Privacy Policy

This website LAAEReduceStrokeRisk.com (the “Site”) is built and maintained by AtriCure, Inc. (“AtriCure”), a medical device company that provides innovative solutions designed to decrease the global atrial fibrillation (Afib) epidemic. Our first responsibility is to the patients and customers we serve and as part of that service, AtriCure is committed to safeguarding your privacy.

Website Privacy Notice

This Privacy Notice (“Notice”) explains our information practices and the choices you can make about the way your Personal Data is collected and utilized throughout this Site. This Notice applies to all personal data we collect about customers, suppliers and Site visitors. We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this privacy statement or as permitted by law, including the European General Data Protection Regulation (GDPR).
AtriCure, Inc. and its subsidiary AtriCure Europe B.V. are Joint Controllers for the Processing of Personal Data described in this Notice. Being part of one group, the Joint Controllers collaborate, share data and engage in joint processing activities related to all below mentioned. Both Joint Controllers are responsible for compliance with their respective responsibilities but, as mentioned below in this Notice, AtriCure Europe B.V. shall be your main point of contact in case you have any questions about this Notice or if you want to exercise any of your rights under the GDPR.
The table below contains a number of definitions of the terminology used in this Privacy Notice.

You

Our site users

GDPR

The European General Data Protection Regulation, EU 2016/679.

Criminal Personal Data

Any Personal Data that provides information on persons’ criminal convictions or offences

Controller

The legal person, administrative body or any other entity which, alone or in conjunction with others, determines the purpose of and means for Processing of Personal Data.

Processor

The person or body which processes Personal Data on behalf of the Controller, without being subject to the Controller’s direct control.

Personal Data

Any information relating to an identified or identifiable natural person (e.g. a person whose identity can be established reasonably without disproportionate effort by means of name, address and date of birth). By way of example but not limitation, video and voice recording is also Personal Data if the video images or the voice recording is identifiable to a natural person. If financial data (such as bank statements) relate to an identifiable natural person, such information is considered Personal Data.

Processing of Personal Data

Any operation or any set of operations concerning Personal Data, including in any case the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of Personal Data

Special Categories of Personal Data

Any Personal Data that provides information on persons’ religious or philosophical beliefs, race, political opinions, health, sexual life, genetic data, biometric data for the purpose of uniquely identifying a living person or membership of trade unions.

What is Personal Data?

Personal Data means any information relating to an identified or identifiable natural person, such as a name, address, email addresses and emails, voice and video recordings, or a copy of a passport but also financial data or copies of emails and contracts, provided that such information relates to a natural person.
Which Personal Data do we collect and process about you?
This Privacy Notice describes the collection of Personal Data through our Site. Through our Site we may collect Personal Data of:
• Visitors to our Site, when contacting us via email or through online forms
AtriCure respects the privacy of visitors to our Site and as such, you may browse the areas of our Site without providing any Personal Data. Should you choose to contact us, you will be asked to provide your contact information, including your name, email address and phone number. Our Cookie notice is provided below.
We never ask for Special Categories of Personal Data or Criminal Personal Data unless it is required through a legal obligation.

How we use and disclose your Personal Data
In this section, we set out the purposes for which we use Personal Data, explain how we share your Personal Data, and identify the “legal grounds” on which AtriCure relies to process the Personal Data.
These “legal grounds” are set out in the GDPR and allow Controllers to process Personal Data only when the processing is permitted by that “legal grounds” set out in the GDPR. The table below provides for a description of the legal grounds that we rely on:

For processing Personal Data and special categories of Personal Data

Legal ground

Details

(1) Performance of our contract with you

Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.

(2) Consent

Processing based on your explicit consent, such consent may be withdrawn at any time.

(3) Compliance with a legal obligation

Processing is necessary for compliance with a legal obligation in the European Union to which we are subject.

(4) For our legitimate business interests

Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data. These legitimate interests are set out next to each purpose.

For what purposes do we use your Personal Data and what legal bases do we use to justify such use?
We may use your Personal Data in the following ways. For each use, we note the legal bases we use to justify each use of your Personal Data.

For communication and service purposes we may use your Personal Data to respond to questions.

  • Use justification: (3) for our legitimate business interests (e.g. in order to respond to a request for information).

For security purposes and to analyse and continuously improve our website we may use Personal Data for testing and improving the design, content, and functionality of our Site, the security thereof and for further tailoring our Site to our user’s needs (including by estimating and measuring usage patterns). Only in very exceptional circumstances will we use Personal Data for testing purposes and if this is necessary, always in a closed and secured environment.

  • Use justification:(3) for our legitimate business interests (to enable us to ensure the security of our systems and further improve the Site for our users).
    Use justification:
    (3) for our legitimate business interests (in running our business efficiently and in order to keep our records and accounts updated).

For our business purposes, including monitoring and improving our programs, services and products, for record keeping and maintaining our accounts, complying with good practice and for other operational and administrative reasons.

  • Use justification: (4) for our legitimate business interests (in running our business efficiently and in order to keep our records and accounts updated).

To defend our legitimate interests and to change our business structure We may disclose Personal Data in connection with legal proceedings or investigations to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants (these third parties are not data processors on behalf of AtriCure and will process Personal Data for their own purposes). We may also provide your Personal Data to any potential acquirer of or investor in any part of our business for the purpose of that acquisition or investment.

  • Use justification: (3) legitimate interests (to enable us to cooperate with law enforcement and regulators and to allow us to develop our business).

AtriCure does not collect or maintain Personal Data for marketing or advertising purposes.

Disclosure of Personal Data

We may disclose your personal Information to certain third parties listed below, including third parties who provide us with various business services. We will not otherwise disclose your Personal Data without prior consent, except where such disclosure is reasonably necessary for normal business operations and in accordance with all applicable Data Protection and Privacy laws.

IT systems

We store your Personal Data on our IT systems located in the United States and Europe. As a global company, we transfer Personal Data to, or permit access to Personal Data from, any location throughout the world where AtriCure is doing business, including the United States, Europe, Middle East and Africa.

Third Parties/ Business service providers

We have engaged various Processors for the processing of your Personal Data on our behalf, including IT service providers and other business service providers such as website hosting, professional services, customer service, e-mail delivery, auditing and other similar services. We have contracts in place with our data processors, which means that they cannot do anything with your Personal Data unless we have instructed them to do it. They will not share your Personal Data with any organisation (unless legally required to do so) apart from us. They will hold it securely and retain it for the period that we instruct.
We may also share your personal information to third parties to perform specific services you request on the Site.

Law Enforcement

We may be legally required to disclose your Personal Data in response to requests from regulators and law enforcement or security agencies, in which case these regulators and law enforcement or security agencies will be acting as a Controller as well. We will always assess the legitimacy of such requests before disclosing any Personal Data and will only disclose the Personal Data required to comply with such request.

Regulators and physicians

If you contact us regarding your experience in using one of our products, we may use the Personal Information you provide as necessary to submit complaint or adverse event reports to local and international health or pharmaceutical regulators, and as otherwise required by law. We also may use the Personal Information to contact the involved physician to follow up regarding an unexpected event involving use of our product.

Other Legal Reasons

In addition, we may use or disclose your Personal Information as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations (6) to protect the rights, privacy, safety or property of AtriCure, you and others; and (7) to enforce our terms and conditions.

Cross border transfers

We transfer Personal Data to, or permit access to Personal Data from, countries outside the European Economic Area (EEA). We will, in all circumstances, safeguard Personal Data as set out in this Privacy Notice.
The data protection laws of countries outside the EEA do not always offer the same level of protection for Personal Data as offered in the EEA. Where we transfer Personal Data to other countries outside the EEA, we will ensure adequate safeguards are put in place to protect the Personal Data transferred.
For service providers and third parties outside of the EEA that are not subject to an adequacy decision (article 45 GDPR) from the European Commission (read more here) we apply EU approved model clauses (article 46.2 GDPR) (read more here) or rely on the Binding Corporate Rules (article 47 GDPR) of our suppliers (read more here). If you wish to hear more about these safeguards, please contact us through the details further below.
We commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship, as well as the rights of both EU and Swiss individuals.
You can request additional information about the specific safeguards applied to the export of Personal Data from privacy@atricure.com.

Cookies

Like most websites, certain AtriCure websites may use “cookies” to help us serve you better on future visits, help you avoid having to re-enter information, and help us improve the functions of our Site. A cookie is a small file that the Site places on your computer for future identification purposes. A Cookie may contain your personal data if we are able to use it to directly or indirectly identify you.

We may use the following cookies:

  • Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling informs. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any of your personal data.
  • Performance Cookies. These allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
  • Targeting Cookies. Our website makes use of Google Analytics, as described below. If you choose not to allow these cookies you will experience less targeted advertising.

Should you choose to browse our website without using cookies, if you do not want us to be able to recognize your computer, then you can prevent cookies from being saved by disabling cookies from this website. Please note that it is possible that some features or services on our website may not fully function if cookies are disabled, as described above.

Google Analytics

Our Site makes use of the Google Analytics web service from Google, Inc. Google Analytics also utilizes cookies. Examples of the items of data collected include your operating system, your browser, your IP address, the AtriCure web page you accessed, and the time and date of your visit. The information generated by the text file about the use of the Site will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties when required to do so by law, or where such third parties process the information on Google’s behalf.

Safeguarding Your Information

Consistent with applicable laws and requirements, including the GDPR, AtriCure has put in place appropriate physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.
We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
All our staff members, contractors and third parties who will have access to Personal Data on our instructions will be bound to confidentiality and we use controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.

Our Commitment to Children’s Privacy

This Site is not intended for use by children under 16 years of age. No one under age 16 may provide any information to our Site. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Site. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please Contact Us on this Site.
This does not affect any medical information about children that may be provided by healthcare professionals in connection with product or service information requests.

Right to Unsubscribe

You have the right to unsubscribe from any services that we offer if you no longer want to participate. To do so, please Contact Us on this Site for additional information or follow the unsubscribe directions on the specific AtriCure website. Please note that if you already have requested products or services when you decide to withdraw consent, there may be a short period of time for us to update your preferences and ensure that we honour your request.

Links to Other Websites

This Notice applies to the processing of Personal Data related to the Site only. For information about other AtriCure websites, contact privacy@atricure.com. Our websites may contain links to other websites that are neither owned nor operated by AtriCure. You should carefully review the privacy policies and practices of other websites, as we cannot control and are not responsible for privacy policies or practices of third-party websites that are not ours.

Limiting collection and retention

We collect, use, disclose and otherwise process your Personal Data that is necessary for the purposes identified in this Privacy Notice or as permitted by the GDPR. If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify you of the new purpose and, where required, ask for your consent to process Personal Data for the new purposes.
Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the Personal Data was collected, and any other permissible, related purpose. For example, we retain your Personal Data for the periods necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfil your request to “unsubscribe” from further messages from us.

Your rights and our responsibilities

We strive to maintain Personal Data that is accurate, complete and current.
Under the GDPR, you have certain rights in relation to your Personal Data. These rights are described below. If you wish to exercise one these rights, please Contact Us in case of any questions. To ensure an efficient follow-up, we kindly ask you to specify your request and to indicate to which Personal Data your request relates.
You have the following rights (please be aware that certain exceptions apply to the exercise of these rights and so you may not be able to exercise these in all situations):

  • Right of access: you have the right to obtain confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to obtain a copy of the Personal Data we maintain about you.
  • Rectification: you may ask us to rectify any inaccurate Personal Data that we process.
  • Erasure: you may ask us to delete Personal Data that we no longer have a legal ground to process.
  • Restriction: you may ask us to mark certain Personal Data as restricted whilst complaints are resolved and also ask for restriction of processing under certain other circumstances.
  • Portability: You can ask us to transmit the Personal Data that you have provided to us and we still hold about you to a third party electronically.

In addition, under certain conditions, you have the right to:

  • where processing is based on consent, withdraw the consent;
  • object to any processing of personal that AtriCure justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
  • object to direct marketing at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will respond to most requests within one (1) month.
If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, we kindly ask you to first contact our Data Protection Officer using the contact details set forth below. In addition, you always have the right to complain to a supervisor authority in your Member State of habitual residence, place of work or of an alleged infringement of the GDPR. The relevant supervisory authority would likely be one of the following:

Country

Name of Regulator

Contact Information

Belgium

Commission for the Protection of Privacy

Postal Address:

Rue de la Presse 35
1000 Brussels

Telephone: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

Email: commission@privacycommission.be

Website: https://www.privacycommission.be/

France

Commission Nationale de l’Informatique et des Libertés – CNIL

Postal Address:

8 rue Vivienne, CS 30223

F-75002 Paris, Cedex 02

Telephone: +33 1 53 73 22 22

Fax: +33 1 53 73 22 00

Website: http://www.cnil.fr/

Germany

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Postal Address:

Husarenstraße 30

53117 Bonn

Telephone: +49 228 997799 0; +49 228 81995 0

Fax: +49 228 997799 550; +49 228 81995 550

Email: poststelle@bfdi.bund.de

Website: http://www.bfdi.bund.de/

Netherlands

Autoriteit Persoonsgegevens

Postal Address:

Prins Clauslaan 60

Postbus 93374

2509 AJ Den Haag

Telephone: +31 (0)70 888 85 00

Fax: +31 (0)70 888 85 01

Email: info@autoriteitpersoonsgegevens.nl

Website: https://autoriteitpersoonsgegevens.nl/

Spain

Agencia de Protección de Datos

Postal Address:

C/Jorge Juan, 6

28001 Madrid

Telephone: +34 91399 6200

Fax: +34 91455 5699

Email: internacional@agpd.es

Website: https://www.agpd.es/

United Kingdom

The Information Commissioner’s Office

Postal Address:

Water Lane, Wycliffe House

Wilmslow – Cheshire SK9 5AF

Telephone: +44 1625 545 745

Email: international.team@ico.org.uk

Website: https://ico.org.uk

In addition, we agree:

  • that we will be liable in cases of onward transfers to third parties;
  • that we will disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements;
  • that under certain conditions you may invoke binding arbitration.

Changes to This Privacy Notice

As we continue to provide additional services and as the privacy laws and regulations evolve, it may be necessary to revise or update this Notice. We encourage you to review this Notice from time to time, as you return to our website, so that you are familiar with any changes.

If you have any questions about this Privacy Notice or the practices of this website, please contact our Data Protection Officer:

Outsourced Data Protection LLP

ProDPO

71 Queen Victoria Street,

London EC4V 4AY

United Kingdom

+44 (0)20 3697 7206

www.prodpo.com

Contact Us

If you have any questions about this Privacy Notice or the practice of the Site, please Contact Us on this Site. You may also write to us at:
AtriCure Europe BV
De Entrée 260
1101 EE Amsterdam
The Netherlands