Joint Privacy Notice
Joint Privacy Notice
Medhold Medical and Intuitive Surgical Sàrl
Joint Privacy Notice
Effective Date: April 2024
This is a Joint Privacy Notice (“Notice”) by [Medhold Medical] (“Distributor”), and Intuitive Surgical Sàrl
and its affiliated companies (collectively, “Intuitive”); (Intuitive and Distributor may be collectively
referred to as “we”, “our”). This Notice applies to Personal Data that is jointly collected and processed
by Distributor and Intuitive in relation to Intuitive Technology, including sales, marketing, maintenance
and services (“Joint Scope”).
Intuitive manufactures computer-enhanced medical technology, including the da Vinci Surgical
technology and other innovative, minimally invasive robotic-assisted technology (collectively,
“Technology”). Distributor is a distributor of medical devices, including Intuitive Technology.
For the purposes of this Notice, “Personal Data” means any information relating to an identified or
identifiable natural person as defined by the European General Data Protection Regulation (“GDPR”)
and any other applicable data privacy and data protection laws. The joint mission and focus of
Distributor and Intuitive is to operate transparently, in a way that protects the rights and preserves the
trust of everybody whose Personal Data is collected or used by Distributor or Intuitive.
Personal Data covered by this Notice is generally collected for the legitimate business interests of
Distributor and/or Intuitive, or it may sometimes be collected based on a contract with you or with your
consent. Distributor and Intuitive may additionally provide individual privacy notices for selected
services that use Personal Data. If you are a user of such services, please refer to such service specific
privacy notices for additional details.
With this objective, the general use and collection of Personal Data by Distributor and Intuitive is guided
by the following “principles”:
• We comply with all applicable data privacy laws and regulations
• We do not sell your Personal Data to anyone
• We store data with industry-standard information technology and cloud services, following
industry standard practices to maintain confidentiality, integrity and availability.
Contact Details
Distributor and Intuitive are both joint controllers of your Personal Data.
For Distributor:
Principal locations:
• 68 Rigger Road, Spartan, Kempton Park, Gauteng, South Africa
To exercise your rights, to obtain details of our data transfer safeguards, or for any other
questions related to Personal Data, you may contact Distributor’s General Manager emailing
g.maritz@medhold.co.za , alternatively l.selloane@medhold.co.za When necessary,
Distributor may request identifying information from you to confirm your identity. Distributor
will respond to requests in accordance with the applicable data protection law.
For Intuitive:
• Intuitive Surgical Sárl, 1 Chemin des Mûriers, 1170 Aubonne, Switzerland
You may find additional contact information here:
https://www.intuitivesurgical.com/company/locations-representation/
To exercise your rights, to obtain details of our data transfer safeguards, or for any other
questions related to Personal Data, you may contact Intuitive’s Data Privacy Officer by emailing
data.privacy@intusurg.com. When necessary, Intuitive may request identifying information
from you to confirm your identity. Intuitive will respond to requests in accordance with the
applicable data protection law.
Collection and Use of Personal Data
Intuitive Website Users
If you complete web forms on Intuitive websites, on the basis of your express consent or our legitimate
interest to manage customer relationships, Intuitive may collect the following information:
Personal identification data like name, contact details, time zone and preferred language.
Professional data like title, role, employer, professional specialty, professional interests
and identification number.
And any other information that you choose to provide to us
Intuitive may use the Personal Data of Intuitive website users for purposes including:
Creating aggregated statistics on website usage
Responding to your requests you have submitted through our website
Providing you information about our current and future products and services
Conducting market research
Improving our products or services
Providing a general resource for our research and business development
As necessary for network and information security, fraud prevention, reporting suspected
criminal acts, and for ensuring compliance with the applicable laws and regulations
Third Party Representatives
Within the Joint Scope, if you are an employee, director, officer, agent, consultant, advisor
(“Representative”) of Distributor’s or Intuitive’s customers, suppliers, service providers, consultants,
distributors, regulatory agencies and others (“Third Party”) with a professional relationship or an
interest related to Intuitive’s or related products or services, we typically collect the following type of
Personal Data:
Identification data like name, phone number, email address and postal address
Professional data like employer, work contact information and job title
In addition, depending on your relationship with Distributor or Intuitive, we may also collect other
information from you, such as:
Identification data like date of birth and passport number
Personal characteristics like travel and meal preferences
(For example, to allow for travel and catering arrangements for events)
Professional data like resume, professional memberships, training and travel records
Financial data like compensation and bank account details
(For example, to allow payment for speaking engagements, consulting or other services
provided)
Recordings like pictures, audio or video
Profiling data like professional interests
Any other information you choose to provide to us
The purposes for which we may process Personal Data and the legal bases on which we may perform
such processing are:
Legal basis for processing Purposes of processing
Legitimate interests to manage
our business, including
research, development, sales,
training, education, marketing
and support for products and
services.
Relationship and contract management with customer
entities
Sales, order fulfilment, distribution and invoicing of
products and services with customer entities
Purchasing products and services from vendors
Coordinating support and preventative maintenance of our
products
Coordinating travel, site visits and other events
Evaluating and coordinating clinical trials and related
studies and projects
Customer efficiency, cost saving, process and program
performance
Improving our products, services and processes e.g.
compensation analysis, budgeting, planning, market
research and analysis, surveys, providing performance
information, sponsored agreements
Network security
Providing a resource for our research and business
development.
Consent Marketing and providing information about our products
and services
Coordinating travel, site visits and other events
Contract Contracting for services with healthcare professionals or
other individuals
Employee training
Coordinating travel, site visits and other events
Evaluating and coordinating clinical trials and related
studies and projects
Legal obligation Complaints handling
Evaluating and coordinating clinical trials and related
studies and projects
Ensuring compliance with applicable laws and regulations,
e.g. legal advice, negotiation, fraud prevention and
healthcare compliance
Users of Intuitive Technology
In addition, within the Joint Scope, while being a Third Party Representative, you may also be a User of
Intuitive Technology if you are a surgeon, hospital resident or fellow, medical student, proctor or
otherwise use, have used, or may use medical devices manufactured by Intuitive. From Users of Intuitive
Technology we may collect:
Professional data relevant to the use of our products like professional experience, training
related to Intuitive technology, and procedure related information
Ergonomic and other user-defined system settings that are associated with a user-defined
identifier
Additional purposes for which we may process Personal Data of Users of Intuitive Technology and the
legal basis on which we may perform such processing are:
Legal basis Purposes of processing
Legitimate interests to manage
our business, including
research, development, sales,
Learning and professional education: course enrollments,
training recommendations and management
Proctoring, speaking engagements and consultancy related
training, education, marketing
and support for products and
services.
interactions
Procedure reporting
Legal obligation Sharing certain personal information with funders for
reimbursement purposes
Personal Data transfers and third party access
We may share Personal Data with affiliates of Distributor or of Intuitive. If we transfer your data to
another data controller, for example, when signing you up for a training provided by a third party
training center, we do that only with your permission. We may also use service providers to process
Personal Data on our behalf, for example to provide hosting, communications and logistics services,
market research and surveys, database and analytics services, as well as training centers, affiliates
within the Intuitive group of companies, attorneys, accountants and banks.
We may be required to disclose, and may disclose Personal Data in response to lawful requests as part
of a legal proceeding or by public authorities.
Your Personal Data may be transferred to countries where the local legislation provides a different level
of protection, including the United States, for your Personal Data and rights. If that is the case, we use
appropriate safeguards like Standard Contractual Clauses approved by the European Commission.
Further information about our data transfers and the safeguards in place can be requested from our
Data Privacy Officers at the contact addresses listed above.
Data Retention
Within the Joint Scope, we keep your Personal Data as long as needed to guarantee our commitments
related to Intuitive Technology and related services, and to maintain the professional relationship over
time. We may keep your Personal Data longer if required by applicable law or where we have a
legitimate and lawful purpose to do so.
Your Rights
As provided by applicable data protection laws, you may exercise the following rights:
Right of access
Right of rectification
Right of erasure
Right to restriction of processing
Right to object to processing
Right of data portability
If data processing is based on your consent, you may withdraw your consent at any time. Withdrawal of
your consent will not affect the lawfulness of processing done before the withdrawal.
To exercise your rights, you may contact Distributor’s General Manager at g.maritz@medhold.co.za
alternately l.selloane@medhold.co.za or Intuitive’s Data Protection Officer at
data.privacy@intusurg.com.
If you believe your Personal Data has been processed in violation of an applicable data protection law,
you have the right to lodge a complaint with the relevant data protection authority: Information
Regulator South Africa, 27 Stiemens St, Braamfontein, Pretoria, 0001, South Africa.
POPIAComplaints@inforegulator.org.za
Intuitive is registered in the European Union with the French data protection authority (Commission
nationale de l'informatique et des libertés; CNIL). You may find CNIL’s contact information at
https://www.cnil.fr/en/contact-cnil.
Automated Decision Making
We do not use the Personal Data described herein for automated decision-making, including profiling,
that produces legal effects or similarly significantly affects you.
No Requirement to Provide Data
You are not required to provide your Personal Data to us, except, for example when necessary to
perform a contract. Some information may be provided by you, your employer or associated hospital
under a contract with us. However, not providing some of the information may impact the ability to
support your or your employer/hospital’s use of certain product features or functionality, including the
use of relevant training materials or metrics.
How We Protect Your Data
The security and confidentiality of your Personal Data is important to us. We store Personal Data with
industry-standard information technology and cloud services, following industry standard practices to
maintain confidentiality, integrity and availability.
Changes to This Notice
If anything changes, we will update this Notice and the Notice Effective Date.