Last version: 04/01/2021
This Privacy Notice may be updated any time. Each Privacy Notice mentions the date of its last update. We will inform you if we make substantial changes to this Privacy Notice.
This Privacy Notice applies to http://shop.resmed.com.If you use other ResMed products and services, your relationship with us will be governed by separate privacy notices for each of them.
For the purposes of this Notice, “you” and “your” refer to the Person who uses http://shop.resmed.com, “we” and “our” refer to ResMed.
ResMed must ensure that it is compliant with the requirements laid down in the General Data Protection Regulation (GDPR) and, when necessary, with local data protection laws. Your personal data must be processed and protected in accordance with data protection regulations.
This Notice provides information on your rights and our practices in relation to privacy. Said rights and practices govern how we process your personal data.
This is the information which ResMed wishes to share with you.
- The personal data collected by ResMed and the purposes of such collection
- Those responsible for the collection and use of your personal data at ResMed
- The retention period of your personal data
- The sharing of your personal data with third parties
- The transfer of your personal data outside the EU
- Data security at ResMed
- Your rights in light of the use ResMed makes of your personal data
1.The personal data collected by ResMed and the purposes of such collection
When you subscribe to our newsletter, ResMed collects the following personal data:
- Identification data: first name, last name, and email address.
The use of said personal data is necessary to be able to send you periodic emails featuring: new products, therapy-related information, exclusive special offers, event invitations and competitions.
It is justified by the consent you are giving to ResMed by clicking on “Subscribe”.
In accordance with your communication preferences, to communicate with you via telephone, unencrypted email and text messages (SMS messages) to provide you:Newsletters and press releases, content relating to products, programs, services, or general information we believe may interest you, and relevant, timely marketing messages, ResMed collects following personal data:
- Identification data: first name, last name
- Contact details: email address, telephone number
The processing activity is justified by the consent you are giving to ResMed.
When you register an account to order our products and services, ResMed collects the following personal data:
- Identification data: gender and title, first name, surname, email address
- Financial and product information: billing and shipping address, products purchased, date of purchase and paid amount.
The processing activity is justified by the consent you are giving to ResMed by clicking on “Register”.
To respond to your requests for information or materials, and to create, develop and maintain our relationship with you, ResMed collects the following personal data :
- Identification data:first name, last name
- Contact details: address email, telephone number
The processing activity is necessary for the purpose of legitimate interests.
To provide you with products and services, including order fulfilment, customer service and technical support, ResMed collects the following personal data:
- Identification data: first name, last name, your country; your email address, your telephone number.
- Financial and product information: billing and shipping address, products purchased, date of purchase, paid amount, products returned, coupons redeemed.
- Information you may share in the “message” field of your request to customer service: identification data, professional information, private information, etc.
The use of said personal data is required for performance of the agreement between ResMed and you.
To conduct statistical analysis, surveys and market research to enhance existing and develop new products and services, including to improve our websites, ResMed collects and processes personal data such as:
- Identification data: last name, first name
- Professional data: billing and shipping address, user country, order information.
The processing activity is necessary for the purpose of legitimate interests.
To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims and acting in our role as a medical device administrator, ResMed collects the following personal data:
- Identification data: first name, last name.
- Contact detail: email address
- Administrative, legal and accounting documents
2. Those responsible for the collection and use of your personal data at ResMed
The ResMed entity responsible for your personal data is called the “Data controller”. Each ResMed entity has appointed a data protection officer (DPO) who advises and supports the data controller to ensure it protects your personal data appropriately. The Data controller of your personal data is the following ResMed entity:
ResMed Sleep Solutions Ltd having its registered office:
Quad 1, First Floor
3. The retention period of your personal data
ResMed stores your personal data (apart from data collected via cookies or like technologies) depending on the purpose of the collection:
– Contact requests: ResMed will keep your personal data for as long as necessary for the Permitted Purposes in a special folder of the ResMed’s Customer service email box before deletion;
– Emailing: ResMed will keep your personal data for a delay of 3 years’ from our last contact.
Data collected via cookies or like technologies will be stored in accordance with the periods provided for in our Cookies policy.
4. The sharing of your personal data with third parties
We do not sell or lease your personal data. We share it only as stated in this Privacy Notice, to the extent permitted under the applicable law.
We may share your personal data:
– With any ResMed entity or branch and any company held or controlled by the latter;
– If all or some of ResMed’s activity is transferred to another entity under a merger, an assignment of assets or otherwise;
– In a controlled and secure way, with third parties data processor and services providers for our emailing tool, our hosting provider, our Quality Management System, our Customer Relationship Management, services for order fulfilment, including shipment and payment, technical support services. Said processors are contractually bound to protect your personal data and to use it only to provide the services that ResMed first asked them to provide;
-If we are bound by law or;
– If it is needed for the purposes in the scope of the legal proceedings or to exercise or defend a right recognized by law.
5. The transfer of your personal data outside the EU
ResMed will favor the use of your personal data on the territory of a Member State of the European Union or of any other country which the European Commission has declared to have an adequate level of protection of personal data in light of its domestic law or ratified international conventions.
The servers that host this Website, and that are used to communicate with you via email, are located in Germany. To provide our products and services, your personal data may need to be accessed from or transferred to locations outside the jurisdiction in which you provide it. This may entail a transfer of your personal data from a location within the European Economic Area (EEA) to outside the EEA, such as the United States of America, or from outside the EEA to a location within the EEA.
ResMed highlights that said access is possible only if appropriate safeguards are implemented to ensure that the transfer is compliant with data protection regulations. Thus, we implement all appropriate safeguards (for instance, the standard contractual clauses of the European Commission) in order to ensure that any transfer of personal data to service providers outside the EU is compliant with data protection regulations.
6. Data security at ResMed
We use various security and privacy measures to protect your data and to comply with current data protection laws.
ResMed has also checked that your personal data collected on http://shop.resmed.com will be hosted in a secure hosting center in Europe by processors that were chosen with great care and which only act under ResMed’s instructions.
Despite the security measures we take, you must bear in mind that it is impossible to guarantee an absolute level of security for data sent over the Internet. If we receive confirmation that your personal data has been hacked, we will comply with the relevant legal provisions relating to notification of data breaches.
7. Your rights in light of the use ResMed makes of your personal data
You have rights over your personal data.
You may first of all exercise your right of access which includes the right to information in order to understand how ResMed processes your personal data as well as the right to instruct ResMed to provide you with a copy of the personal data that we hold.
You may also instruct us to delete the personal data that we hold in the systems described above under certain conditions; this is the right to erasure of personal data.
You may instruct us to correct your personal data if you see that it is wrong; this is your right to rectify your personal data.
In certain cases, you may instruct us to restrict how we use your personal data; this is the right to restriction of personal data processing.
You may also object to ResMed’s use of your personal data under certain conditions; this is the right to object to the processing.
You may also object to your personal data being used for marketing purposes at any time by following the opt-out instruction in each marketing email we send you.
Lastly, you have the right to instruct ResMed to transfer your personal data to you or to transfer it directly to another service provider. This is the right to portability of personal data.
For the rights which you cannot exercise yourself, please write to the ResMed data protection team at the address firstname.lastname@example.org. We will then promptly process your request to exercise rights and we will inform you in any event on any action taken following your request within a period of one month from receipt of your request.
Please note that some legal obligations may limit your request to exercise rights. In this case, we will keep you informed thereof.
If you are not happy with our response or if you notice a violation of specific local data protection laws, you have the right to file a complaint with the relevant data protection authority of your country of residence, your place of work or of the country where the violation is deemed to have been committed.