Privacy Notice

We process personal data which are collected directly from you as well as personal data which are collected via use of cookies or other similar technologies. For more information on how we use cookies and other similar technologies, please see our Cookie Policy.

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for our processing your personal data, which in our context generally means one of the following legal bases.

Performance of a contract – the processing is necessary in order for us to provide you with our services or otherwise perform a contract between us (this applies if you conduct your business in a sole proprietorship), or to take steps at your request prior to entering into a contract.

If you are acting on behalf of someone else, e.g., in the capacity of representative of a company (which usually is the case), our processing is carried out with reference to our legitimate interest balanced against your interests or fundamental rights or freedoms, where our legitimate interest is to conclude and perform the contract with the company you represent.

Performance of legal obligations – the processing is necessary in order to fulfil our legal obligations according to law or other statutes that we are subject to, or if we are subject to orders or decisions by courts or authorities, which require us to process your personal data.

Legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that they are not overridden by your interests or fundamental rights or freedoms (in which case the processing would not be allowed).

Consent – the processing is carried out with your prior consent, where we inter alia are responsible for clearly informing you of what processing you consent to and your right to withdraw your consent in relation to our continued processing. 

Below, we explain more about the categories of personal data we process, for what purposes we process them and what legal bases we rely on when processing your personal data, including for how long we store your personal data.

What we do and why:

In order to maintain, facilitate and improve the functions and user experience of our websites, as well as support our work on detecting and counteracting flaws, breaches and incidents, we will collect statistics and perform analysis of visitor traffic on our websites, as well as perform analysis of other technical information which is generated upon visiting our websites.

We will use your personal data to personalise your experience when interacting with us through our websites.

We will monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms.

We will prepare and perform management reporting and analysis, including analytics and metrics.

The personal data that we process:

• IP-address
• Other technical information which is generated upon visiting our websites, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our websites and other information on web traffic).

Our legal basis for processing:

Legitimate interest and consent, wherein our legitimate interest is to gather information in order to maintain, facilitate and improve the functionality and security on our websites.

Gathering of information through use of cookies or other similar technologies is done on the basis of your consent, except such use which is strictly necessary to the foundational functions of our websites. For more information on how we use cookies and other similar technologies, please see our Cookie Policy. 

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates
• Authorities (if we are legally obliged to)
• Providers of analytic tools (Google Analytics, Facebook pixel, etc.)

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.
• Providers of analytic tools (Google Analytics, Facebook pixel, etc.), located in the United States.

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We process and keep information on how visitors interact with our websites for a period of maximum six (6) months. In most cases, the collected data will be transformed into aggregated data (thus anonymised) at an earlier stage, in connection to us creating statistics.

What we do and why:

We will process your personal data to provide our online events and activities, including webinars, e-learnings and other events and activities available for you to participate in via our websites.

This means that we will ask you to fill in your personal data to be able to participate in our online events or activities. Some of our online events and activities are strictly targeted to health care professionals and we may therefore ask you about your professional information. 

The personal data that we process:

• Name (including prefix or title)
• Pseudonym
• Preferred language
• Age or date of birth
• Gender
• Professional information and experience (including your qualifications, areas of expertise, place of practice)
• IP-address

Other technical information which is generated upon visiting our websites, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our websites and other information on web traffic).

Our legal basis for processing:

Legitimate interest, where our legitimate interest is to know who we provide online events and activities as well as restrict access for events and activities which are targeted strictly to health care professionals.

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We process and keep information as long as we provide our online events and activities with you, but no longer than six (6) months after the last time you participated in one of our online events or activities.

What we do and why:

If you are contacting our customer service through our website questionaries, we will process your personal data to be able to respond to your queries and handle your request.

This includes situations when you contact us through our website to report adverse events and product enquiries.  

The personal data that we process:

• Name (including prefix or title)
• Pseudonym
• Preferred language
• Age or date of birth
• Gender
• Health information (including your health status, health problems and health information inferred from the information you have provided to us)
• IP-address
• Other technical information which is generated upon visiting our websites, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our websites and other information on web traffic).

Our legal basis for processing:

Legitimate interest, where our legitimate interest is to be able to respond and handle such request we receive through our website and to monitor the safety of our products and services.

Our legal basis for processing special categories of personal data:

We will process your health information to the extent you share personal data relating to health within your customer service reports, e.g., if you report adverse events to us.

We process your health information based on your consent. We will only respond and handle requests if you have given your consent. With your consent, we will monitor the safety of our products, respond to your queries and provide you with information relating to our products when you request it or inform us regarding adverse events.

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates
• Authorities (if we are legally obliged to)

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We process your personal data as long as your request is still unanswered or as long as our communication is ongoing, however, no longer than six (6) months after the last communication has ceased. You may withdraw your consent by contacting us through privacy@molnlycke.com or the contact details you find here.

 

What we do and why:

We will process your personal data to respond to your queries and provide you with information when you request it or when we believe our products and services may be of interest to you.

We may also invite you to provide feedback, participate in research, surveys or attend Mölnlycke events.

To be able to do this we will perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.

For example, we may use certain personal information about your activities on our websites, such as pages visited and key words entered, to help determine which of our ads may be of interest to you.

We may use personal information about your relationship with us (such as types of accounts, transactional information or your country of residence) to help determine which advertisements or offers to present to you. We also utilize custom audience features available for targeted advertising within social media platforms.

The personal data that we process:

• Name (including prefix or title)
• Pseudonym
• Preferred language
• Age or date of birth
• Gender
• Professional information and experience (including your qualifications, areas of expertise, place of practice)
• Address
• Telephone number
• E- mail address
• Profiles on social media, e.g., LinkedIn, Facebook, Twitter and Instagram
• IP-address
• Other technical information which is generated upon visiting our websites, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our websites and other information on web traffic).

Our legal basis for processing:

Consent, we will ask for your consent to provide direct marketing messages to you. You may withdraw your consent anytime. You will only receive marketing messages if you have agreed to this through our opt-in procedure.

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates
• Providers of analytic tools (Google Analytics, Facebook pixel, etc.)

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.
• Providers of analytic tools (Google Analytics, Facebook pixel, etc.), located in the United States

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We will only maintain personal data if you have given your explicit consent to it, however no longer than six (6) months. You may withdraw your consent by contacting us through privacy@molnlycke.com or the contact details you find here.

 

What we do and why:

We will process your personal data to  contact and communicate with you for the purposes of creating, maintaining and developing our business relationship with you or the company you represent.

This includes that we may contact you or the company you represent to plan engagements with sales representatives or professional affairs liaisons and communication via e-mail about our business, services and our current activities.

We will also keep records related to our relationship with health care professionals.

The personal data that we process:

• Name (including prefix or title)
• Pseudonym
• Preferred language
• Age or date of birth
• Gender
• Address
• Telephone number
• E- mail address
• Profiles on social media, e.g., LinkedIn, Facebook, Twitter and Instagram
• Professional information and experience (including your qualifications, areas of expertise, place of practice)
• IP-address
• Other technical information which is generated upon visiting our websites, such as what type of device is used, web browser used, history of visited sites including the time entry (information from used web browser, time zone of the place from which you visited our websites and other information on web traffic).

Our legal basis for processing:

Legitimate interest, where our legitimate interest is to maintain and develop our business relationship with you or the company you represent.

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates
• Authorities (if we are legally obliged to)

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We process and keep your personal data as long as we have a business relationship with you or the company you represent, however for a maximum of three (3) years from the time we last were in contact because of our business relation.

What we do and why:

We will process your personal data to respond to communications sent by you via the contact form on our website.

This includes communication via e-mail about our business, our services and our ongoing activities.

The personal data that we process:

• First and last name.
• Contact information, such as e-mail address and telephone number.
• Information about the company or organisation you represent.
• Information that you otherwise provide us with in connection with us communicating with you, for example in the message you provide in our contact form.

Our legal basis for processing:

Legitimate interest, where our legitimate interest is to be able to communicate with you and respond to the messages you send to us when you contact us via the contact form on our website.

How we share and transfer your data:

We will share your personal data with the following recipients;

• Suppliers of IT-services
• Our Mölnlycke affiliates
• Authorities (if we are legally obliged to)

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the data to the following recipients;

• Our Mölnlycke affiliate, located in the United States.

You will find more information regarding how we transfer personal data to countries outside the EU/EEA in the 'Third country transfers' section below. You are also welcomed to contact us through our data protection officer by e-mail privacy@molnlycke.com or by using the contact us button below.

How long we keep your data:

We process your personal data as long as your request is still unanswered or as long as our communication is ongoing, but no longer than six (6) months after the last communication has ceased.

We use Google Analytics, Facebook pixel and similar tools that enable, among other things, the tracking of your activities when you use our websites. These tools will be used to improve the functions and user experience of our websites, as well as build a profile of your interests and show you relevant adverts on other websites. They are based on uniquely identifying your browser and internet device. For more information on how we use cookies and other similar technologies, please see our Cookie Policy. 

In addition to the processing purposes listed above, we may be required to process personal data for additional purposes. We may also be required to keep certain personal data for longer periods of time e.g., to be able to establish, exercise, and/or defend against legal claims. We will generally process such personal data for ten (10) years from creation or for the time necessary to fulfil the purpose in the relevant case. This processing of your personal data is based on our legitimate interest of establishing and/or defending legal claims. Additionally, we may also be required to process personal data to comply with legal obligations e.g., relating to bookkeeping or tax legislation, or if we are ordered to process personal data (including disclosing it) by a competent court or government authority.

We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorised access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.

We strive to always process your personal data within the EU/EEA. However, if a third country transfer is described in the tables under section 4 above, we will transfer your personal data, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU/EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at this link.

You may access the European Commission’s standard contractual clauses at this link.

You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.

You have the right to, without undue delay, have incorrect personal data about you rectified. You may also have the right to have incomplete personal data completed.

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

You have a right to object to our processing of your personal data when it is based on our or another party’s legitimate interest. If you object, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms in order to be allowed to continue with our processing.

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

This privacy notice (the “Privacy Notice”) describes how Mölnlycke Health Care AB, reg. no 556547-5489, and the local Mölnlycke entity (“Mölnlycke”, “we”, “us” and “our”), process your personal data when you as a health care provider, practitioner or  professional, key opinion leader, expert, student or researcher in the medical field works or engages with Mölnlycke (“you” and ”your”).  This Privacy Notice also explains the rights you have over your personal data.

We are responsible for the processing of your personal data as described in the Privacy Notice in the capacity of data controller. If you would like to know more about our processing of your personal data, you are welcome to contact us through our data protection officer by e-mail at privacy@molnlycke.com.

It is important to us that you feel comfortable with how we process your personal data, and we therefore ask you to read through this Privacy Notice, which we may update from time to time. If we make changes to the Privacy Notice, the latest version will apply from the time it is published at https://www.molnlycke.com/privacy-center/.

We collect your personal data when we engage with you, e.g., when you:

• Send us a request or create an account or profile in our websites, mobile apps, portals and systems
• Report an adverse event
• Sign up with us to receive promotional material
• Engage with one of our sales representatives, professional affairs liaisons or call centres
• Get in touch for product support or to provide feedback
• Engage with us for product evaluation and development purposes
• Respond to any surveys that you are asked by us to participate in
• Conclude a contract with us
• Collaborate in a scientific project with us

We also collect personal data from public sources or specialised third parties to learn more about your professional qualifications, fields of expertise, publications or professional activities. The information is important for us to identify potential collaboration partners (e.g., for speaker engagements or studies) and to communicate and advise you according to your interests and preferences.

We only process your personal data to the extent permitted in accordance with applicable data protection legislation. This means inter alia that we need to have a legal basis for the purposes for processing your personal data.

Mölnlycke may process data concerning your health when you respond to our surveys on product safety and reliability (for post-market surveillance purposes), as such surveys may ask questions about your occupational health. When processing such special category personal data, we need to have an additional legal basis (also called an exemption) to use these types of personal data. Our additional legal basis to process special categories of your personal data is:

• The public interest in the area of public health to ensure high standards of quality and safety of medical devices

Below, we explain more about the categories of personal data we process, for what purposes we process them and for how long we store your personal data.

What we do and why: 

We process your personal data for the initiation and performance of con-tracts, in particular to execute and en-force the contractual terms and condi-tions that govern our business relation-ship with you, such as medical events, scientific publications, and advisory meetings, paying for defined or agreed upon services, reimbursing your ex-penses; and interactions with you relat-ing to such contracts. Such contract may be initiated with you or the organ-isation you are working for. We will also process your personal data to vali-date your professional credentials, as a part of initiating and managing our business relationship with you. 

The personal data that we process:

• Your contact information (e.g., name, title, address, gender, tel-ephone numbers, email address, place of work, etc.) and payment data (e.g., bank account, pay-ments)
• Professional information and ex-perience (such as your qualifica-tions, education, areas of exper-tise, place of practice and CV/resume)
• Information about your publica-tions, expertise, track record and recognition (which we also col-lect from publicly available sources and through third par-ties)
• Information about the perfor-mance of the contract (such as presentations, notes from meet-ings, study results) and our ex-perience from previous meetings and collaborations
  

Our legal basis for processing:

Legitimate interest; wherein our legitimate interest is to manage the professional relationship with you or the organisation that you work for.
Performance of a contract; when it is necessary to process your personal data as part of performing a contract between you and Mölnlycke, e.g., to pay you for services you provide.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are estab-lished in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.

What we do and why:

We collect and use your personal data to administer your  participation in projects where we ask you to evaluate and provide feedback on our products and services (this can e.g., be us asking you to test Mölnlycke’s surgical gloves and provide feedback to us regarding the glove’s performance).

The personal data that we process:

• Your contact information (e.g., name, title, address, telephone number, email address and place of work)
• Professional information and experience (such as your qualifications, education, areas of expertise, place of practice and CV/resume)
• Product feedback, which includes your feedback on the products’ performance in relation to your preferences (e.g., whether a surgical glove fits your needs)

Our legal basis for processing:

Legitimate interest; wherein our legitimate interest is to use your feedback for product development purposes, according to the project plan communicated to you prior to such project commences.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are established in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.

How long we keep your personal data:

We will keep your personal data during the course of the project, and after the project has ended, the collected data will be transformed into anonymised data. Such anonymous data cannot directly identify you as a person and may be processed by us for an indefinite period of time. For the sake of clarity, this anonymised data is not personal data.

What we do and why:

When you contact us, we will use your personal data to respond to your queries and provide you with information you have requested. We may also invite you to provide feedback, participate in surveys or attend events.

The personal data that we process:

• Your contact information (e.g., name, title, address, gender, telephone number, email address)
• Professional information and experience (such as your qualifications, education, areas of expertise, place of practice and CV/resume)
• Any further information you provide to us, e.g., in the process of your request or which is otherwise required to answer your request

Our legal basis for processing:

Legitimate interest; wherein our legitimate interest is to provide the requested information to you.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are established in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.

How long we keep your personal data:

We will keep your personal data for as long as your request is active and for a period of six (6) months after we have responded to the request.

What we do and why:

We may be required to process your personal data to comply with our regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety. As part of our obligations, we may use your personal data to:

• Investigate the adverse event or product complaint
• Contact you for further information about the adverse event or product complaint reported
• Collate the information about the adverse event or product complaint with information about other adverse events or product complaints received by us to analyse the safety of our products
• Provide mandatory reports to national or regulatory authorities so that they can analyse the safety of our products

The personal data that we process:

• Your contact information (e.g., name, title, address, telephone number, email address), details on your profession (e.g., job title, position, place of work)
• Any further information you provide to us, e.g., in the process of reporting an adverse event

Our legal basis for processing:

Legal obligation; wherein Mölnlycke is obliged by law to process information Mölnlycke receives on adverse events, quality complaints and/or other issues related to the safety and reliability of Mölnlycke’s products.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• National or regulatory health authorities
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are established in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.
Information provided as part of an adverse event report may be transferred to national or regulatory health authorities outside of the EU/EEA, as required by legislation and industry standards governing medical devices and/or clinical practice.

How long we keep your personal data:

We will keep your personal data for as long as required under applicable law, which is typically for as long as Mölnlycke markets the relevant product and for ten (10) years thereafter. All retention of personal data is in accordance with good clinical practice.

What we do and why:

Mölnlycke complies with the MedTech Europe Code of Ethical Business Practice and corresponding national laws, regulations or professional codes, which require us to e.g., conduct due diligence checks, evidence transactions and your financial interest in Mölnlycke, as well as ensure transparency of transfers of value, including sponsorships and donations, between you and Mölnlycke.

The personal data that we process:

•  Your contact information (e.g., name, title, address, telephone number, email address), details on your profession (e.g., job title, position, place of work)
• Information about the transaction(s) between you and Mölnlycke (including expenses and certain other financial information, e.g., amounts paid, or product samples provided to you)

Our legal basis for processing:

Legal obligation; Mölnlycke is required to process this personal data to comply with its legal obligations according to anti-corruption and transparency legislation.
Legitimate interest; wherein our legitimate interest is to comply with industry standards and guidelines on ethical conduct of business.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• National or regulatory authorities
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are established in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.
Information about transactions may be transferred to national or regulatory health authorities outside of the EU/EEA, as required by anti-corruption and transparency legislation and industry standards on ethical conduct of business.

How long we keep your personal data:

We will keep your personal data for as long as required under applicable laws or according to the applicable industry standard, which is typically for ten (10) years after the transaction was conducted or the relationship with Mölnlycke ended.

What we do and why:

• We may be required to process your personal data to comply with our regu-latory traceability obligations, includ-ing to identify recipients of product samples by documenting the distribu-tion of product samples to you

The personal data that we process:

Your contact information (e.g., name, email address and place of work).

Our legal basis for processing:

Legal obligation; wherein Mölnlycke is obliged by law to process information needed to ensure sample traceability in case of a recall, quality complaints and/or other issues related to the safety and reliability of Mölnlycke’s products.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• National or regulatory health authorities
• Other Mölnlycke affiliates

We will transfer your personal data to our Mölnlycke affiliates which are estab-lished in countries outside the EU/EEA, for the purpose of sharing information about you within our company group. Such countries outside EU/EEA include: USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea.
Information related to distributed product samples may be transferred to na-tional or regulatory health authorities outside of the EU/EEA, as required by legislation and industry standards governing medical devices and/or clinical practice.

How long we keep your personal data:

We will keep your personal data for as long as required under applicable law, which is typically for as long as Mölnlycke markets the relevant product and for ten (10) years thereafter. All retention of personal data is in accordance with good clinical practice.

 

What we do and why:

Mölnlycke provides a service called “Clinical learning hub”, which is a service that you separately can sign up for.
In “Clinical learning hub”, we process your personal data to administer your participation upon the setup of your account, create your personalised learning record, administer your learning completion certificate(s) and to remind you of your progress.

The personal data that we process:

• Your contact information (e.g., name, title, email address and place of work)
• Information about the trainings and content you view, select and attend on the “Clinical learning hub”-website and when/how often you log in
• Your training certificates for completed courses

Our legal basis for processing:

Legitimate interest; wherein our legitimate interest is to provide the “Clinical learning hub” to you according to your interests, behaviour as well as to improve “Clinical learning hub” by analysing and monitoring your use of the same.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• Other Mölnlycke affiliates

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the personal data to the following recipients;

• Our Mölnlycke affiliates established in USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea, for the purpose of sharing information about you within our company group
• Providers of analytic tools (Google Analytics, Meta pixel, etc.), located in the United States

How long we keep your personal data:

We will keep your personal data as long as you have an active account or until you have been inactive on such account for at least six (6) months. The collected data will be transformed into aggregated data (thus anonymised) after such period at the latest. Such aggregated, anonymous data cannot directly identify you as a person and may be processed by us for an indefinite period of time. For the sake of clarity, this aggregated data is not personal data.

What we do and why:

We contact and engage with you to inform you about our products and services, in particular when our sales representatives visit you or meet you at events (online or offline).

If you consent through our opt-in procedure, we will contact you per email via our newsletter.

We strive to present you with information that may be of interest and that is relevant to you. For this purpose, we use profiling procedures to optimise and personalise the information we make available to you. We also create profiles and specific segments which includes bringing together personal data from various Mölnlycke affiliates. On the basis of this segmentation, we can manage the type, content and frequency of specific communication measures for specific target groups. For profiling purposes, we use personal data that we receive from you as part of our relationship.

The personal data that we process:

• Your purchasing behaviour and browsing behaviour
• The profile we create about you, reflecting your preferences, characteristics, abilities and attitudes
• Profiling information, which may in particular be based on usage data that we create with your consent by measuring and evaluating your interaction with electronic advertising, in particular by measuring and evaluating the opening and click rate in email newsletters

Our legal basis for processing:

Legitimate interest; wherein our legitimate interest is to select and provide relevant information to you according to your interests and behaviour, as well as to improve our processes and our business operations by managing, analysing and monitoring Mölnlycke services, products and activities provided to you.
You will only receive marketing messages if you have agreed to this through our opt-in procedure, and you may opt-out from receiving such messages by the featured opt-out procedure or by contacting us at privacy@molnlycke.com.

How we share and transfer your personal data:

We will share your personal data to the following recipients;

• Our IT-service providers
• Other Mölnlycke affiliates

Mölnlycke will transfer your personal data to countries outside the EU/EEA within the scope of this processing activity. We will transfer the personal data to the following recipients;

• Our Mölnlycke affiliates established in USA, China, Chile, Thailand, Singapore, Brazil, Canada, Japan, Australia, India, South Africa, New Zealand, Malaysia and South Korea, for the purpose of sharing information about you within our company group
• Providers of analytic tools (Google Analytics, Meta pixel, etc.), located in the United States

How long we keep your personal data:

We will process and keep your personal data for a maximum period of two (2) years from the time since we last had an interaction with each other. The collected data will be transformed into aggregated data (thus anonymised) after such 2 year period at the latest. Such aggregated, anonymous data cannot directly identify you as a person and may be processed by us for an indefinite period of time. For the sake of clarity, this aggregated data is not personal data.

You may at any time opt-out from receiving further emails from us concerning Mölnlycke’s products or services by objecting to receiving further messages, which you can do by contacting us through privacy@molnlycke.com or the contact details you find here.

In addition to the processing purposes listed above, we may be required to process personal data for additional purposes. We may also be required to keep certain personal data for longer periods of time e.g., to be able to establish, exercise, and/or defend against legal claims. We will generally process such personal data for ten (10) years from creation or for the time necessary to fulfil the purpose in the relevant case. This processing of your personal data is based on our legitimate interest of establishing and/or defending legal claims. Additionally, we may be required to process personal data to comply with legal obligations e.g., relating to bookkeeping or tax legislation, or if we are ordered to process personal data (including disclosing it) by a competent court or government authority.

We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorised access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.

We strive to always process your personal data within the EU or EEA. However, if a third country transfer is described in the tables under section 3 above, we will transfer your personal data, to our Mölnlycke affiliates or to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g., by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection here.

You may access the European Commission’s standard contractual clauses here.

In this section we describe your rights as a data subject. You can exercise them by contacting us using the contact information at the end of this document. Please note that not all rights listed below are absolute and there are exemptions which can be valid. Your rights are the following:

Right of access   

You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

Right of rectification

You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

Right to erasure

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

Right to restriction

You have the right to restrict the processing of your personal data in the following circumstances: (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such personal data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

Right to data portability

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

Right to object

You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to object to direct marketing

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your personal data for such purposes.

Right to withdraw consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority in Sweden, or with your local supervisory authority in the EU member state where you are located. You can find contact details to each local supervisory authority by visiting this link.

If you have any questions about the processing of your personal data or want to exercise any of your rights, please contact us at:

Email: privacy@molnlycke.com
Post: Mölnlycke Health Care AB
Attn: Chief Privacy Officer
P.O. Box 13080, SE-402 52 Gothenburg, Sweden

For residents of Germany,

Mölnlycke Health Care GmbH
Grafenberger Allee 297
40237 Düsseldorf
Germany

Phone: +49 (0)211 920 88 0
E-Mail: info.de@molnlycke.com

You can contact the external data protection officer of the controller at:

datenschutz@molnlycke.com
Phone: +49 (0)89 91 92 94 - 900

Mölnlycke processes personal data in the manner and for the purposes described in the tables below. The tables below also show the legal basis on which Mölnlycke bases its processing for each purpose and for how long we will retain your personal data.

What we do and why:

We handle reports received through the whistleblowing channel by collecting and administering the reports. We will also communicate with the persons who the reports concern, including alleged witnesses of the reported incident. We will handle, follow-up and document the content of the report and any upcoming questions. We will do this in order to be able to properly handle all whistleblowing reports concerning violations of the law.

The personal data that we process:

• Contact information, such as name, telephone number, address and e-mail address
• Report history and report
• Employment information (such as job title and role)
• Pictures and audio recordings
• Personal data related to criminal convictions, suspicion of and/or actual violations of the law in the form of violations of, for example, the Money Laundering Act

Our legal basis for processing:

Legal obligation: The processing of your personal data is required by law. If the personal data is not processed, our legal obligation cannot be fulfilled.

How we share and transfer your data:

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their services to us.

Mölnlycke will not transfer your personal data to a country outside the European Union (“EU”)/European Economic Area (“EEA”) within the scope of this processing activity.

How long we keep your data:

We process your personal data during the storage period required by law or otherwise during the time it is necessary for the establishment, exercise or defence of legal claims.

What we do and why:

We will conduct investigations of misconduct and suspected offenses committed within Mölnlycke's organization in the form of suspected or actual violations of law, with the purpose to properly handle all suspected violations of law within Mölnlycke’s organization. To achieve this we will handle, follow up and document whistleblower reports contents and upcoming questions. We will collect and review information from the IT-equipment and the digital systems you use within your employment and that Mölnlycke controls. We will also interview relevant persons within the investigation, including alleged witnesses of the reported incident and contact the relevant authorities for the investigation.

The personal data that we process:

• Contact information, such as name, telephone number, address and e-mail address
• Report history and report
• Employment information (such as job title and role)
• Pictures and audio recordings
• Communication history
• Internet history
• User history from the IT-equipment and digital systems that you as an employee use within the framework of your employment and that Mölnlycke controls
• Personal data related to criminal convictions, suspicion of and/or actual violations of the law in the form of violations of, for example, the Money Laundering Act

Our legal basis for processing:

Legal obligation: The processing of your personal data is required by law. If the data is not processed, our legal obligation cannot be fulfilled.

How we share and transfer your data:

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their services to us.

Mölnlycke will not transfer your personal data to a country outside the EU/EEA within the scope of this processing activity.

How long we keep your data:

We process your personal data for the storage period required by law or otherwise for the time necessary for the establishment, exercise or defence of legal claims.

What we do and why:

We will handle reports of violations of internal policies through collecting and administering reports received through the whistleblowing channel. We will also communicate with the persons who the reports concern, including alleged witnesses of the reported incident. We will handle, follow-up and document the content of the report and any upcoming questions. We will do this in order to be able to properly handle all whistleblowing reports concerning potential violations of internal policies. 

The personal data that we process:

• Contact information, such as name, telephone number, address and e-mail address
• Birthdate
• Registration history and registration number
• Employment information (such as job title, employee identifier and role of responsibility).
• Pictures and audio recordings
• Personal data related to actions in violation of Mölnlycke's Code of Conduct and internal policies

Our legal basis for processing:

Legitimate interest: The processing is necessary to fulfil our legitimate interest in ensuring that our internal policies for our business are complied with.

How we share and transfer your data:

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their service to us.

Mölnlycke will not transfer your personal data to a country outside the EU/EEA within the scope of this processing activity.

How long we keep your data:

For this purpose, we will process your personal data until the investigation case is completed and for the time necessary to establish, exercise or defend legal claims.

What we do and why:

We will investigate misconduct and suspected offenses within Mölnlycke's organization in the form of violations of internal policies. To achieve this we will handle, follow up and document whistleblower reports contents and upcoming questions. We will collect and review information from the IT- equipment and the digital systems you use within your employment and that Mölnlycke controls. We will also interview relevant persons within the investigation, including alleged witnesses of the reported incident and contact the relevant authorities for the investigation.

The personal data that we process:

• Contact information, such as name, telephone number, address and e-mail address
• Birthdate
• Report history and report number
• Employment information (such as job title and role).
• Pictures and audio recordings
• Communication history
• Internet history
• User history from the IT-equipment and digital systems that you as an employee use within the framework of your employment and that Mölnlycke
• Personal data related to actions in violation of Mölnlycke1's Code of Conduct and internal policies

Our legal basis for processing:

Legitimate interest: The processing is necessary to fulfil our legitimate interest in ensuring that our internal policies for our business are complied with.

How we share and transfer your data:

In order to fulfil the purposes stated above, Mölnlycke will share your personal data with the following recipients;

• With our legal advisors, that assist us in the investigation of whistleblowing reports
• With data forensics experts or other experts on a case by case basis
• Relevant authorities
• IT provider of Whistleblowing channel Convercent by OneTrust

to the extent it is necessary for them to perform their service to us

Mölnlycke will not transfer your personal data to a country outside the EU/EEA within the scope of this processing activity

How long we keep your data:

For this purpose, we will process your personal data until the investigation case is completed and for the time necessary to establish, exercise or defend legal claims.

Mölnlycke processes personal data that is collected directly from you when you use the whistle- blowing system, or that is stated by another person within the scope of a report.

We strive to always process your personal data within the EU or EEA. However, if we transfer your personal data, in accordance with what is stipulated in the tables above, to service providers who, either themselves or by their sub-contractors, are located or have business activities in a country outside the EU or EEA. In such cases, we are responsible for ensuring that the transfer is made in accordance with applicable data protection legislation before it occurs, e.g. by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission, or by ensuring appropriate safeguards based on the use of standard contractual clauses that the European Commission has adopted and other appropriate measures to safeguard your rights and freedoms.

You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at this link.

You may access the European Commission’s standard contractual clauses at this link.

In this section we describe your rights as a data subject. You can exercise them by contacting us using the contact information at the end of this document. Please note that not all rights listed below are absolute and there are exemptions which can be valid. Your rights are the following:

Right of access

You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

Right of rectification

You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

Right to erasure

You have the right to request that we erase your personal data without undue delay in the following circumstances: (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing; (iii) you object to our processing of personal data, and we do not have any overriding legitimate grounds for the processing; (iv) the processed personal data is unlawfully processed; or (v) the processed personal data has to be erased for compliance with legal obligations.

Right to restriction

You have the right to restrict the processing of your personal data in the following circumstances:
(i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data; (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead; (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

Right to data portability

If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

Right to object

You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to object to direct marketing

You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

Right to withdraw consent

When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority.

If you have any questions about the processing of your personal data or want to exercise any of your rights, please contact us at:

Phone number: +46 31 722 30 00 E-mail: privacy@molnlycke.com
Mölnlycke AB,
c/o Mölnlycke Health Care AB
Box 13080 402 52 Göteborg SWEDEN

The Website uses so-called cookies. The Website uses the cookies and other similar technologies listed in this policy.

The time for which a certain cookie is activated is specified under each specific cookie under the headline “Lifespan” in the list linked below. There are two types of cookies: 1) persistent cookies and 2) session cookies. For cookies where the Lifespan is labelled as “persistent”, cookies are activated for up to 6 months and thereafter deleted from your device. For cookies where the Lifespan is labelled as “session”, cookies are activated as long as the browser remains active, which means that the cookies will be deleted when you exit your browser and/or leave the Website.

If you choose not to accept cookies, some of the functionalities of the Website may be limited. Exactly what the impact will be on the Website’s functionality is further specified under each category of cookies in the Website’s cookie settings.

Cookies may gather personal data, such as IP-address. All such personal data is processed in accordance with the Website’s Privacy Notice which can be read under the category called “Site Visitors”.

We use pixel tags, web beacons and similar technologies that enable, among other things, the tracking of your activities when you use the Website or receive e-mail messages from us, (jointly referred to as “other technologies”). Other technologies may be used in connection with our Website, our online advertising, or our e-mail messages, either by us or by our service providers, business partners or other third parties.

Other technologies are used to collect typically anonymous data to help identify certain information, to compile reports on tracking information regarding demographics, patterns and purchases on the Website, and other information to improve the user experience and our services. We may share these reports with for example our marketing partners. The tracking information in these reports cannot be traced back to individual users. We may co-ordinate the tracking information with other personal data provided by users of the Website for the purpose of analyzing the information. When such co-ordination is performed, all the coordinated information is processed as personal data in accordance with the Website’s Privacy Notice which can be read under the category called “Site Visitors”.

We may use other technologies in our HTML-based e-mails to let us know which e-mails that the recipients have opened. Other technologies may also be used to identify why you visit the Website, e.g. if any online advertisement or e-mail has brought you to the Website.

Other technologies may also be used by other companies to track visits to their websites, to identify whether such internet traffic came from our Website or to confirm your eligibility to receive services or benefits.

If you do not accept our use of cookies or other technologies, you can in addition to changing the settings in the Website’s cookie settings, set your browser not to accept cookies or other technologies. Through the browser, you can also delete previously stored cookies. Please refer to your browser’s help section for more information. Also, you can at any time delete cookies manually from your hard drive.

If you disable a cookie or a category of cookies, or other technologies, some of the functionalities of the websites you visit may not be able to function as you expect them to. Disabling cookies or other technologies does not delete existing cookies from your hard drive unless manually completed through your browser function.