Privacy Policy

1. Introduction

Desmo Care ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (desmocare.com) or interact with our medical device products and services.

As a medical device manufacturer, we comply with the General Data Protection Regulation (GDPR), applicable medical device regulations (MDR 2017/745), FDA requirements, and other international privacy laws.

Data Controller: Desmo Care
Contact: privacy@desmocare.com

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us:

• Contact Information: Name, email address, phone number, professional title, institution/organization
• Professional Information: Healthcare professional credentials, medical specialty, practice location
• Inquiry Information: Content of your messages, support requests, product inquiries
• Registration Data: Account credentials if you register for restricted areas of our website
• Event Registration: Information collected when you register for educational events or webinars

2.2 Automatically Collected Information

• Website Usage Data: Pages visited, time spent, navigation paths, referring URLs
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: As described in our Cookie Policy
• Analytics Data: Aggregated statistics about website performance and user behavior

2.3 Medical Device-Related Information

• Product Safety Reports: Adverse event reports, product complaints, quality concerns
• Device Identification: Product serial numbers, lot numbers, catalogue numbers
• Post-Market Surveillance Data: Product performance information required by regulatory authorities

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Regulatory Compliance and Safety

• Fulfill post-market surveillance obligations under EU MDR 2017/745 and FDA regulations
• Process and report adverse events to regulatory authorities
• Conduct product vigilance and quality management activities
• Maintain medical device traceability records as required by law

3.2 Business Operations

• Respond to inquiries and provide customer support
• Process orders and manage distributor relationships
• Provide technical support and product information
• Verify healthcare professional credentials where required

3.3 Communication and Marketing

• Send product updates, safety communications, and regulatory notifications
• Provide educational materials and training resources (with consent where required)
• Send marketing communications about our products and services (with your consent)
• Invite you to participate in surveys, clinical studies, or market research (with consent)

3.4 Website Improvement

• Analyze website usage to improve user experience
• Monitor and improve website performance and security
• Develop new features and functionality

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Legal Obligation: Regulatory compliance, post-market surveillance, adverse event reporting
• Legitimate Interests: Customer support, website security, fraud prevention, business operations
• Consent: Marketing communications, non-essential cookies, optional data collection
• Contract Performance: Processing orders, fulfilling distributor agreements

5. Data Sharing and Disclosure

We may share your information with:

5.1 Regulatory Authorities

• European Competent Authorities and Notified Bodies
• U.S. Food and Drug Administration (FDA)
• Saudi Food and Drug Authority (SFDA)
• Other national regulatory agencies as required by law

5.2 Service Providers

• Website hosting and infrastructure providers
• Email service providers and communication platforms
• Analytics providers (e.g., Google Analytics)
• Customer relationship management (CRM) systems
• Payment processors (if applicable)

5.3 Business Partners

• Authorized distributors and sales representatives
• Clinical research partners (with consent)
• Professional organizations (with consent)

5.4 Legal Requirements

We may disclose information when required by law, subpoena, court order, or to protect our legal rights, prevent fraud, or ensure product safety.

6. International Data Transfers

Desmo Care operates internationally. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not have the same data protection laws.

For transfers from the EU/EEA to countries without an adequacy decision, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules where applicable
• Consent for specific transfers where appropriate

7. Your Rights

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EU/EEA Residents)

• Right of Access: Obtain confirmation of whether we process your data and receive a copy
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your data protection authority

7.2 Limitations

Your rights may be limited where we have compelling legal obligations (e.g., regulatory requirements to maintain medical device records) or legitimate grounds that override your interests.

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at: privacy@desmocare.com
We will respond to your request within one month, or inform you if we need additional time.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Medical Device Records: Retained for at least 10 years (or longer as required by regulation) after product discontinuation or last implantation
• Adverse Event Reports: Retained in accordance with regulatory requirements (typically 10+ years)
• Website Cookies: As described in our Cookie Policy
• Marketing Consent: Retained until consent is withdrawn, then archived for compliance records
• General Contact Information: Retained for 3 years after last interaction, unless longer retention is justified

9. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (HTTPS/TLS)
• Secure data storage with access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. Children's Privacy

Our website is intended for healthcare professionals and adults. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your website experience. For detailed information, please see our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or your browser settings.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will post the updated policy on this page with a revised "Last updated" date.

For material changes, we will provide prominent notice on our website or contact you directly where required by law.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

15. Supervisory Authorities

If you are located in the EU/EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.