Privacy Policy
 

Personal Data Protection Policy

Legal statement Privacy Policy

Last modified: March 13, 2025
 

1. Privacy at MicroPort

MicroPort Scientific Corporation (“MicroPort”) is a global medical technology company committed to breaking barriers in healthcare. As part of its activities, MicroPort publishes a website:  www.microport.com (hereinafter the “Site”).

At MicroPort we are fully committed to respecting the privacy and personal data of those who are in contact with us. We implement appropriate technical and organisational measures to ensure that your personal data is processed in accordance with the regulations in force.

2. About this Policy

This Privacy Policy describes how MicroPort and its affiliates process and protect Personally Identifiable Information that the Site collects about its visitors and how applicable rights can be exercised. The Site is intended to be used by MicroPort customers, commercial visitors, business associates, investors, and other interested parties for business purposes. To the extent MicroPort collects information outside of the Site, MicroPort will provide a separate data protection notice where required by applicable laws.

3. Data Protection Applicable Laws

MicroPort is established in multiple jurisdictions and the Site can be accessed by visitors based in various countries. MicroPort is committed to be compliant with Data Protection laws applicable in the jurisdictions in which MicroPort operates. 

In Europe, the applicable laws are:

For countries members of the European Union (hereinafter “EU”), or of the European Economic Area (hereinafter “EEA”): The Regulation (EU) 2016/79 of the European parliament and Council, otherwise known as the General Data Protection Regulation (hereinafter “GDPR”), along with its local country implementations.

For the United Kingdom: The GDPR applies; known as “UK GDPR” along with the Data Protection Act 2018.

For Switzerland: the Loi Fédérale sur la Protection des Données (LPD) / Datenschutzgesetz (DSG) enacted on 25 September 2020, updated on 1 September 2023.

The terms “data “, or “personal data”, used in this policy have the same meaning as that given to the term “personal data” in the GDPR. Other terms common to this policy and the GDPR, specifically the terms “processing”, “controller”, “processor” or “recipient” have the meaning given to them in the GDPR.

4. Who is Responsible for Processing Your Personal Data

Within the meaning of the GDPR, the data controller is the natural or legal person who determines the purposes and means of data processing, i.e. for what purpose(s) and in what way your personal data is processed.

MicroPort is responsible for processing your data, and as such is the data controller.

MicroPort has appointed a data protection officer (“DPO”) who will be your main contact for all questions relating to the protection of your personal data.

You can send us any questions, requests for information or complaints by contacting us by email:  

data-privacy@microport.com

5. What Personal Data Do We Collect and How

5.1 Data Collected

  • Identification and contact data: we process through a contact form the data required to contact you, to respond to your requests, and potentially to send you information emails, newsletter, etc. This data includes your email address, first name, last name and any other information you provide us via the site contact form, by email or by any other means.
  • Site users’ browsing data: when you browse the Site, a certain amount of data is collected in relation to the device used (computer, smartphone, tablet), browser, pages and content viewed. This data may include directly or indirectly identifying data such as, for example, an IP address or a unique identifier linked to the device, operating system, software or other.
  • Data collected when applying to a position: we process information provided through the dedicated contact form, the data that is necessary and relevant to the recruitment of a candidate, based on resume and interviews: last name(s), first name(s), education, professional background, contact details, etc. No information that is not directly related to the recruitment process will be processed.
  • Data from our customers and prospective customers: we process through the contact from or else the data required to follow up on a sales request, present our products and service offers and then manage our business relations with customers and prospects.
  • Data from our subcontractors: we process the data provided through the contact form or else, the data necessary and relevant to the management of our relationship with our subcontractors.

5.2 How We Collect Your Data on the Site Outside of the Contact Forms (Cookies)

We use cookies or other types of “tracers” on our Site. A cookie is an electronic file stored on your terminal (computer, tablet, smartphone, etc.) and associated with the Site. This file is automatically transmitted when you subsequently connect to the Site.

When browsing this Site, cookies from us and/or third-party companies may be placed on your device.

The first time you browse this Site, a banner explaining the use of cookies will appear, allowing you to configure your choices.

We use different types of cookies:

« Mandatory » cookies:

These cookies are generally set as a response to actions you have performed that constitute a request for services, such as setting your privacy preferences, logging in or filling in forms. They make it possible to record information between several visits to the Site on the same device.

These cookies are mandatory to the technical operation of the Site and do not require your consent. They are therefore deposited automatically on your terminal. Refusal of these cookies may impact the Site operation and the quality of your browsing experience.

Statistical or audience measurement cookies:

These cookies enable us to evaluate your actions on the Site to assess the frequency and volume of visitors and to improve the operation and ergonomics of the Site. These cookies may be “internal” (i.e. deposited by us) or “third party” (when they are deposited by third parties).

Your consent is requested before these cookies are deposited, i.e. when you first connect, by ticking a box on our cookies banner. 

You can always manage the use of those cookies and especially remove consent for their use.

6. What Are the Purposes and Legal Bases for the Processing of Personal Data that We Carry Out

Data Type

Processing Purpose

Legal Basis

Identification and contact data 

Establishing contact, Sales prospection

Legitimate interest

GDPR, article 6.1.f

Newsletters

Consent

GDPR, article 6.1.a

Navigation data including directly or indirectly identifying data 

Enabling a secure Site operational for the various devices and browsers available on the market

Legitimate interest

GDPR, article 6.1.f

Statistics and audience measurement

Consent

GDPR, article 6.1.a

Data relating to position applicantsData communicated by the candidate: Hiring process management.

Consent

GDPR, article 6.1.a

Sales prospects data

Sales prospection: Identification of potential customers and presentation of our products and services. 

Legitimate interest

GDPR, article 6.1.f

Customer data

Management of business relations as part of our contractual relationship, especially... or as part of providing services for which we have been commissioned

Performance of a contract

GDPR, article 6.1.b

Subcontractor and third-party dataPerformance of a contract with subcontractor or third-party

Performance of a contract

GDPR, article 6.1.b

7. What Security Measures Do We Implement to Protect Your Personal Data

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access. 

We also monitor the way in which our service providers process your personal data to ensure that they provide sufficient guarantees in relation to the implementation of appropriate data security measures. 

8. How Long Do We Keep Your Data For

Personal data is kept for the period necessary to achieve the purposes for which it was collected, as described in article 3, plus any further duration required by law. 

The main retention durations are as follows:

Commonly applied retention duration (in “Active Archive”) for personal data:

  • Data related to customers: retention for the duration of the contract plus 5 years, and 3 years for sales prospection.
    • Data related to sales prospects: retention for 3 years starting with the date of the last contact made with us (unless the right to object was exercised when contacted).
    • Data related to position applicants: retention for the time required to process the active application and, in the event of a negative outcome, 2 years from the last contact with the applicant.
    • Data related to third-parties, subcontractors, suppliers: retention for the duration of the contract plus 5 years.

Retention duration in « intermediary Archive » for personal data: 

In such a case the data is no longer of use to achieve the previously set purpose but may still be of interest (such as in case of a litigation) or must be retained for legal reasons. Such data can be accessed when needed and by only duly authorized individuals. 

  • Accounting documents and records10 years
  • Data required in case of litigation or judicial purpose: 5 years (legally applicable prescription duration)

9. What Are Your Rights

You have several rights over your data, which you can exercise in conditions outlined in the GDPR. Below is a summary of these.

Your Rights

Their Use

Right of Access

GDPR, article 15

Obtain a legible and comprehensible copy of the data we hold in relation to you, as well as a copy on a durable medium of this policy.

 

Right to rectification

GDPR, article 16

Obtain the rectification, update or completion of data related to you.

 

Right to withdraw consent

GDPR, article 7, 3.

Obtain for the future, that there is no further processing of your data to which you had consented.

 

Right to object

GDPR, article 21

Obtain for the future, that there is no further processing of your data when such processing is based on our legitimate interest or that of a third party (subject especially to legitimate and compelling grounds) or if your data is used for sales prospecting purposes.

 

Right to erasure (right to be forgotten)

GDPR, article 17

Obtain the erasure of all or part of your data, or its complete and irreversible anonymization, under certain conditions (especially if you consider that the data is no longer necessary, if you have withdrawn your consent or if you consider that your data is being processed unlawfully). In such cases, we may nevertheless be required to retain certain data to comply with our legal obligations or to enforce our legal rights.

 

Right to restriction of processing

GDPR, article 18

Obtain the retention of your data without proceeding to any further processing (for example if you consider that the data is no longer necessary or is being processed unlawfully). In such a case, your data is temporarily isolated and will no longer be used (unless subject to our legal obligations or the exercise of our legal rights).

 

Right to define what will be done with your data after your death.

(France only)

Tell us how you would like us to handle your data in the event of your death.

You can exercise your rights by contacting our DPO at the following email address: 

data-privacy@microport.com

If you consider that we have not responded satisfactorily to your request, you can contact the local supervisory authority.

For countries members of the European Union (hereinafter “EU”), or of the European Economic Area (hereinafter “EEA”): The list of the respective country authorities can be accessed on the site of the European Data Protection Board, https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

For the United Kingdom: Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

For Switzerland: Préposé fédéral à la protection des données et à la transparence (PFPDT) / Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1, 3003 Bern, Switzerland 

10. Who Has Access to Your Data

Some of your data may be consulted, or at the very least hosted, by the following people:

  • Our authorized staff.
  • Our technical service sub-contractors providing services that contribute to the operation of the Site and/or the achievement of the purposes described in the above article 3.
  • Our legal service subcontractors (attorneys etc.), chartered accountants or other consultants.

If you are based in the EU, EEA, United Kingdom, or Switzerland, the personal data you entrust to us may be transferred outside the EU, EEA, United Kingdom, or Switzerland. Some of our staff and subcontractors may transfer data concerning you outside the EU, EEA, United Kingdom, or Switzerland. In all such cases, we will ensure that all appropriate legal and technical safeguards are put in place to ensure such transfers are operated lawfully and securely according to the specifications set out in the GDPR and other applicable local Data Protection laws.

11. Modifications

This policy may be updated over time. In the event of significant modifications, you will be informed, by means of notices placed in a prominent position on the Site, before such changes are proceeded with. In all other cases, the previous policy will be replaced by the new version, which will be immediately applicable and legally binding. Given this, we invite you to consult the privacy policy page regularly.