In this Statement of Privacy Principles, we describe how K2M processes personal information. Personal information is information relating to you that we can use to specifically identify you, such as your name, telephone number, e-mail address, address, or date of birth, or any other information that will allow us to identify you. Preservation of, and respect for the personal information of our customers, business colleagues, and vendors is critical to our continued success. We will always process personal information by applying the following principles:
- Lawfulness, fairness, and transparency – we will communicate clearly to you the information we intend to process and the purpose for which we intend to process it.
- Purpose limitation – we will only use your information for the specific purposes we have disclosed to you.
- Minimisation and proportionality – we will only collect the data necessary to carry out the purposes we have disclosed to you.
- Quality and accuracy – we will endeavor to make sure your personal data is complete and up to date.
- Storage limitation – we will only keep your data for as long as is necessary to fulfil the purpose or, if longer, as required by law.
- Integrity and confidentiality – we will keep your personal data secure and confidential.
- Accountability – we will comply with data protection laws, directives, regulations and principles.
These Privacy Principles apply when we process personal information collected from individuals in Europe and, subject to the Addendum set out below, Australia. They apply whether we obtain the personal data directly from an individual or from another individual or company that identifies an individual.
Data processing is any operation or set of operations performed using personal information, wholly or partially by automatic means, including collecting, using, disclosing, adapting, altering, correcting, retrieving , combining , blocking, erasing, transferring , destroying , recording , organizing, storing, disseminating, or otherwise making available and using personal information.
We may collect personal information in a variety of ways. For example:
- When you engage in a commercial transaction with us or contact us for information on our products or services.
- When you visit our website and fill out a survey, registration form for one of our events, indicate your preferences as to how you wish to receive information from us via the web or otherwise.
- When you send us an e-mail.
- Indirectly, by combining information we have gathered through cookies that do not contain personal information with data provided to us by you.
We may process your personal information (other than sensitive information, which is discussed separately below):
- to respond to your requests and enquiries.
- to perform a contract or for contract negotiations with or about you.
- to develop records, including records of your personal information.
- to contact you by email (or in other ways with your permission) with information that might be of interest to you, including information about clinical trials and about products and services of ours and of others.
- for analytical purposes and to research, develop and improve programs, products, therapies, services, and content.
- to remove your personal identifiers (your name, e-mail address, phone number, etc.) so that information is anonymised. Once we have anonymised your information, it is no longer personal information and is not subject to this Statement of Privacy Principles.
- to personalize your access to our web sites, for example, by telling you about new features that may be of interest to you.
- to enforce this Statement of Privacy Principles and otherwise protect your rights or property.
- to protect your vital interests or someone else’s health, safety, or welfare.
- to comply with a law or regulation, court order, or other legal obligation.
- for our other legitimate interests, unless such processing will unfairly prejudice your rights or freedoms.
- in other ways to which you consent.
Some types of personal information are sensitive information. Sensitive information is personal information revealing or relating to your health, your racial or ethnic origin, religious or philosophical beliefs, sex life, political affiliation, or trade union membership. We will only collect and process your sensitive information:
- in ways for which you have given your explicit consent;
- to protect your vital interests , in cases where your explicit consent cannot be given or reasonably requested ;
- as permitted or required by national law;
- to establish, exercise, or defend a legal claim.
We may contact you periodically in person, by e-mail, by mail, or by telephone to provide information regarding programs, products, services and content that may be of interest to you, unless you advise us that you do not wish to receive marketing or market research communications from us. If applicable, law requires that we receive your explicit consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your explicit consent.
You may withdraw your consent to our use of your personal information by sending us a notice to dataprivacy@K2M.com. We will then immediately stop processing your personal information for the purposes for which you have withdrawn your consent. Additionally, all our emails contain a link allowing you to unsubscribe from receiving emails from us in the future.
We will not share your personal information with an unrelated third party without your consent, except as otherwise provided in this Statement of Privacy Principles.
In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. For example, we may use different vendors or suppliers to ship our products. In these cases, we provide the vendor or supplier with only the information necessary to process your order such as your name and delivery address.
We will not sell, exchange, or publish your personal information, except in conjunction with a corporate reorganization, sale, merger, dissolution, or acquisition.
- enforce this Statement of Privacy Principles;
- protect our rights or property;
- protect someone’s health, safety or welfare;
- comply with a law or regulation, court order, or other legal process.
We may transfer information out of the country in which it was collected to any country or territory in the European Economic Area and to any other country that is recognized by the European Union as having adequate privacy protections. We will transfer information to other areas only if:
- the transfer is necessary for the performance or future performance of a contract in which you are involved; or
- if you consent to the transfer; or
- if the data will be adequately protected in the other country, by contract or other protection (for example, if the recipient is in the United States, it is Privacy Shield certified or an appropriate data protection agreement meeting the requirements of the GDPR is in place).
We use reasonable physical, administrative, and technical safeguards to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We also restrict access to your personal information to those employees and contractors who need to know that information to do their jobs. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, email sent to or from us may not be secure; therefore, you should take special care in deciding what information you send to us via e-mail.
We endeavor to keep our records of your information accurate. If you ever notice that your information is not complete, accurate, or up to date, or if you have questions or comments about this Statement of Privacy Principles, please contact us at:
K2M UK Limited
1 Roundwood Avenue
Uxbridge UB11 1FG
If you are located in Australia, K2M Inc. and K2M Australia Pty Ltd. are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).
We will transfer information out of Australia to our parent company, K2M Inc, which is located in the United States.
We may also transfer information out of Australia to any country or territory in the European Economic Area and to any other country that has substantially similar laws to the Privacy Act. Where such transfer occurs, we will take reasonable steps to ensure that any recipient has adequate privacy protections and will take reasonable steps to ensure that any overseas recipient does not breach the APPs.
If you would like any further information about our handling of personal information or to make a complaint about something you believe breaches the Privacy Act, please contact our privacy officer using the contact details above. We will respond within a reasonable period of time, usually 30 days.
If you are unsatisfied with the handling of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the Office of the Australian Information Commissioner at the following address for further review:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001