Convatec Global Privacy Notice

This privacy notice was last updated October 2023.

 

At Convatec, we prioritise protecting your privacy and personal data.

 

What this privacy notice describes

This privacy notice describes how Convatec Limited and its subsidiaries (collectively “Convatec”) collects, uses, stores and protects your personal data.  
This includes any personal data gathered when using our websites, mobile apps, on the phone, in person, and through communications such as emails and SMS. This may include information submitted through a form, or how you interact with our services.  

What we mean by personal data

Personal data (also known as Personally Identifiable Information (PII)) is any information that could lead to someone being identified. This includes data like your identity, contact information, health status and financial details, which we may collect from you.
If the data collected is anonymous and you cannot be identified, it is not considered personal data.

What data Convatec collects about you

Convatec collects different types of data from you. Whenever we do this, we will be transparent about what data we’re processing and why, and collect it in a safe, legal way.

Types of personal data we may collect about you 

Convatec collects, uses, stores and transfers the following types of personal data:

  • Identity data 
    This includes your first name, last name, title, date of birth and gender.
  • Contact data
    Your billing and delivery address, email and phone number.
  • Health data 
    Medical and health conditions, or fitness and dietary information.
  • Technical system data
    Your IP address, system IDs, your browser type and version, browser plug-ins, your time zone and location, and which operating system and platform you’re using.
  • User profile data
    Your username and password, previous orders, plus your preferences.
  • Insurance data 
    This includes your insurance provider, policy details and policy number.
  • Usage data
    How you’ve interacted with Convatec’s services including websites, webinars, social networks, apps, SMS messages, emails and in person with our agents or representatives.
  • Marketing and communications data
    How or if you’ve consented to receive promotional materials from us.
  • Financial and transaction information
    Any bank account, credit or debit card details you’ve provided, transaction numbers and products purchased.
  • Government ID data
    Any government-issued identifiers such as social security numbers, national insurance (NI) numbers, or license to practice numbers.
  • Fraud protection information
    Details of any transactions you’ve made with us, by whom and when. 

Reasons why Convatec may collect your personal data  

Your data may be collected for the following reasons:

  • You tell us you consent to Convatec using your data to provide you with a service
  • We’re about to, or already have entered a contract with you, for instance, a purchase order, sample request or consultations
  • We need to comply with legal or regulatory obligations
  • We’re in the process of detecting or preventing fraud  
  • We have another legitimate interest or lawful reason for doing so

When Convatec may collect your personal data 

Convatec collects your personal data when you:  

  • Use our online services (websites, platforms, and mobile apps)  
  • Meet with a Convatec representative or associate  
  • Request information about our products, services and events  
  • Enter a competition or promotion  
  • Request a sample and other products for evaluation  
  • Purchase products and services  
  • Attend our clinics  
  • Attend our webinars  
  • Participate in our research or in one of our clinical trials (as a patient or researcher)  
  • Participate in a case study or product and service testimonial
  • Interact with us via telephone, online or via social media channels  
  • Give us general or other specific customer feedback
  • Apply for a job at Convatec

Data we collect from other sources 

As well as the information you give us, Convatec also collects your data from other sources, including:

  • Third parties acting on your behalf  
  • Partners that help us provide our products and services
  • Partners that support us in security and fraud prevention  
  • If you ask your care provider to request Convatec services on your behalf
  • Commercial data sets
  • Public domain information, like census or business registration data
  • Other lawful sources  

Our company-wide commitment to your privacy

We're committed to helping you understand how we use your data, and believe that everyone has the right to privacy, no matter where they live. That’s why we provide everyone with the information and controls needed to understand and manage how their data is collected and used.

How we use your data

We use your personal data for the following reasons:
  
Processing your requests 
We need your data to process requests, provide you with our services or verify your insurance.

Communicating with you 
We need your personal data to reply to requests and communications you’ve sent us, or ask you for feedback or to request information. We also need this data to market our products and services. When it’s relevant, we might contact you with important notices and service messages, like product safety information, or to talk to you about your healthcare condition.  

Improving and customising your experience 
If you customise your services or communications (where you have the option), that information will be used to adapt how we communicate with you or provide you with services. You can opt out of personalisation at any time by changing your preferences or by emailing us at dataprivacy@convatec.com.

Powering our services  
Personal data helps us power and improve our services, and carry out internal work like auditing, data analysis and troubleshooting. 

Security and preventing fraud  
Your data can be used to protect individuals, employees, and Convatec, to provide loss protection, quality assurance and to prevent fraud.  

Complying with the law  
We use your personal data to comply with applicable law, for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.

Convatec's legal basis for processing your data 

Convatec will use your personal data only when we have a valid legal basis to do so.  
In most cases, this will be based on your explicit consent, or when its necessary to fulfil a contract with you like sending you a sample or service you've requested. We may also use personal data for other purposes with your consent.
Whenever information is provided, Convatec will validate it depending on local legal requirements, for example in some countries, we’ll be legally required to verify that a clinician is licensed before sending them product information.
When sharing your data with third parties, we legally require them to respect the security of your personal data and to treat it in accordance with our policies and instructions. We do not allow third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for a specified purpose.

For more information, see Convatec’s Lawful Basis Policy.

Who we share your data with and why 

Convatec may share your personal data with both internal and external parties.
   
Internal parties   
We may share your data with subsidiary companies in the Convatec Group who act as joint controllers or processors (and who provide system administration services or undertake reporting services). 
 
External parties 
We may share your data with:  

  • Service providers acting as processors who help us deliver services like IT and system administration.  
  • Professional advisers acting as processors or joint controllers including agents, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance or accounting services.
  • Tax authorities, regulators and other competent bodies acting as processors or joint controllers who require reporting of processing activities in certain circumstances.

Other parties 
We may share your data with other parties that we have decided to sell, transfer or merge parts of our business with; or businesses we’re acquiring. Any new businesses must store, protect, and use your personal data in the same way as set out in this privacy notice. 

How we protect your data

We keep your personal data safe through a combination of administrative, technical, and physical safeguards that consider the nature of your data, how it is processed and any risks it faces. Convatec also uses security and fraud protection tools to protect our websites and mobile apps. 

How long we hold your data for 

The length of time we hold your data for will vary depending on its purpose. In every instance, we only hold your data for as long as is necessary to do so. This includes for legal, accounting or reporting reasons.  
Other factors include the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, why we collected it and whether there’s a way we can proceed without your data. For more information, you can request a copy of our retention policy via our online contact us form.

How we protect your data in transit

To effectively process your personal data, it may be transferred to or accessed by other Convatec entities, including Convatec-affiliated companies or service providers.

How Convatec protects your data when it’s transferred between countries  

We comply with the laws on the transfer of personal data between countries. You may access a regional version of this privacy notice in the local language(s), with information on how we’re complying with the region-specific and country-specific privacy and security legislation affecting your personal data.  
We comply with laws such as, but not exclusive to:

 

How Convatec protects data transfers outside the EEA and the UK 

Many of our external third-party service providers (for example, IT support consultants or marketing agents) are based outside of the European Economic Area (EEA) or the United Kingdom (UK). This means processing your personal data could involve transferring it outside of these regions.  
In this instance, your data will have the same level of protection as it does in the EEA and the UK by ensuring the recipient is signed up to equivalent data protection obligations as the ones contained in GDPR.  
We also provide additional protection, by only using legal agreements approved by the European Commission.

How Convatec protects data transferred outside China Mainland  

Residents of China Mainland may have their personal data processed in countries/regions outside of China Mainland. This will be done in compliance with local law, including the Personal Information Protection Law. We may also transfer this personal data to third parties, who may in turn store or transfer the data outside of China mainland. Convatec imposes the same or similar protection liability (including notice and consent requirements) on third parties.

Other web technologies

How Convatec uses reCAPTCHA 

Convatec uses a Google technology called reCAPTCHA on some of its web sites. reCAPTCHA is a technology that enables our websites to distinguish between human users and automated systems. This is designed to prevent misuse and abuse of our websites by only allowing humans access.  
reCAPTCHA distinguishes between humans and automated systems by monitoring personal information like typing patterns, mouse clicks or screen touches. This information is not stored or collected. You can find more information about how Google uses this information by visiting the link below.

Video player services  

We host videos on our websites using a variety of video player services including YouTube. These typically use an enhanced privacy version of the player to manage the collection of your personal data.   
Clicking play on one of these versions of the video player means it will store and collect interaction data from your computer, but it will not collect personally identifiable information. This means watching a video on our website will not personalise your content on that player service or on any of your subsequent visits to that video platform.

Online chat service  

Some of Convatec’s websites include an online chat or ‘chatbot’ service. This service is provided by our partners. When you use our chatbots, these partners collect available information to track how their services are being used. 

Third-party links and websites 

Convatec websites contain third-party links that may take you to another website, plug-in or application. Following these links or connecting with these services may allow these external websites to collect or share data about you.  
Convatec does not control third-party websites, or how they use your data. We encourage you to read the privacy notice of any website you visit that you may have concerns about.

Your rights regarding your personal data

Everyone has the right to know, access, correct, transfer, and restrict the processing of any personal data that Convatec has access to. You may also request the deletion of your personal data.  
If you choose to exercise these rights, you won’t be treated in a discriminatory way, or receive a lesser degree of service from Convatec. 

Requesting access to your personal data 

You may at any time request access to your personal data, commonly known as data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  
You can do this by contacting us at dataprivacy@convatec.com.
 

Updating the data we hold about you

If your personal data is out of date, incomplete or inaccurate, you can ask us to update these details. We may need to verify the accuracy of the new data you provide to us. Please contact us dataprivacy@convatec.com to update your data. 

Marketing Communications

You can opt out of receiving marketing information from Convatec and its subsidiaries. To unsubscribe from our promotional emails or messages, use the link provided in the promotional messages. Alternatively contact us via email at dataprivacy@convatec.com.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product regulatory issue, product/service experience or other transactions.

 

Request the deletion of your personal data

You can ask us to delete any information that we hold about you.  Please email our Data Protection Officer at dataprivacy@convatec.com to request a deletion of your data. 

Sometimes we may have to decline a request

There will be some situations where we cannot grant your request, for example, if you ask us to delete your data where Convatec is legally obligated to keep a record of that transaction to comply with the law.  
We might also decline to grant a request that would undermine our legitimate use of data for anti-fraud and security purposes. Other reasons your request might be denied would be if it jeopardises the privacy of others, or is deemed by Convatec to be frivolous, vexatious, or extremely impractical.

Special circumstances

Children’s privacy notice 

Convatec never deliberately markets to children. However, some of our products and services can be used by children.   
In any instances where we’ve collected data from children ages 13-16, they will be afforded the same rights as an adult, including the right to access, update, and object to the processing of their personal data. They also have the right to request that their personal data is erased. 
For children younger than 13, we will seek consent from whoever holds parental responsibility for the child, unless the online service we offer is a preventive or counselling service.

How to contact Convatec regarding your data

If you’ve got any questions, comments, requests or complaints about our privacy notice, or would like to request access to or change your data, contact the Convatec Data Protection Officer (DPO) by emailing dataprivacy@convatec.com

What is a Data Protection Officer? 

To protect your data more effectively, Convatec has appointed a data protection officer (DPO) for the group, whose responsibilities include protecting your data and keeping you informed and up to date.  
Our DPO ensures that this privacy notice is clear and easy to understand, so you can remain totally informed about the relationship between you, us and your personal data. Our DPO is Convatec’s representative regarding your data, so they’re responsible for answering any questions about this privacy notice – or if you want to exercise any of your rights as listed on this page.

How to contact Convatec’s DPO by post

If you prefer not to use email, please send your inquiry to the following address:  

Convatec Group Data Protection Officer 
Floor 7 
20 Eastborne Terrace 
Paddington 
London 
W2 6LG 
United Kingdom 

Changes to this privacy notice
We will revise this notice from time to time by updating this page so that we can improve the experience that we provide. If we make any changes to how we use or share your personal data, we’ll let you know via email and/or a notice on our website.