This privacy notice was last updated March 2023.
This privacy notice describes how Convatec Limited and its subsidiaries (collectively “Convatec”) collects, uses, stores and protects your personal data.
This includes any personal data gathered when using our websites, mobile apps, on the phone, in person, and through communications such as emails and SMS. This may include information submitted through a form, or how you interact with our services.
Personal data (also known as Personally Identifiable Information (PII)) is any information that could lead to someone being identified. This includes data like your identity, contact information, health status and financial details, which we may collect from you.
If the data collected is anonymous and you cannot be identified, it is not considered personal data.
Convatec collects different types of data from you. Whenever we do this, we will be transparent about what data we’re processing and why, and collect it in a safe, legal way.
Convatec collects, uses, stores and transfers the following types of personal data:
Your data may be collected for the following reasons:
Convatec collects your personal data when you:
As well as the information you give us, Convatec also collects your data from other sources, including:
We're committed to helping you understand how we use your data, and believe that everyone has the right to privacy, no matter where they live. That’s why we provide everyone with the information and controls needed to understand and manage how their data is collected and used.
We use your personal data for the following reasons:
Processing your requests
We need your data to process requests, provide you with our services or verify your insurance.
Communicating with you
We need your personal data to reply to requests and communications you’ve sent us, or ask you for feedback or to request information. We also need this data to market our products and services. When it’s relevant, we might contact you with important notices and service messages, like product safety information, or to talk to you about your healthcare condition.
Improving and customising your experience
If you customise your services or communications (where you have the option), that information will be used to adapt how we communicate with you or provide you with services. You can opt out of personalisation at any time by changing your preferences or by emailing us at dataprivacy@convatec.com.
Powering our services
Personal data helps us power and improve our services, and carry out internal work like auditing, data analysis and troubleshooting.
Security and preventing fraud
Your data can be used to protect individuals, employees, and Convatec, to provide loss protection, quality assurance and to prevent fraud.
Complying with the law
We use your personal data to comply with applicable law, for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.
Convatec will use your personal data only when we have a valid legal basis to do so.
In most cases, this will be based on your explicit consent, or when its necessary to fulfil a contract with you like sending you a sample or service you've requested. We may also use personal data for other purposes with your consent.
Whenever information is provided, Convatec will validate it depending on local legal requirements, for example in some countries, we’ll be legally required to verify that a clinician is licensed before sending them product information.
When sharing your data with third parties, we legally require them to respect the security of your personal data and to treat it in accordance with our policies and instructions. We do not allow third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for a specified purpose.
Convatec may share your personal data with both internal and external parties.
Internal parties
We may share your data with subsidiary companies in the Convatec Group who act as joint controllers or processors (and who provide system administration services or undertake reporting services).
External parties
We may share your data with:
Other parties
We may share your data with other parties that we have decided to sell, transfer or merge parts of our business with; or businesses we’re acquiring. Any new businesses must store, protect, and use your personal data in the same way as set out in this privacy notice.
We keep your personal data safe through a combination of administrative, technical, and physical safeguards that consider the nature of your data, how it is processed and any risks it faces. Convatec also uses security and fraud protection tools to protect our websites and mobile apps.
The length of time we hold your data for will vary depending on its purpose. In every instance, we only hold your data for as long as is necessary to do so. This includes for legal, accounting or reporting reasons.
Other factors include the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, why we collected it and whether there’s a way we can proceed without your data. For more information, you can request a copy of our retention policy via our online contact us form.
To effectively process your personal data, it may be transferred to or accessed by other Convatec entities, including Convatec-affiliated companies or service providers.
We comply with the laws on the transfer of personal data between countries. You may access a regional version of this privacy notice in the local language(s), with information on how we’re complying with the region-specific and country-specific privacy and security legislation affecting your personal data.
We comply with laws such as, but not exclusive to:
Many of our external third-party service providers (for example, IT support consultants or marketing agents) are based outside of the European Economic Area (EEA) or the United Kingdom (UK). This means processing your personal data could involve transferring it outside of these regions.
In this instance, your data will have the same level of protection as it does in the EEA and the UK by ensuring the recipient is signed up to equivalent data protection obligations as the ones contained in GDPR.
We also provide additional protection, by only using legal agreements approved by the European Commission.
Residents of China Mainland may have their personal data processed in countries/regions outside of China Mainland. This will be done in compliance with local law, including the Personal Information Protection Law. We may also transfer this personal data to third parties, who may in turn store or transfer the data outside of China mainland. Convatec imposes the same or similar protection liability (including notice and consent requirements) on third parties.
Convatec uses a Google technology called reCAPTCHA on some of its web sites. reCAPTCHA is a technology that enables our websites to distinguish between human users and automated systems. This is designed to prevent misuse and abuse of our websites by only allowing humans access.
reCAPTCHA distinguishes between humans and automated systems by monitoring personal information like typing patterns, mouse clicks or screen touches. This information is not stored or collected. You can find more information about how Google uses this information by visiting the link below.
We host videos on our websites using a variety of video player services including YouTube. These typically use an enhanced privacy version of the player to manage the collection of your personal data.
Clicking play on one of these versions of the video player means it will store and collect interaction data from your computer, but it will not collect personally identifiable information. This means watching a video on our website will not personalise your content on that player service or on any of your subsequent visits to that video platform.
Some of Convatec’s websites include an online chat or ‘chatbot’ service. This service is provided by our partners. When you use our chatbots, these partners collect available information to track how their services are being used.
Convatec websites contain third-party links that may take you to another website, plug-in or application. Following these links or connecting with these services may allow these external websites to collect or share data about you.
Convatec does not control third-party websites, or how they use your data. We encourage you to read the privacy notice of any website you visit that you may have concerns about.
Everyone has the right to know, access, correct, transfer, and restrict the processing of any personal data that Convatec has access to. You may also request the deletion of your personal data.
If you choose to exercise these rights, you won’t be treated in a discriminatory way, or receive a lesser degree of service from Convatec.
You may at any time request access to your personal data, commonly known as data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You can do this by contacting us at dataprivacy@convatec.com.
If your personal data is out of date, incomplete or inaccurate, you can ask us to update these details. We may need to verify the accuracy of the new data you provide to us. Please contact us dataprivacy@convatec.com to update your data.
You can ask us to delete any information that we hold about you. Please email our Data Protection Officer at dataprivacy@convatec.com to request a deletion of your data.
There will be some situations where we cannot grant your request, for example, if you ask us to delete your data where Convatec is legally obligated to keep a record of that transaction to comply with the law.
We might also decline to grant a request that would undermine our legitimate use of data for anti-fraud and security purposes. Other reasons your request might be denied would be if it jeopardises the privacy of others, or is deemed by Convatec to be frivolous, vexatious, or extremely impractical.
Convatec never deliberately markets to children. However, some of our products and services can be used by children.
In any instances where we’ve collected data from children ages 13-16, they will be afforded the same rights as an adult, including the right to access, update, and object to the processing of their personal data. They also have the right to request that their personal data is erased.
For children younger than 13, we will seek consent from whoever holds parental responsibility for the child, unless the online service we offer is a preventive or counselling service.
If you’ve got any questions, comments, requests or complaints about our privacy notice, or would like to request access to or change your data, contact the Convatec Data Protection Officer (DPO) by emailing dataprivacy@convatec.com.
To protect your data more effectively, Convatec has appointed a data protection officer (DPO) for the group, whose responsibilities include protecting your data and keeping you informed and up to date.
Our DPO ensures that this privacy notice is clear and easy to understand, so you can remain totally informed about the relationship between you, us and your personal data. Our DPO is Convatec’s representative regarding your data, so they’re responsible for answering any questions about this privacy notice – or if you want to exercise any of your rights as listed on this page.
If you prefer not to use email, please send your inquiry to the following address:
Convatec Group Data Protection Officer
Floor 7
20 Eastborne Terrace
Paddington
London
W2 6LG
United Kingdom