Data protection notice for events

Choose your language

Effective January 2024

Thank you for considering our invitation to attend a Cook Medical event (the “Event”). We respectfully provide this data protection notice to you to inform you about how your personal data will be collected, processed, and safeguarded by us as part of your attendance at this Event and how you can contact us to change your preferences or otherwise exercise your rights in relation to your data. This notice is provided in addition to other data protection notices such as Cook’s Data protection notice for customers. Cook employees should refer to their regional Cook employee data protection notice for any supplemental information.

Please note, where you are registering for an Event on behalf of another individual, you should bring the contents of this notice to their attention.

Data collection

Depending on the Event and our business and legal obligations, the personal data collected may include name, home or hospital address, email address, phone number, work position, bank account details (in the event of reimbursement of expenses), your feedback on the Event, and any relevant travel details (e.g., preferred travel time, airline, and/or food preferences so we can issue your travel arrangements to you). Where we do not require some of the personal data above, Cook will not request it; for example, travel details will not be collected for virtual events.

Where the Event is virtual in nature, Cook may use a web conferencing tool like Cisco Webex or similar for hosting purposes, and the following personal data may be processed when logging in: participant name (required), registration data (e.g., email address, IP address), usage information (e.g., connectivity data, geographic region, browser type, unique user ID, phone number if calling in, meeting start/end time), meeting metadata (such as participant IP address), and/or meeting recordings, including uploaded presentation material (e.g., text, audio, or video data if using the chat function or if you show your camera). The extent of the personal data processed will depend on what data you provide before or during participation. If you have specific queries about the video conferencing tool being used by Cook, please contact your Cook contact or the privacy contact in your region as outlined at the end of this notice.

Please note, if the Event is recorded, you will be notified at the outset of the Event that a recording is taking place, and if required, we will obtain your consent. Cook takes reasonable steps to ensure the personal data of participants is not included in the Event recording.

In general, we do not require you to provide any special categories of personal data (otherwise known as sensitive personal data). However, there may be circumstances where you need to provide this information in connection with your travel and participation in the Event (e.g., in relation to facilitating wheelchair access for in-person Events); we (or our travel agent, AMEX GBT) collect such information for this purpose only.

In addition, where we are required to provide notification or obtain approval on behalf of your employer/management, we may need to collect your manager’s name, email address, and relevant signatures for confirmation of your participation. In certain countries, we have legal reporting obligations on payments for healthcare professional activities, which also include physician details.

Data processing purposes

The personal data that we collect is limited to that which is necessary for these actions:

• The organization and management of the Event by our medical education and/or events teams (“Cook Teams”), and the facilitation of your registration, attendance, and participation in the Event
• The ability of our travel team and travel agent (AMEX GBT) to make the necessary travel, accommodation, and registration bookings, and for related accounting and compliance purposes, including any legal/regulatory reporting or disclosure obligations, such as those required under the Sunshine Act laws
• The arrangement by our Cook Teams for any follow-up actions deemed necessary after the Event, such as reimbursement of expenses and/or the sharing of the Event recording/presentations among participants, as well as the collection of post-Event feedback (e.g., through an optional post-Event evaluation survey)

Legal basis for collection

Depending on the circumstances, our legal bases for processing your personal data include the following:

• Where we need to perform the contract we are about to enter into, or have entered into, with you
• Our legitimate interests in the management and effective execution of our virtual and in-person Events, facilitating your attendance and travel in connection with our business needs, as necessary to comply with our legal or regulatory obligations, if you provide any special categories of personal data to us, and in some jurisdictions, including China as the case may be, our legal basis is your consent

Information shared

Cook limits access to your personal data to a need-to-know basis in connection with your travel to and attendance at the Event. Where we do share your personal data, we limit the transfer to the information that is relevant under the circumstances. For example, access to your data is given to Cook Group companies who require access for the purposes listed above or where required by law. We may also disclose your personal data to our third-party service providers (such as our travel agency, AMEX GBT), benefits providers, information technology systems providers (including our event management system provider), and web conference or videoconference service providers. Cook may also disclose to insurance companies and external advisors who are data controllers in their own right (such as accountants, auditors, and legal advisors). To the extent possible, any service providers acting as data processors who may have access to your data through Cook are required to provide written assurances to us that they will use the data only for the purpose for which they are engaged and to uphold a level of protection equivalent to that provided by Cook. We may also disclose to government authorities, law enforcement and/or judicial authorities (acting as data controllers in their own right), and to other companies in relation to corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Cook or any of its affiliates (where applicable). Cook will comply with all legal requirements and regulatory standards in respect of the provision of your personal data to any third party.

Data security

Cook has put in place appropriate technical, physical, and administrative security measures to help prevent unauthorized or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration, or damage to, the personal data that it collects. These measures are intended to ensure an appropriate level of security in relation to the risks inherent to the processing and the nature of the data to be protected and are applied in a manner consistent with applicable laws and regulations. Cook evaluates these measures on a continuing basis to help minimize risks from new security threats as they become known.

International transfers

As a global organization, Cook stores data in secure, centralized systems and uses service providers based globally. Accordingly, personal data may be stored in, accessible to, authorized to, or limited to persons located in the US and/or countries other than your country of residence. In accordance with applicable data protection laws, Cook has put in place appropriate measures to ensure an adequate level of protection for personal data and applies those measures irrespective of where the data is processed or stored. Where we transfer personal data out of the EEA/the UK and/or China or Korea and there is no adequacy decision in respect of any country to which your data is transferred, Cook adopts appropriate measures to ensure that your data is protected in accordance with the requirements of applicable privacy laws and that Cook’s data transfer obligations are met, such as by executing an agreement in the form of Standard Contractual Clauses approved by the applicable government organization.

Retention

We retain personal data in accordance with our legal obligations and for no longer than is necessary for the purposes for which it was collected. The data is then securely destroyed. When assessing the data retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Individual rights

In accordance with applicable laws, you may have rights in relation to your personal data. These include, where applicable, the right to access, correct, erase, object to the processing of, and restrict the processing of your data and the right to request the transfer of your data to another party. Certain exceptions may apply to these rights, and Cook upholds them in accordance with the regional/local requirements. You will not have to pay a fee to exercise these rights, except where your request is clearly unfounded or excessive.

Contact Information

For additional information about Cook’s privacy and security practices or to exercise your rights, kindly contact us at Privacy@CookGroup.com. Alternatively, you may email, call, or write to us at: