personal information in this context is voluntarily; however, if you do not provide certain information, we may not be able to process your application or other requests you may have with respect to your potential employment with Hollister. The information you provide to us will be used to contact you to provide you information about job positions and market news about Hollister and in the event you apply for a position, to process your application. When applying for a position, you will have the opportunity to specify whether you want the information you provide to be shared with Hollister recruiters worldwide, only Hollister recruiters in your country of residence, or only Hollister recruiters managing the specific positions to which you apply.
Categories of personal data processed: email, password, name, phone number, address, current job information, professional certifications, prior job history and experience, language proficiency, mobility, employee referral information, prior applications with Hollister, legal restrictions to possible employment, relatives who are currently employed with Hollister, gender, race, and ethnicity.
Legal basis for the processing: We process your personal data in this context as necessary to determine whether an employment contract will be entered into (Art. 6 (1) (b) GDPR and the corresponding provisions in local data protection law relating to the (pre-)employment relationship) and to pursue the legitimate interests (pursuant to Art. 6 (1) (f) GDPR) in protecting the legal interests of Hollister (e.g., as required to defend against legal claims or to take precautions against liability).
- To comply with applicable laws and to establish, exercise and/or defend legal claims.
Purposes of the Processing: in some cases we are required to process personal data in compliance with legal obligations, prevention of unlawful uses of the Website, resolving disputes, protection of our property rights, enforcement of our agreements and to establish, exercise and defend legal claims. For example, if you are a health care professional who has received compensation for services from us, we may be required to process your personal data in connection with various Sunshine Act disclosure obligations. If you have lodged a complaint regarding any of our products, we process your personal data if and to the extent required in connection with applicable reporting requirements.
Categories of personal data processed:
- IP address, operating system, browser type, browser version, browser configuration, name of internet service provider, and other types of computer and connection related information relevant to identifying your type of device, connecting to the Website, enabling data exchange with you and your device, and ensuring a convenient use of the Website;
- Subpages visited while on our Website, links followed on the Website, including date, time and duration;
- The full URL click stream to, through and from the Website, including date and time
- Name, title and address;
- Hospital affiliation and amounts paid to you by us;
- Personal contact information (phone, email, fax, etc.);
- Health information and experience with our product(s);
- Requests for information and sample products placed.
Legal basis for the processing: we use the personal data you provide in this context in connection with our legitimate interest (Art. 6 (1) (f) GDPR) in protecting our business and property (including to establish, exercise or defend legal claims), and to comply with a legal obligation (Art. 6 (1) (c) GDPR). We also process your personal data in this context according to your consent.
- To Conduct Clinical trial.
Purposes of the processing: Hollister will only collect adequate, relevant and limited personal data for the purposes to conduct a clinical trial, more precisely in order to obtain an assessment of its new system. This will help us to understand your experience when using it.
Categories of personal data processed:
- Your name, contact details including postal address
- Study ID which is linked to person's name or email address
- Month and year of birth (approximate age)
- Gender, height, weight
- as well as information on your medical history, and clinical data collected about your participation in the clinical trial.
Legal basis for the processing: We process your personal data in this context according to your consent.
Any access to your personal data at Hollister is restricted to those individuals who have a need to know it in order to fulfill their job responsibilities.
We transfer your personal data to the following categories of recipients for the respective purposes listed below:
- To other entities within the Hollister group of companies, including in particular to Hollister Incorporated (2000 Hollister Drive, Libertyville, Illinois 60048). Such entities may be located in another country for which the European Commission has not issued a decision that this country ensures an adequate level of data protection, namely: the United States or the locations of non-EEA Hollister group companies. We transfer your personal data to these recipients for the legitimate interests of Hollister (pursuant to Art. 6 (1) (f) GDPR) to facilitate global operations in connection with the systems and services that the Hollister group of companies share, such as access to network servers, IT systems, and interdepartmental staff. A list of such companies can be found here.
- Third party service providers who process data on our behalf as necessary for the provision of products and services, including our IT service providers, such as salesforce.com and SAP, for the purpose of administering the software on which our systems and network operate; shipping, parcel delivery services or freight forwarders for the purpose of delivering products and other materials which you have ordered; specialists who may execute product evaluations and/or clinical studies on our behalf; and financial institutions. Our third party service providers and partners are contractually obligated to process such data on behalf of Hollister under appropriate instructions as necessary for the respective processing purposes and to appropriately protect your personal data. They may not otherwise process or share your personal data, except as permitted by law.
- Governmental authorities, courts, external advisors, and similar third parties as required or permitted by applicable law if we have reason to believe that disclosing personal data is necessary to identify, contact, or bring legal action against someone who may be causing fraud or injury to or interference with (either intentionally or unintentionally) our rights or property, other Website users or anyone else who could be harmed by such activities. We also disclose personal information in response to a subpoena, warrant or other court or administrative order, or when we believe in good faith that a law, regulation, subpoena, warrant or other court or administrative order requires – or authorizes us to do so – or to respond to an emergency situation. The legal basis for such data transfers are our legitimate interests identified above (pursuant to Art. 6 (1) (f) GDPR) and to comply with legal obligations (pursuant to Art. 6 (1) (c) GDPR).
- Our professional advisors, including our auditors, accountants, and lawyers, if and to the extent necessary, for the purposes of completing or auditing our financial and reporting obligations, or for establishing, exercising, and/or defending legal claims.
In all cases, we limit the personal data which is provided to these third parties to only that which is necessary and as otherwise restricted by application of the GDPR and other relevant local law.
Some of the recipients of your personal data will be located or have relevant operations outside of your country and the EEA, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Art. 46 (5) GDPR or other adequate means, which may be requested via the contact details below, we will implement appropriate measures to ensure that all other recipients located outside the EEA will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
Your personal data is stored by Hollister and/or our service providers to the extent necessary for the performance of our obligations and for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws and our robust internal data retention schedules. When Hollister no longer needs to process your personal data, we will delete it from our systems and/or records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your personal data to comply with legal or regulatory obligations to which Hollister is subject.
Personal data will in principle be retained for as long as you accept communications from us. However, we will retain your relevant personal data for a longer period of time if Hollister is allowed to send you marketing materials. Also, we typically erase contracts, communications, and business letters containing personal data, or we redact personal data from such documents, 10 years after their termination or creation, as such data may be subject to statutory retention requirements, which often require retention of up to 10 years. In addition, if a judicial or disciplinary action is initiated, the personal data will be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.
Further specific information on retention periods are provided above in the sub-sections of the section "Processing your personal data".
If you have provided your consent for any personal data processing activities, you may withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
Pursuant to applicable data protection law, you may also have the following statutory rights, which you can exercise by contacting us as specified above, subject to the conditions set forth in applicable law:
- Right of access: You have the right to obtain from us confirmation as to whether or not your personal data is being processed, and, where that is the case, to request access to the personal data. This right of access includes, inter alia, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You also have the right to receive a copy of your personal data which we process about you. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectification: You have the right to have your personal data corrected where it is incomplete or inaccurate. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): You have the right to ask us to delete your personal data, including (i) where your personal data is no longer necessary for the purpose(s) for which it was processed; (ii) if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal data; (iii) if you object to the use of your personal data (as set out below); (iv) if we have used your personal data unlawfully; or (v) if your personal data needs to be erased to comply with a legal obligation.
- Right to restriction of processing: You have the right to restrict our processing of your personal data in certain circumstances, such as (i) where you think your personal data is inaccurate and only for such period to enable us to verify the accuracy of your personal data; (ii) the use of your personal data is unlawful and you oppose the erasure of your personal data and request that it is suspended instead; (iii) we no longer need your personal data but your personal data is required by you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the use of your personal data and for such period to enable us to verify whether our grounds for the use of your personal data override your objection.
- Right to data portability: You have the right to obtain your personal data in a structured, commonly used and machine-readable format, and for it to be transferred to another organization where it is technically feasible. The right only applies where the use of your personal data is based on your consent or for the performance of a contract, and when the use of your personal data is carried out by automated means.
- Right to object: You have the right to object on grounds relating to your particular situation, or where personal data are processed for direct marketing purposes at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
To exercise these rights, please contact Hollister as provided above. Please be aware that Hollister will not be able to honor your request if an applicable law restricts us from doing so.
You also have the right to lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence.
When you use the Website, we send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits of our website. Your web browser may provide you with some options regarding cookies. Please note that if you delete, or choose not to accept, cookies, you may not be able to utilize the features of the services provided via the Website to their fullest potential. We use third party cookies in connection with the services provided via the Website as well. For instance, we use Google Analytics to collect and process certain analytics data. We do not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Website or use the services provided via our Website.
We use cookies and automatically collected information to: (i) personalize our Website and the services provided via our Website, such as remembering your information so that you will not have to re-enter it during your use of, or the next time you use, our Website and the services provided via our Website; (ii) provide customized advertisements, content, and information on the basis of profiling; (iii) monitor and analyze the effectiveness of our Website and the services provided via our Website and third-party marketing activities on the basis of profiling; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities offered through our Website and the services provided via our Website (profiling). Tracking technology (profiling) also helps us manage and improve the usability of the Website, (i) detecting whether there has been any contact between your computer and us in the past and (ii) to identify the most popular sections of the Website.
Social Media Networks. Third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from the Website and elsewhere on the internet and use that information to provide measurement services and target ads. Your interactions with these features are governed by the privacy policy of the organization providing it. For example, if you create or log into your account through a third party social networking site, we may have access to certain information from that site, such as your name, account information and friends, in accordance with the authorization procedures determined by such third-party social networking site. You may have a right to opt-out of the collection and use of information for ad targeting. Residents of the EU can exercise such choice at http://www.youronlinechoices.eu.
Applicability and changes to this Privacy Notice
This policy applies only to our practices, procedures, and services. Our Website may include links to other websites and online services that are operated by other companies not under our control or direction. If you provide or submit personal information to those websites or online services, the privacy policies on those websites or online services apply to your personal information. We encourage you to carefully read the privacy policy of any website you visit.
We may revise this Privacy Notice at any time by modifying this page. You should check this policy from time to time to be informed of any changes, as they are binding on you. This policy has last been updated in April 2019.