Privacy policy

Last updated: March 2025

This privacy notice tells you what to expect when Medtronic collects information about you ("personal data") in connection with the activities described below, including when you set up a Touch Surgery™ account, and when you visit Touch Surgery™ websites or mobile applications.

Unless set out otherwise below, the Medtronic company responsible for processing your personal data is Digital Surgery Limited, with an address at 230 City Road, EC1V 2QY, London, UK, or the Medtronic company that you interact with (together, "Medtronic", "we" or "us").

In this privacy notice, we'll tell you what personal data we collect about you, how we use that information, with whom we share it, what rights you have regarding your information, and how to contact us to exercise these rights.

This privacy notice does not apply when you have been notified that an alternative notice applies (for example on other Medtronic websites) or where Medtronic processes patient personal data on behalf of medical institutions in connection with medical treatment.

This section explains, for each situation, what personal data we may collect, how we use that information, and what is our lawful basis for doing so. Click on the links below to learn more.

Touch Surgery™ account creation and management

Using Our Services

Contacting Our Customer and Support Services

Participating in Our Events, Interviews or Surveys

Interacting on Social Media with or about Medtronic

Marketing

Ensuring Compliance and Defending Legal Rights

You may wish to create an online Touch Surgery™ account to access services we offer as part of the Touch Surgery™ ecosystem.

When you create a Touch Surgery™ account, the types of personal data we collect or process about you include:

We will use your data in order to create and manage your account, including to authenticate you, ensure account security, and, where applicable, to confirm your status as a clinical professional to ensure access to our products and services is by the professionals they are intended for. We will do so based on a contractual relationship we have with you or to take pre-contractual steps at your request, or otherwise based on our legitimate interests to manage customer relationships and ensure the security of TouchSurgery™ accounts.

We may further use your account information, together with the information collected through our products or services, to communicate with you and provide you with the products and services you requested, unless you have been notified that an alternative notice applies to such use.

When you access the TouchSurgery™ ecosystem services, we may collect and use your personal data to provide and improve such services.

We collect certain information regarding your use of our services that is associated with your Touch Surgery™ account. This information may include traffic and usage data that is used for purposes of troubleshooting, testing, system maintenance, and support, and information about your geography to ensure you can access relevant content, based on where you are. We may also collect certain information to provide and improve the services. For example, when you access simulations or the video library on the Touch Surgery™ ecosystem, we will collect data analytics and insights based on your actions, reports generated and activities when using our services. When you use our Live Stream connectivity platform we may collect aggregate level data on usage and metrics for billing and quality management purposes. We may also use information from reporting or dashboard functionality (e.g. post-operative insights) to provide you with tailored learning pathways and to further improve our services. If you choose to submit videos to our video library for purposes of sharing best practice with other users, we may use your name, credentials and other relevant information about you associated with such video, to attribute the video to you. Your personal data (such as your credentials, contact information and/or preferences) will also be made available across the Touch Surgery™ ecosystem services you use, in order to facilitate and personalize your customer journey with Medtronic, where relevant.

We will use your data as needed to fulfill our contract to provide you with services and based on our legitimate interests to optimize our services, including by providing you with a tailored learning pathway and relevant information about our products and services, and supporting you in analyzing your performance data.

If you're a patient, your medical institution (i.e. treating hospital or clinic) is responsible for deciding how they use Touch Surgery™ products and services to process your information (such as when a surgical video is linked to your patient record). In such instance, we will use this information on behalf of your medical institution in order to provide the services they request and your data is subject to your medical institution's own data policies and privacy notice. You may contact them directly for further information in this regard.

In certain circumstances, Medtronic may further use data obtained as part of the services provided to your medical institution, with their authorization, in a de-identified, aggregated or otherwise anonymized manner. For more information on such secondary use of data by Medtronic, please see the relevant section of your country's privacy notice on medtronic.com.

When you visit our websites or apps, we may collect certain information by automated means, including cookies and similar technologies, such as Flash cookies, local storage, web beacons and pixels, JavaScript, software development kits (SDKs) and device identifiers.

The information collected in this manner may include your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, web browser characteristics, language preferences, your interactions with our site or app (such as the pages you visit, links you click and features you use, dates and times of access to our site/app, the pages that led or referred you to our site), and other information about your use of our site or app.

Cookies and similar technologies ("Cookies") are used by us for several reasons. Cookies are sometimes necessary for our sites or apps to operate correctly and secure log-ins to work properly. Cookies allow us to count the visitors to our sites/apps and learn how they use our sites/apps and their features, enabling us to continually improve the visitor's experience. Cookies may also allow us to provide you with enhanced features, such as video content and chat functionality, and show you targeted ads on other sites or social media channels. Depending on your location, some Cookies may require your consent. Click here to know more about our use of Cookies and how to manage your Cookie settings and preferences.

You may make an inquiry, require assistance or support by contacting our customer service or support team by phone, email or other available customer support tools.

If you contact our customer and support services to make an inquiry or request support, the types of personal data we collect or process about you include:

We will use your data to respond to you, provide you with required support, and follow up on your request, including, where applicable, ensuring compliance with our regulatory obligations and establishing, exercising or defending ourselves from legal claims. We may also keep a record of the communications we have with you for evidentiary purposes and to train our personnel and improve the quality of our services. If you call us, you will be notified at the beginning of the call whether our conversation will be recorded.

We will use your data for the above reasons based on the following bases:

Please note that, in some circumstances, we may use your data to provide technical support on behalf of and in the name of your medical institution or healthcare professional. This is the case if the Medtronic product or service you use was provided to your medical institution or healthcare professional, as part of the services Medtronic provides to them. If that product or service requires technical support, we'll use your data as directed by your medical institution and/or healthcare professional, as part of your medical treatment. Please contact your medical institution or healthcare professional to learn more on their use of your data for the provision of medical treatment or care.

You may wish to participate in one of our events (such as workshops, meetings, webinars or live broadcast events). Such events may be physical in-person, or virtual (such as when we organize a virtual event via our Live Stream functionality). We may ask you to share your story, provide testimonial or take part in an interview about your experience with a Medtronic product. In this case, we'll need to process some personal data about you, as described below.

If you're a healthcare professional attending our events or receiving or benefitting from Medtronic consultancy, training and education services, or if you provide such services to us, please read the Medtronic Privacy Notice for Education Services to learn more on the use of your data in relation to those services.

You may attend another type of event or provide a testimonial or take part in an interview about your experience with a Medtronic product.

If you participate in one of our events, testimonials or interviews, the types of personal data we collect or process about you include:

We will use your data to organize and facilitate the event/interview, and conduct Medtronic's educational, promotional and advertising activities. We will do so with your (explicit) consent, where required by applicable law (e.g., if the event is recorded and/or we collect sensitive information such as your health data), or as otherwise necessary for the purposes of Medtronic's legitimate interests in promoting and supporting Medtronic activities.

The Medtronic entity responsible for processing your data for the above purposes is the Medtronic affiliate organizing the event/interview (in practice, the Medtronic business entity of the country where the event takes place).

From time to time, we may invite you to participate in a Medtronic survey to gather your feedback to help us determine customer satisfaction levels, identify areas of potential improvement or to carry out market research.

The Medtronic entity responsible for the processing of your personal data for the above purposes is the Medtronic entity that sends you the survey, or the entity indicated in the survey questionnaire or notice provided to you at the time of data collection.

To the extent possible, we will gather your feedback in an anonymous manner. In some cases however, the survey may gather identifiable respondent information. In such instance, the types of the personal data we collect or process about you include:

We will use your personal data to conduct the survey, including to send it to you, allow you to submit your survey responses, prevent survey fraud, analyze the survey results, and improve or develop our products and services accordingly, based on our legitimate interests to do so or with your consent, where required by applicable law.

You may send us a private or direct message via social media, or you may communicate about us or Medtronic products on social media (e.g., if you participate in our online communities, share a comment about a Medtronic product or if you tag Medtronic in your post).

If you interact on social media with or about us, the types of personal data we collect or process about you include:

We will use your data to review or respond to your message or comments, and where applicable, to provide you with the required support and take any necessary follow-up actions. If you communicate about us or our products, we will also use your data to gain a general understanding of what people are saying about us and our products. We'll do so based on our legitimate interests, in particular in improving our products and services.

We may share relevant information and updates about our products and services, either via direct communication with you, or by using online advertisements.

When we communicate with you directly to promote our product and service offerings (e.g. by email or phone), we will use your personal data to do so.

The types of personal data we collect or process about you to send you such communications include:

We use such information to tailor our communications to your specific interests and preferred method of communication, to avoid sending you communications that are not of interest or for which you have not consented, and to follow up with you on the subjects that appear to be most relevant and useful for you. To this end, we may organize the data we collect into interest-based groups.

We will ask you to "opt-in" or consent to the use of your personal data for the purposes of such communications, where required by applicable laws. You can decide at any time to stop such communications by using the opt-out procedure provided in the relevant message (e.g., clicking the unsubscribe link in our promotional emails), or alternatively by contacting us as specified in the How to contact us? section below. If permitted by applicable law, we may rely on our legitimate interests to carry out some of the activities mentioned above.

Please note that if you choose to no longer receive promotional messages from us, we may still continue to send you relevant information for other lawful purposes, such as to administer any account or contract you may have with us, send you communications of an operational nature (e.g., planned outage or updates), respond to your requests and as required by law (e.g. in case of a product recall).

The Medtronic entity responsible for processing your data for the above purposes is the Medtronic affiliate contacting you (in practice, the Medtronic business entity of the country or region where you are located).

From time to time you may come across Medtronic ads online, including on social media platforms. Such ads are often presented to you based on your perceived interests, as gathered from your activities on social media or browsing the internet.

Online advertising may be based on your search terms (in the case of ads on search engines) or user information on online platforms (such as the email address associated with your social media account, the country or professional interests selected on a social media platform).

In some instances, we will use your email address to show ads for our products and services on social media platforms. To do so, we will provide your email address, in a hashed or other secure manner, to the social media platform. The social media platform will then match your email address with the personal data (such as email addresses) you provided to them, and use that information to show you, or other platform users, a particular Medtronic ad. For more information on how social media platforms use your data, please refer to their privacy notices.

We may also place on our websites or apps advertising cookies or similar technologies that are made available by social media platforms or other third parties.

If you visit our websites or apps and accept those advertising cookies and similar technologies, where required by law, then the information they collect (such as device identifiers and information on the pages visited) may also be used to display relevant ads for our products and our services on the social media platform or third party's site, and create interest-based profiles for advertising purposes.Often Medtronic itself will not actually receive identifiable data about you when such ads are displayed, but we may be able to further tailor our advertising to you depending on what ads you have already seen, and we can receive aggregated statistics on how many ads have been viewed and clicked on, etc.

We will rely on your consent for the use of your data for online advertising purposes (e.g. when you accept advertising cookies), or otherwise on our legitimate interest to do so where legally permissible. You should be able to configure your cookie settings on websites that use tracking cookies for advertising purposes. For more information on how Medtronic uses cookies, and how to configure your preferences on Medtronic websites, please see our Cookie Policy

The Medtronic entity responsible for processing your information for the above purposes is the entity placing the advertisement (i.e. the Medtronic business entity in your country or region). For advertising on social media and other platforms, the platform provider itself will also have responsibility for how the advertising on its platform works. Please refer to the policies, privacy controls, and notices on the platform itself for more information on how advertising may be displayed to you, and your choices in this regard.

In some circumstances, we are obliged to process personal data to comply with applicable legal requirements and our policies, to perform auditing and other internal functions, or for litigation and dispute resolution purposes.

When this is the case, the types of personal data we collect or process about you include your identification and contact information, and any other information as is necessary and relevant to the particular case, e.g., in the event of an (internal) audit, information contained in documents and materials audited, or in the event of litigation, information gathered in the evidence necessary for the litigation.

We will use your information - in an anonymized, de-identified or redacted form, where appropriate - in order to:

Only duly authorized Medtronic personnel will have access to your personal data as needed to perform their job duties. In addition, we may share your personal data with third parties for the purposes described in this privacy notice.

We may share your personal data with:

§ Medtronic affiliated companies: given the corporate structure of Medtronic, your personal data may be shared with other affiliates within the Medtronic group;

§ Service Providers: we may share personal data with relevant third-party service providers, who act on our behalf to fulfil the activities noted in this privacy notice, including providers of: IT services, communication tools (such as chat functionality, email automation and livestreaming functionality), customer relationship management systems, survey tools or platforms, event organization management tools, and cloud hosting service providers.

§ Business Partners and Other Specialists: Medtronic may also share personal data with external organizations with which it has partnered (such as research partners and as part of co-branding initiatives), and with external specialists or professional advisors within a particular field (such as lawyers, consultants, tax advisors, auditors, specialist delivery providers, banks, payment service providers, and benchmarking agencies).

§ Parties to a corporate transaction: We also reserve the right to share your personal data in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).

§ Public Authorities and Others for Legal Reasons: In addition, we may disclose your personal data with other parties, including public and judicial authorities, (1) if we believe we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement or regulatory authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; or (5) in connection with an investigation of suspected or actual illegal activity.

§ Others, per your request: With your permission, we may share your personal data with other parties you choose, such as other enrolled users.

In some cases, Medtronic may transmit, or store personal data collected with affiliates, vendors, or sites in other countries. We will only transfer personal data as allowed by applicable law to further the purposes set out in this document. Where personal data is transferred to another country, we take administrative and technical measures to ensure adequate safeguards and protections are applied as provided for by applicable law. In cases where personal data is transmitted to other countries, we will ensure that safeguards equivalent to those required by applicable data protection laws are in place (such as the European Commission's Standard Contractual Clauses). For more information on the safeguards implemented by Medtronic, please contact us as specified in the How to Contact Us section below.

We will keep your personal data for so long as necessary to fulfill the purposes for which we are allowed to use them, as set out in this privacy notice. Your data may be kept longer in order to take into account applicable statute of limitation periods, or as otherwise required by law. For more information on the retention of your personal data, please contact us as indicated in the How to Contact Us section below.

You may have certain rights in relation to the personal data we process about you, depending on the reason for which we process your data or the lawful basis we rely on to do so. To the extent provided by applicable law, you can:

If you wish to exercise your rights, please contact us as specified in the How to Contact Us section below. In certain cases, we may ask you to confirm your identity before we can process your request.

Depending on your location, you may have the right to file a complaint with a data protection authority, in particular in the country of your habitual residence, if you are not satisfied with our response.

If you are within the United States, you may have certain choices regarding our use and disclosure of your personal information, as described below, depending on your state of residence and the data involved. For a complete description of our privacy practices, including data retention policies, data subject request and rights information, and data practices over the past twelve months, please see https://www.medtronic.com/us-en/privacy-statement.html

HIPAA and Protected Health Information. This privacy notice does not apply to our data processing activities and practices for Protected Health Information, which is regulated under the Health Insurance Portability and Accountability Act of 1996. In those cases, you may have received a Notice of Privacy Practices from Medtronic or your health care provider which will govern that data use.

Deidentifying data under HIPAA. Where we operate under HIPAA (the Health Insurance Portability and Accountability Act of 1996) as a Covered Entity or Business Associate, we may deidentify data under HIPAA's Privacy Rule using either the "Safe Harbor" method (which calls for the removal of a set list of identifiers) or the "Expert Determination" method (which calls for an independent expert to use statistical analysis to determine if a particular data set is reasonably identifiable). This data will be "deidentified data" as well.

Covered data practices disclosure. For the scope of the activities covered by this privacy notice, Medtronic does not sell your personal data, disclose it to data brokers, nor disclose to unrelated third parties for their own direct marketing purposes. Except as stated in our cookie policy, we do not share your data for cross-contextual retargeted marketing purposes.

If you want to exercise any of your data protection rights, please contact our

We might ask you to give us information that helps us confirm you are who you say you are. This is to ensure we keep yours and our other users' personal data safe. We will, however, make sure that we don't collect data for identity verification unless we really need to for security reasons.

Medtronic's Data Protection Officer may be contacted at [email protected]

This privacy notice may be updated periodically to reflect changes in our personal data practices. We will indicate at the top of the privacy notice when it was most recently updated.