Background Image
Biomet
One Surgeon. One Patient.
 
 

Privacy Policy

OBJECTIVE

Biomet, Inc. is committed to protecting the privacy of those who entrust us with their personal information. All Team Members throughout the world, and all those who do business with us, trust and expect that their personal information will be protected at all times.

Biomet and its entities with consistent guidance will be collecting; processing, storing, transferring, disclosing, deleting and using Employment related Employee data for employees located in the European Union. Biomet entities covered by this policy are Biomet, Inc., a USA corporation, and /or any of its affiliates or subsidiaries and legal entity employers (collectively "Biomet").

Biomet has certified to the Safe Harbor Agreement between the United States and the European Union concerning the data processed from our human resources and clinical research activities. Biomet also complies with the Safe Harbor privacy principles and Frequently Asked Questions as agreed to by the U.S. Department of Commerce and the European Community. Consistent with its commitment to protect personal privacy, Biomet adheres to the Safe Harbor Principles.

http://www.export.gov/safeharbor/index.html

SCOPE

This policy is effective November 30, 2007, as amended from time to time, and applies to all Biomet entities; employees; research subjects; research investigators and staff; customers; consumers, distributors and agents engaged in the sale and marketing of the Company’s products; investors and shareholders; consultants from various fields; medical and healthcare professionals; government officials; contractors; and other third party vendors that collect, process, record, store, transfer, discriminate, delete and/or use Personal Data on Biomet's behalf, including but not limited to Employment/Employee Data.

Employment/Employee Data means any personal information about an identified or unidentifiable individual that is received by Biomet or a third party vendor. Persons protected include job applicants, employees (including temporary, full-time and part-time), contract employees, interns, contingent workers, retirees, and former employees as well as the dependents or others whose personal data has been given to a Biomet entity by such covered persons.

This policy does not cover data rendered anonymous where individual persons are not identifiable; are identifiable only with a disproportionately large expense in time, cost of labor; or situations in which pseudonyms are used. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least considerably more difficult. If anonymous data becomes no longer anonymous (i.e., individual persons are again identifiable, this policy applies.

This Safe Harbor Privacy Policy sets forth how Biomet handles personal data transferred from countries in the European Economic Area (EEA) to the United States that are collected and/or received to manage our workforce and in clinical research activities.

DEFINITIONS

The following terms are used within this document and are defined here for clarification.

"Agent" means a third party that processes personal data solely on behalf of the Company per the Company's instructions.

"Employment/Employee Data" means any personal information about an identified or unidentifiable individual that is received by Biomet or a third party vendor. Persons protected include job applicants, employees (including temporary, full-time, and part-time), contract employees, interns, contingent workers, retirees, and former employees, as well as all dependents or others whose personal data has been given to a Biomet entity by such persons.

"Personal data" means any information or set of information that identifies or can reasonably be used to identify an individual. Personal data does not include information that is encoded or anonymized, or information that is publicly available information.

"Sensitive personal data" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, medical/health conditions, or sex life/orientation. Information as described above will also be treated as sensitive personal data when it is received from a third party.

PRIVACY PRINCIPLES

The following privacy principles apply to all data collected used and disclosed by Biomet, Inc. in conducting clinical research and human resources activities. This policy provides a standard for Biomet with respect to its protection of Employment/Employee Data and other Personal Data globally. Certain local laws may require stricter standardization. Therefore, we will handle this data in accordance with applicable laws and regulations at the place where the data is processed. Where applicable local law provides a lower level of protection of Employment/Employee Data and Personal Data than established by this Policy, then the requirements of this Policy apply. Questions about compliance with local law may be addressed to your local Human Resources Representative.

Notice - The Company will inform individuals about the purposes for which we collect and use personal data about them. How to contact us, the types of non-agent third parties whom we may share personal data, and any ways that individuals may limit the use and sharing of personal data. This notice will be provided when individuals are first asked to provide personal data or as soon thereafter as practicable.

Choice - The Company will offer an individual the opportunity to choose (opt out) whether personal data is a) shared with a non-agent third party or b) used for a purpose other than that for which the data was originally collected or subsequently authorized by the individual.

For sensitive personal data, the Company will give an individual an affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for the purpose other than those for which it was originally collected or subsequently authorized by the individual.

Access - Biomet will provide individuals with reasonable access to personal data about them and they may request the correction and/or change to personal data that they can verify is incorrect or incomplete.

Transfer to Agents - The Company will only transfer personal data to an agent where the agent has provided the assurance that they treat the data at the same level of privacy protection as is required by these principles. Should the Company become aware of an agent using or sharing personal data in a way that does not abide by these principles, the Company will take reasonable action to prevent or stop such activity.

Onward Transfer - The Company will only transfer personal data to a non-agent third party that is consistent with the notice provided to the individuals and consent from those individuals.

Information Integrity - The Company will only use and share personal data about individuals in a way that is consistent with the purposes for which the data was collected and/or authorized by those individuals. To the extent necessary, the Company will take reasonable steps to ensure that the data is accurate and complete.

Information Security - Biomet will take appropriate precaution to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Enforcement - Biomet has put processes in place to verify our ongoing adherence to these privacy principles. We encourage any individual covered by this Policy to raise any concerns that they have about the way that we process their personal data by contacting the individuals identified below and we will work to resolve them.

Security and Confidentiality

Biomet is committed to taking appropriate measures to protect Employment/Employee Data and Personal Data and takes reasonable precautions to protect against unauthorized access or disclosure. These measures include:

Data Protection (Systems): To protect against unauthorized access to Employment/Employee Data and Personal Data by third parties and/or vendors, electronic data held by Biomet is maintained on systems that are protected by secure network architecture and contain firewalls and intrusion detection devices. The servers holding this data are 'backed up' (i.e., the data are recorded on separate media) on a regular basis to avoid any inadvertent loss or destruction of data. The servers are stored at facilities with comprehensive security and fire detection and response systems. Employment/Employee Data and Personal Data held in 'backed up' systems are secured and retained consistent with this policy.

Data Protection (Access): Biomet limits access to internal systems that hold Employment/Employee Data and Personal Data to a select group of authorized users who are given access to such system using a unique identifier and password. Access to this data is limited to individuals for the purpose of performing their job duties (e.g., a compensation manager in human resources may need access to an employee's compensation data to make a recommendation, etc.). Decisions regarding access are made and approved by the Vice President of Human Resources and are assigned by a security administrator.

Employment/Employees' Rights and Responsibilities

An Employee has the right to inquire as to the nature of the Employment/Employee Data stored or processed about him or her by Biomet or a third party vendor consistent with and subject to the law of the country in which that employee is located. Employees will be provided access to their personal data as is required by law in their home countries, regardless of the location where data is stored or processed. Biomet will cooperate in providing such access either directly or through the employing entity. All such requests for access may be made to the employee's local human resources representative. If any Employment/Employee Data is inaccurate or incomplete, the employee may request that the data be amended or if necessary, blocked or erased. Local laws that provide for employees to limit use of their personal data (e.g., right to object to marketing) will also be observed.

It is every individual's responsibility to provide the Human Resources Department with accurate data about him/herself and to inform Human Resources of any changes (e.g., home address or change of name). If access or correction is denied, the reason for the denial will be communicated and a written record will be made of the request and reason for denial.

Transferring Data to Other Biomet Entities

Biomet will use the following standards when transferring Employment/Employee Data or Personal Data: Transfers to other Biomet entities will use reasonable precautions to ensure adequate protection for Employment/Employee Data and Personal Data processed or transferred between Biomet entities. The following requirements must be met before a transfer will occur:

  • The transfer of data is based on the operational business requirement for the purpose intended.
  • The receiving entity provides appropriate physical and organizational security for the data, and
  • The receiving entity ensures compliance with this Policy for the transfer of any subsequent processing of the data.
  • The transfer of data will be consistent with this Policy.
Transferring Data to Non-Biomet Entities

Biomet entities may transfer Employment/Employee Data or Personal Data to selected external third parties that have been engaged to perform certain services. These third parties may only process the data in accordance with Biomet's instructions (data processors) or make decisions (e.g., to eligibility for health, life, disability insurance, etc.) regarding the data as a part of the delivery of their services (data controllers). In either instance, Biomet will select reliable suppliers who undertake, by contract or other legally binding and permissible means, to put in place appropriate administrative, technical, and managed security measures to ensure an adequate level of protection and legal requirements of the relevant country from which the data they will receive was originally collected and processed. Such selected third parties will only receive access to this data solely for the purpose of performing the services specified in the applicable service contract. If Biomet learns that a supplier is not complying with all obligations as outlined, it will promptly take appropriate actions to remedy such non-compliance and implement necessary sanctions.

Occasionally, Biomet may also be required to disclose certain Employment/Employee Data and Personal Data to other third parties as a matter of law (e.g., to tax and social security authorities, garnishments, legal actions, etc.); to protect Biomet' legal rights (e.g., to defend a litigation suite) and in an emergency where the health of security of an individual is endangered.

Enforcement Rights and Processes

Biomet utilizes the self-assessment approach to assure its compliance with this Policy. Biomet periodically verifies that the Policy is accurate, comprehensive for the information to be intended to be covered, prominently displayed, completely implemented, and in conformance with the law.

All employees, contractors, and third party vendors who have access to Employment/Employee Data and Personal Data must comply with this Policy. In some countries, violations of data protection regulations may lead to penalties and/or claims for damages from the individuals who are adversely affected.

Failure to observe this Policy or deliberate breach of confidentiality or security in Employment/Employee Data and Personal Data may result in disciplinary action against those individuals involved and/or responsible. If at any time, an individual believes that personal data relating to him or her has been processed in violation of this Policy, he or she may report the concerns to their Human Resources Representative the Director of International Human Resources, or the Corporate Compliance Officer.

If a violation is confirmed, the exporting and importing entities will work together with any relevant parties (including cooperating with competent national data protection authorities to resolve the matter in a satisfactory manner, consistent with the provisions of this Policy.

Obligations

Audit Procedures - To further ensure enforcement of this Policy, the senior ranking Human Resources Officer will identify Employment/Employee Data and Personal Data procedures that should be audited for compliance by this Policy with the Corporate Compliance Officer.

Communication - Biomet will communicate this Policy to current and new employees by posting it on the Biomet website.

Modification - Biomet reserves the right to modify this Policy as needed to reflect changes in laws, Biomet practices and procedures, or requirements imposed by data protection authorities. The senior Human Resources Officer and the Corporate Compliance Officer must review all changes before they become effective.

Effective with the implementation of this Policy, all existing intra-group agreements addressing applicable company privacy guidelines or practices relating to the processing of Employment/Employee Data and Personal Data will be superseded by the terms of this Policy and modified accordingly.

Data Protection Authorities - Biomet employees who receive requests and/or inquires from data protection authorities about this Policy or compliance with applicable data protection and privacy laws should contact the local Biomet Human Resources Representative or Biomet's Corporate Compliance Officer to ensure Biomet responds to the request in a timely an appropriate manner. Upon request, Biomet will provide data protection authorities with the appropriate names and contact details of the relevant contact persons. With regards to Employment/Employee Data and Personal Data transferred between Biomet entities, the importing and exporting Biomet entities each (i) respect the rights of the relevant data subjects under applicable data protection laws (ii) cooperate with inquires from the data protection authority responsible for the entity exporting the data, and (iii) respect its advice or decisions, consistent with applicable law and due process rights.

How to Contact Us

Any questions or concerns regarding the use of disclosure of Employment/Employee Data or Personal Data should be directed to Biomet's Director of International Human Resources or the Vice President and Corporate Compliance Officer at the address given below. Biomet will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Employment/Employee Data and Personal Data in accordance with the principles contained in this Policy.

For complaints that cannot be resolved between Biomet and the complainant, Biomet has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.

In addition to the rights and obligations stated in this Policy or that otherwise exist, these principles established in light of Directive 95/46/EC ("European Data Protection Directive") will apply to Employment/Employee Data collected by Biomet in the European Union/European Economic Area and processed elsewhere. In jurisdictions where this policy applies, the enforcement rights and mechanisms mentioned in this Policy also apply. This Policy does not grant employees further rights or establish further obligations beyond already provided under the European Data Protection Directive.

Employment/Employee Data

Team Members and former Team Members should contact us at:

Peggy Taylor
Senior Vice President - Human Resources, Biomet, Inc.
56 E. Bell Drive
Warsaw, IN 46582
Phone: (574) 372-1601
Fax: (574) 372- 1783

Personal Data

Please contact us with any questions about the way we use personal data:

Sujata Dayal
Vice President - Chief Compliance Officer, Global Operations, Biomet Inc.
56 E. Bell Drive
Warsaw, IN 46582
Toll free Number 1-800-348-9500
Phone: (574) 372- 1936
Fax: (574) 372-1960

Amended as of December 1, 2009

© Copyright 2012 Biomet, Inc. All rights reserved.
Background Image