Select region
Submit

Last updated January 2025

1. We respect your privacy

The protection of your personal data is of great importance to Getinge, and we will process your personal data in accordance with applicable data protection laws and regulations.

Getinge is a global medical technology and device group with companies in around 40 countries, meaning different data protection laws apply dependent upon which group company you interact with. Since our parent company Getinge AB (publ) with reg. no 556408-5032 is based in Sweden, the General Data Protection Regulation (“GDPR”) is the basis for our global data privacy program and this notice.

We do our best to make the content of this notice easy to understand and navigate. Despite this, we know that some words are difficult to grasp. To facilitate your understanding, we have gathered explanations of such words used in this notice in the Privacy definitions page.

If you have any questions related to this notice, please contact our data protection officers by sending an e-mail to data.protection@getinge.com.

2. Who is responsible?

This notice provides information about the processing of personal data by a Getinge group company in relation to its customers and their representatives. The data controller, i.e. the company that decides in which way your personal data is used and why, is the Getinge company your company previously or currently purchases (or is expected to purchase) products or services from (“Getinge”). 

Since this notice includes information of the processing activities related to customers and its representatives within the Getinge group globally, there may be local variations.  

3. Description of processing activities

In this section we provide information about our different processing activities including explanations of the:

  • Purpose – why we use your personal data in a certain way.
  • Categories of personal data – if it includes your name, contact details, role or other.
  • Legal basis – if we for example have asked for your consent, if we are required to collect and store your personal data based on a legal obligation or if we based on a legitimate interest, can use your personal data for a specific purpose.
  • Retention period – how long do we keep the personal data for each purpose. 

3.1 For Supplier due diligence (Supplier discovery)

Purpose
Supplier risk management enables us to identify, assess and manage the risks that could arise from working with third party Suppliers such as: Financial, Ethical, Environmental, Social, Human Rights, Political or Economic Risks.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work. Full name, passport numbers or date of birth of Suppliers’ key executives, board of directors, and/or shareholders in case available in the screening database, content from professional social media platforms, suspected misconduct or violation of laws and regulations as well as Getinge Code of Conduct, tweets, Posts or Pins in social media.

Legal Basis
This processing is necessary to enable Getinge to comply with its legal obligations regarding the prevention of money laundering and the financing of terrorism, as well as to be compliant with ESG laws and requirements. To the extent the processing is not necessary to comply with a legal obligation, it is based on Getinge’s legitimate interest. 

Retention Period
The personal data will be collected and processed throughout the relationship between Getinge and the supplier and thereafter for the time required to fulfill our legal and regulatory obligation.

3.2 To create and maintain your Supplier account

Purpose

  • To create and manage your account and Supplier information;
  • To create and manage the contract for the products and services you have requested;
  • To ensure and develop Supplier relations;
  • To manage and follow up invoicing, payments and debt collection.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work.

Legal Basis
The applicable legal basis for processing personal data is our legitimate interest to make sure we can fulfil our obligations under the contract we have entered into with you. To the extent you are supplying goods and/or services to us as a physical person (i.e. without the involvement of any legal entity), the legal basis is fulfillment of our contractual obligations. 

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting legislation.

3.3 For Supplier quality management

Purpose
The Supplier quality management process involves a structured approach to overseeing and managing procurement activities. It ensures that products and services acquired meet quality standards, regulatory requirements and organizational needs.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work and any personal data included in supplier performance evaluations.

Legal Basis
This processing is based on Getinge’s legitimate interest in monitoring Suppliers' ability to meet the organization's needs in terms of quality and performance, and applicable legal obligations set out for medical device manufacturers.

Retention Period
As a manufacturer of medical devices, Getinge is required by applicable laws and regulations to retain certain documents relating to medical devices for as long as they are sold and marketed. For medical devices in the EU, governed by the Medical Devices Regulation, this period is at least 15 years for implantable devices and 10 years for other devices after the last medical device has been placed on the market.

3.4 For Supplier visits and audits

Purpose
The Supplier visits and audits ensure that all vendors respect and apply our quality requirements and our Supplier code of conduct. 

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work and any personal data included in supplier audit reports.

Legal Basis
This processing is based on Getinge’s legitimate interest in visiting and auditing Suppliers' ability to meet the organization's needs in terms of quality and ESG topics as well as applicable legal obligations set out for medical device manufacturers.

Retention Period
As a manufacturer of medical devices, Getinge is required by applicable laws and regulations to retain certain documents relating to medical devices for as long as they are sold and marketed. For medical devices in the EU, governed by the Medical Devices Regulation, this period is at least 15 years for implantable devices and 10 years for other devices after the last medical device has been placed on the market.

3.5 For Supplier contract management and monitoring

Purpose
The Supplier contract management and monitoring secure engagement and requirement between Getinge and all vendors in terms of logistic, quality, price, ESG, etc.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work and signature (electronic or handwritten). 

Legal Basis
This processing is based on Getinge’s legitimate interest to have contracts signed and approved with Suppliers to guarantee engagement between each party.

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting legislation.

3.6 For Supplier order management

Purpose
The Supplier Order Management process helps ensure that all vendor contracts meet the needs of the business. The Supplier Order Management process is also required to monitor Supplier activity, perform Supplier audits, track deliveries, and also to obtain the best prices for components dedicated to the manufacturing of products.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work.

Legal Basis
This processing is based on Getinge’s legitimate interest in facilitating the order management of Suppliers and the way we communicate with them for the follow-up of orders, deliveries and invoices.

Retention Period
Your data will be kept for the duration of our contractual relationship, and some of it, such as invoices, for an additional period in accordance with applicable financial and accounting obligations.

3.7 For Supplier sustainability management

Purpose
The Supplier sustainability management ensure that all vendors respect and apply our Supplier code of conduct in terms of Environmental, Social and Governance (ESG) aspects.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work and any personal data included in supplier audit reports.

Legal Basis
This processing is based on our legal obligation to comply with Environmental, Social and Governance requirements.

Retention Period
Your data will be kept for as long as necessary, provided that there is a legal obligation to keep it, taking into account applicable limitation periods and the possibility of keeping data for a longer period when required by law or in the event of a dispute.

3.8 To manage Supplier complaints

Purpose
Getinge's Complaint Management Program provides an improved complaint management process, focused on compliance and efficiency, while providing our legal manufacturers with actionable data.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work.

Legal Basis
This processing is based on Getinge's legitimate interest in improving regulatory compliance by strengthening commitment to patient security, product improvement and the implementation of sustainable corrective measures.

Retention Period
Data are kept in an active database for as long as they are used in the context of a case. 

As a manufacturer of medical devices, Getinge is required by applicable laws and regulations to retain certain documents relating to medical devices for as long as they are sold and marketed. For medical devices in the EU, governed by the Medical Devices Regulation, this period is at least 15 years for implantable devices and 10 years for other devices after the last medical device has been placed on the market.

3.9 To comply with our legal obligations

Purpose
Getinge is subject to strict compliance rules. Particularly in areas such as anti-corruption, human rights and environmental protection, as well as other potential reputational and compliance risks such as non-compliance with the organization's code of conduct.

Personal Data
Your contact details as representative or contact person for a supplier, including the company you represent, role and title and the address of your place of work.

Legal Basis
Getinge must process personal data to fulfill a legal obligation to which Getinge is subject (such as the prevention of fraud, crime, money laundering, anti-corruption.

Retention Period
Your data will be kept for as long as necessary, provided that there is a legal obligation to keep it, taking into account applicable limitation periods and the possibility of keeping data for a longer period when required by law or in the event of a dispute. 

4. From where is your personal data collected?

Getinge collects your personal data either:

Directly from you

  • Through the contract we have with you or through an electronic or paper form you have used to contact us or to submit a request;

Indirectly

  • From an application or from third parties.

5. With whom is your personal data shared?

We share your personal data with various entities of the Getinge group in order to manage our activities and maintain our relationship with you.

We may also share your Personal Data in other special circumstances, for example when we believe that sharing will help protect the security of Getinge's assets and persons, property or rights, those of our partners, associates or others.

Depending on the above-mentioned purposes, Getinge may share your Personal Data:

Personal data shared internally within the Getinge group

  • With departments authorized to process your data within the Getinge group (for example, people employed by Getinge companies and working in purchasing and procurement, finance, quality, purchasing and procurement or the legal and compliance department).

Personal data shared externally with a processor or separate data controller

  • Your data may be shared outside the Getinge group, for example with Getinge service providers responsible for monitoring the security of the network and IT infrastructure of group companies,
  • tax authorities or government agencies to comply with certain laws, such as those against fraud, tax evasion, anti-corruption, or
  • external advisors such as lawyers or auditors to ensure compliance with laws or regulations, including for example environmental, social and governance (ESG) regulations.

We require our service providers to keep your personal information secure, and do not allow our service providers to use or share your personal information for any purpose other than providing services on our behalf.

6. Transfer of your personal data outside EU/EEA

The companies which we share your personal data with described above are located in the EU/EEA as well as outside the EU/EEA – also called third countries. 

Third countries legislation may differ from the rules of data protection within the EU/EEA, which means that when such transfers occur, we will either make sure the country has an adequate level of protection or enter into standard contractual clauses with the party which we share or give access to your personal data. 

Adequate level of protection:

The European Commission has decided that certain countries outside the EU/EEA have a sufficiently high level of security. This means that personal data can be transferred there without any further action having to be taken regarding the transfer itself (beyond what applies under the GDPR in general). A list of which countries are included can be found here

If any Getinge company in the EU, shares or give access to your personal data to a Getinge company in the UK, Japan, Canada, Switzerland, New Zealand or Republic of Korea, such sharing or access is made to a country with an adequate level of protection. 

EU Standard Contractual Clauses:

Since only a few countries are considered to have an adequate level of protection, the most common measure to ensure sufficient protection in the event of a transfer outside the EU/EEA is to apply the EU Commission's Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914, without any changes or amendments in conflict with the clauses. If you want to read them in their entirety, you can download them via the European Commission's website under the heading Standard contractual clauses for international transfers. 

Right to obtain a copy – If you would like more information about transfers to third countries, and a copy of the safeguard we have used, please Contact us

An Intra-group Data Processing Agreement, including the EU Standard Contractual Clauses, has been signed between all Getinge companies worldwide.

7. How long does Getinge retain your personal data?

Your personal data will be retained for as long as necessary to achieve the purposes set out in this notice, but no longer than required or permitted by applicable data protection legislation and internal Getinge policies. 

We dispose the personal data we collect in accordance with Getinge's directive and retention procedures.

8. Your Rights

You are entitled to exercise certain rights when we process your personal data. Below we list each of these rights and provide a short explanation of what they mean. 

  • Access – right to request and receive information.
  • Rectification – right to request correction of incorrect or incomplete data.  
  • Erasure (right to be forgotten) – right to request deletion of personal data.
  • Data Portability – right to request transfer of your personal data.
  • Object – right to object to certain processing, such as direct marketing and when our legal basis is legitimate interest.  
  • Restriction – right to request restriction of how we use certain personal data.
  • Withdraw consent – right to request us to cease processing based on your consent.
  • Lodge a complaint – right to submit a complaint to a data protection authority.

More detailed information regarding the above rights is found on the page called Your Rights.

If you already know that you would like to exercise any of the above rights, please fill in our Data Subject Request Form. Please note that Getinge will assess on a case-by-case basis whether a request to exercise your rights is valid, since the rights are not absolute, and exceptions may apply.

9. Changes

If any changes are made concerning the processing of your personal data, we will inform you of such changes by publishing an updated version of this privacy notice in the Getinge Privacy Center. 

You are now leaving Getinge.com. You might access content  not managed by Getinge team, in that case Getinge can not be hold responsible of the content. 

I understand! Stay in Getinge.com

Dear user, You now see International fallback content. Getinge South East Asia does not review or control this content. It is possible that some of the products on Getinge international are not approved in your country. For more specific  information relevant for your region please contact us.

OK!

Dear user, You now see International fallback content. Getinge South East Asia does not review or control this content. It is possible that some of the products on Getinge international are not approved in your country. For more specific  information relevant for your region please contact us.