Privacy notice for Customers

The protection of your personal data is of great importance to Getinge, and we will process your personal data in accordance with applicable data protection laws and regulations.

Getinge is a global medical technology and device group with companies in around 40 countries, meaning different data protection laws apply dependent upon which group company you interact with. Since our parent company Getinge AB (publ) with reg. no 556408-5032 is based in Sweden, the General Data Protection Regulation (“GDPR”) is the basis for our global data privacy program and this notice.

We do our best to make the content of this notice easy to understand and navigate. Despite this, we know that some words are difficult to grasp. To facilitate your understanding, we have gathered explanations of such words used in this notice in the Privacy definitions page.

If you have any questions related to this notice, please contact our data protection officers by sending an e-mail to data.protection@getinge.com.

This notice provides information about the processing of personal data by a Getinge group company in relation to its customers and their representatives. The data controller, i.e. the company that decides in which way your personal data is used and why, is the Getinge company your company previously or currently purchases (or is expected to purchase) products or services from (“Getinge”). 

Since this notice includes information of the processing activities related to customers and its representatives within the Getinge group globally, there may be local variations.  

In this section we provide information about our different processing activities including explanations of the:

• Purpose – why we use your personal data in a certain way.
• Categories of personal data – if it includes your name, contact details, role or other.
• Legal basis – if we for example have asked for your consent, if we are required to collect and store your personal data based on a legal obligation or if we based on a legitimate interest, can use your personal data for a specific purpose.
• Retention period – how long do we keep the personal data for each purpose. 

Purpose
Identifying and contacting potential customers in order to generate new business relationships and to select business partners.

Personal Data
Your contact details as representative or contact person for a potential customer, including the company you represent, role and title and the address of your place of work. 

Legal Basis
This processing is based on Getinge's legitimate interest in identifying and collecting information on potential new customers.

Retention Period
We will keep your personal data as long as we consider that our products and services could be of interest to your company (inter alia based on the activity between us). 

Purpose
Customer risk management enables us to identify, assess and manage the risks that could arise from working with customers such as: Financial, Ethical, Environmental, Social, Human Rights, Political or Economic Risks.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work. Full name, passport numbers or date of birth of customers’ key executives, board of directors, and/or shareholders in case available in the screening database, content from professional social media platforms, suspected misconduct or violation of laws and regulations as well as Getinge Code of Conduct, tweets, Posts or Pins in social media.

Legal Basis
This processing is necessary to enable Getinge to comply with its legal obligations regarding the prevention of money laundering and the financing of terrorism, as well as to be compliant with ESG laws and requirements. To the extent the processing is not necessary to comply with a legal obligation, it is based on Getinge’s legitimate interest. 

Retention Period
The personal data will be collected and processed throughout the relationship between Getinge and the customer and thereafter for the time required to fulfill our legal and regulatory obligation.

Purpose
This processing enables Getinge to streamline and automate the handling of customer requests (including redirecting requests to the appropriate functions and services), to discover our customers' core needs, to be responsive, proactive and team-oriented, to offer a personalized customer experience, to enable communication in the preferred language and to coordinate our interactions with you.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
This processing is based on Getinge's legitimate interest in facilitating the way in which Getinge interacts with its customers with the aim of providing an adapted, personalized and efficient service. 

Retention Period
The personal data will be collected and processed throughout the relationship between Getinge and the customer.

Purpose
This processing activity helps to protect the interests of all parties concerned by establishing fair and enforceable agreements. This ensures that all parties clearly understand and accept the terms and conditions, reducing the risk of misunderstandings and disputes.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work and signature (electronic or handwritten). 

Legal Basis
This processing is based on Getinge’s legitimate interest in having contracts signed and approved with customers to guarantee engagement between each party.

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting legislation.

Purpose
To maintain Getinge's customer accounts up to date and to manage invoicing, payments and debt collection. 

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work and customer bank information.

Legal Basis
The applicable legal basis for processing personal data is our legitimate interest to make sure we can fulfil our obligations under the contract we have entered into with you. 

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting legislation.

Purpose
To meet our tendering requirements (such as public procurement contracts). The rules applicable to these contracts are defined by public procurement legislation. 

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
The processing of your personal data is necessary to comply with a legal obligation in connection with the procurement of goods and services. 

Retention Period
Getinge retains applications and tenders as well as documents relating to the award procedure for a minimum period of five years from the date of signature of the public contract.

Purpose
The customer order management process enables us to process and fulfill customer orders, guarantee on-time delivery, measure operational efficiency and performance, track deliveries, invoicing and produce reports.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
This processing is based on Getinge's legitimate interest in facilitating the management of customer orders and fulfilling our contractual obligations.

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting obligations.

Purpose
If you subscribe to receive continuous information and updates concerning our work or our products, we process your name and e-mail address to be able to provide you with information and updates concerning our business and our products as requested by you.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
Our processing is based on our legitimate interest in providing you with the information you have requested. 

Retention Period
Your personal data is stored until you no longer wish to receive our information. Once you have unsubscribed, we will delete your personal data as soon as possible. Statistics which have been anonymized may be saved thereafter.

Purpose
Getinge offers its customers the opportunity to receive specialized technical training on Getinge products and solutions.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work, your customer profile information and log data (user ID, username).

Legal Basis
This processing is based on Getinge’s legitimate interest to administer the training and to provide you with a certificate after finalized training. 

Retention Period
Getinge will keep your personal data from its collection, during the training, and for a certain time thereafter. For such personal data included in invoices and other documents related to payments, such will be kept in accordance with applicable financial and accounting laws and regulations.

Purpose
The purpose of this processing is to offer our customers an appropriate and efficient service and support when it comes to solving problems or carrying out assistance and maintenance operations.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work, your customer profile information and log data (user ID, username).

Legal Basis
This processing is based on Getinge's legitimate interest in fulfilling obligations under the service contract signed with the customer, such as after-sales service, user support, assistance with products, solutions and services provided.

Retention Period
Getinge will retain your personal data for as long as necessary to provide after-sales service, user support or assistance, and for the duration of our contractual relationship to make sure we can trace and assess previous actions to provide appropriate support. 

Purpose
To give and manage customer access to Getinge systems.

Personal Data
User IDs, authorizations, settings and other attributes associated with your user account (such as your name and email address), connection data and data in logs regarding your use of Getinge solutions, applications or services.

Legal Basis
This processing is based on Getinge's legitimate interest in managing customer user access, analyzing system usage and preventing and protecting data and systems against cybersecurity risks.

Retention Period
Getinge will retain your personal data for as long your user account is active on our systems.

Purpose
Getinge's Complaint Management Program provides an improved complaint management process, focused on compliance and efficiency, while providing our customers with actionable data.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
This processing is based on Getinge's legitimate interest in improving regulatory compliance by strengthening commitment to patient security, product improvement and the implementation of sustainable corrective measures.

Retention Period
Data are kept in an active database for as long as they are used in the context of a case. 

As a manufacturer of medical devices, Getinge is required by applicable laws and regulations to retain certain documents relating to medical devices for as long as they are sold and marketed. For medical devices in the EU, governed by the Medical Devices Regulation, this period is at least 15 years for implantable devices and 10 years for other devices after the last medical device has been placed on the market.

Purpose
Getinge is subject to strict compliance rules. Particularly in areas such as anti-corruption, human rights and environmental protection, as well as other potential reputational and compliance risks such as non-compliance with the organization's code of conduct.

Personal Data
Your contact details as representative or contact person for a customer, including the company you represent, role and title and the address of your place of work.

Legal Basis
Getinge must process personal data to fulfill a legal obligation to which Getinge is subject (such as the prevention of fraud, crime, money laundering, anti-corruption.

Retention Period
Your data will be kept for as long as necessary, provided that there is a legal obligation to keep it, taking into account applicable limitation periods and the possibility of keeping data for a longer period when required by law or in the event of a dispute. 

Getinge collects your personal data either:

Directly from you

• Through the contract we have with you or through an electronic or paper form you have used to contact us or to submit a request;

Indirectly

• From an application or from third parties.

We share your personal data with various entities of the Getinge group in order to manage our activities and maintain our relationship with you.

We may also share your personal data in other special circumstances, for example when we believe that sharing will help protect the security of Getinge's assets and persons, property or rights, those of our partners, associates or others.

Depending on the above-mentioned purposes, Getinge may share your personal data:

Personal data shared internally within the Getinge group

• Departments authorized to process your data within the Getinge group (for example, people in Getinge companies working in the sales and service department, finance, quality or the legal and compliance department).

Personal data shared externally with a processor or separate data controller

• Your data will be shared outside the Getinge group with Getinge service providers responsible for monitoring the security of the network and IT infrastructure, as well as suppliers and providers of IT application and services (such as ERP or CRM system).
• tax authorities or government agencies to comply with certain laws, such as those against fraud, tax evasion, anti-corruption, or
• external advisors such as lawyers or auditors to ensure compliance with laws or regulations, including for example environmental, social and governance (ESG) regulations.

We require our service providers to keep your personal information secure, and do not allow our service providers to use or share your personal information for any purpose other than providing services on our behalf.

The companies which we share your personal data with described above are located in the EU/EEA as well as outside the EU/EEA – also called third countries. 

Third countries legislation may differ from the rules of data protection within the EU/EEA, which means that when such transfers occur, we will either make sure the country has an adequate level of protection or enter into standard contractual clauses with the party which we share or give access to your personal data. 

Adequate level of protection:

The European Commission has decided that certain countries outside the EU/EEA have a sufficiently high level of security. This means that personal data can be transferred there without any further action having to be taken regarding the transfer itself (beyond what applies under the GDPR in general). A list of which countries are included can be found here. 

If any Getinge company in the EU, shares or give access to your personal data to a Getinge company in the UK, Japan, Canada, Switzerland, New Zealand or Republic of Korea, such sharing or access is made to a country with an adequate level of protection. 

EU Standard Contractual Clauses:

Since only a few countries are considered to have an adequate level of protection, the most common measure to ensure sufficient protection in the event of a transfer outside the EU/EEA is to apply the EU Commission's Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914, without any changes or amendments in conflict with the clauses. If you want to read them in their entirety, you can download them via the European Commission's website under the heading Standard contractual clauses for international transfers. 

Right to obtain a copy – If you would like more information about transfers to third countries, and a copy of the safeguard we have used, please Contact us

An Intra-group Data Processing Agreement, including the EU Standard Contractual Clauses, has been signed between all Getinge companies worldwide.

Your personal data will be retained for as long as necessary to achieve the purposes set out in this notice, but no longer than required or permitted by applicable data protection legislation and internal Getinge policies. 

We dispose the personal data we collect in accordance with Getinge's directive and retention procedures.

You are entitled to exercise certain rights when we process your personal data. Below we list each of these rights and provide a short explanation of what they mean. 

• Access – right to request and receive information.
• Rectification – right to request correction of incorrect or incomplete data.  
• Erasure (right to be forgotten) – right to request deletion of personal data.
• Data Portability – right to request transfer of your personal data.
• Object – right to object to certain processing, such as direct marketing and when our legal basis is legitimate interest.  
• Restriction – right to request restriction of how we use certain personal data.
• Withdraw consent – right to request us to cease processing based on your consent.
• Lodge a complaint – right to submit a complaint to a data protection authority.

More detailed information regarding the above rights is found on the page called Your Rights.

If you already know that you would like to exercise any of the above rights, please fill in our Data Subject Request Form. Please note that Getinge will assess on a case-by-case basis whether a request to exercise your rights is valid, since the rights are not absolute, and exceptions may apply.

If any changes are made concerning the processing of your personal data, we will inform you of such changes by publishing an updated version of this privacy notice in the Getinge Privacy Center.