Cook Group Incorporated’s Website Notice of Certification Under the EU-US Data Privacy Framework


Effective March 2024

This website notice of certification to the EU-US Data Privacy Framework is intended to inform you about the specific Cook Group companies that have certified their adherence to, and comply with, one or all of the data privacy frameworks as set forth by the US Department of Commerce, with respect to the processing of personal information received from the European Union and the United Kingdom in reliance on the EU-US Data Protection Framework and the UK Extension to the EU-US Data Privacy Framework, and with respect to the processing of personal data received from Switzerland in reliance on the Swiss-US Data Privacy Framework principles.

The following Cook Group companies have certified their compliance as described:

EU-US Data Privacy Framework UK Extension to the EU-US Data Privacy Framework Swiss-US Data Privacy Framework
  • Cook MyoSite, Incorporated (Cook MyoSite), which is headquartered in Pittsburgh, Pennsylvania
  • Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
  • MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana
  • Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
  • MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana

 

  • Cook Research Incorporated (Cook Research), which is headquartered in West Lafayette, Indiana
  • MED Institute, Incorporated (MED Institute), which is headquartered in West Lafayette, Indiana

 

For ease of reference, these companies are collectively referred to as the “Cook Data Privacy Framework Companies” in this Website Notice. For additional information about these data privacy frameworks, or to view data privacy framework certifications of the Cook Data Privacy Framework Companies on file with the US Department of Commerce, please visit https://www.dataprivacyframework.gov/s/.

Scope

The Cook Data Privacy Framework Companies have filed certifications with the US Department of Commerce confirming their adherence to the data privacy framework(s) for EU and UK personal information transferred to the US, and as applicable, for Swiss personal information transferred to the US, in relation to the following types of personal information: clinical research, patients, human resources, customers, and suppliers. The Cook Data Privacy Framework Companies limit their collection, processing, and storage of that personal information to situations where they have a legitimate business interest in the information.

Third-party transfers

In certain situations, the Cook Data Privacy Framework Companies entrust personal information pertaining to EU, UK, and Swiss individuals to third-party partners who assist those companies with their business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. The third parties may include, for example, research recruitment partners; research sites; ethics committees; investigational review boards; IT security partners; auditors; health authorities; business partners assisting with patient data such as in relation to patient registries, signal detection, adverse event reporting, quality improvement, custom device manufacturing and regulatory oversight; organizations assisting with recruitment or human resource activities relating to active or retired personnel, such as those assisting with job applicant websites, immigration, pensions, or other benefits; those assisting in the customer context, such as medical professionals and their staff members who interact with the Cook Data Privacy Framework Companies in relation to the medical devices that Cook Group develops; and those assisting in the supplier context, such as third parties that provide equipment, services, or other materials to the Cook Data Privacy Framework Companies in connection with their business activities. The Cook Data Privacy Framework Companies take steps to ensure that the third parties entrusted with personal information uphold an equivalent level of protection for the data to that required under the data privacy frameworks. The Cook Data Privacy Framework Companies also understand that they can be held responsible if their business partners entrusted with EU, UK, and Swiss personal information violate those obligations.

Disputes

In compliance with the data privacy frameworks’ principles, the Cook Data Privacy Framework Companies commit to resolve complaints about their collection or use of personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding the data privacy framework policies or practices should first contact us at:

EU
Email DataProtectionEurope@CookMedical.com
Phone +353 61 334440 to speak with the company’s
EU Data Protection Officer
EU Mail
Address
Cook Ireland Ltd.
Attn: EU Data Protection Officer
O’Halloran Road
National Technological Park
Castletroy, Limerick, Ireland
US
Email Privacy@CookGroup.com
Phone 812.331.1025 to speak with the company’s
Chief Privacy Officer
US Mail
Address
Cook Group Incorporated
Attn: Chief Privacy Officer
P.O. Box 1608
Bloomington, Indiana 47402-1608 USA

In accordance with its data privacy framework(s) commitments, the Cook Data Privacy Framework Companies have adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information within forty-five (45) days of receipt.

Third-party dispute resolution

The Cook Data Privacy Framework Companies have committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved data privacy framework complaints for all types of EU, UK, and SW personal information encompassed within the Data Privacy Framework certification of the Cook Data Privacy Framework Companies. If you do not receive timely acknowledgement of your complaint from the relevant Cook Data Privacy Framework Company, or if the company has not addressed your complaint to your satisfaction, you have the right to contact the EU, UK, and SW supervisory authorities for more information or to file a complaint. The services of EU, UK, and SW supervisory authorities are provided at no cost to you.

Regulatory oversight and enforcement

The Cook Data Privacy Framework Companies are also subject to investigatory and enforcement authority of the US, EU, UK, and Swiss agencies who oversee the data privacy frameworks, namely the US Federal Trade Commission and the relevant European supervisory authorities. Individuals also have a right to file a complaint with those oversight agencies, particularly if they believe their complaint was not satisfactorily resolved through the company.

Right to binding arbitration

Under limited circumstances and in accordance with the data privacy frameworks, EU, UK, and Swiss individuals may be able to invoke binding arbitration before a Data Privacy Framework Panel. Cook is obligated to arbitrate claims and follow the terms as set forth in Annex I of the Data Privacy Framework Principles, provided that an individual has invoked binding arbitration by delivering notice to Cook and following the procedures and subject to conditions set forth in Annex I of the Principles.

Rights of Individuals to Access Their Data: EU individuals have the right to access personal information about them, and to limit the use and disclosure of their personal information. The Cook Data Privacy Framework Companies have committed to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact DataProtectionEurope@CookMedical.com or call +353 61 334440 to speak with our Data Protection Officer. You may also write to us at: Cook Ireland Ltd., O’Halloran Road, National Technological Park, Castletroy, Limerick, Ireland. Please note that there are certain limitations on these rights, as described in the data privacy frameworks.

Regulatory enforcement requests

The Cook Data Privacy Framework Companies are required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements. Also, Cook is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).

Conflicts

If there is any conflict between the terms in this privacy statement and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.