Skip to content
Open navigation

Privacy Statement

Privacy Statement

Introduction

Last modified 27.10.2023

We at LAERDAL (collectively referred to as “LAERDAL”, “Laerdal”, “we”, “us”, “our”) take your privacy seriously. This Privacy Statement describes how we collect, store, use, disclose and process your personal information. This statement describes the purposes for which personal information is collected, parties with whom we may share it, and measures we take to protect your personal information. It also elaborates on your rights and choices with respect to your personal information, and how you can contact us to exercise your rights and learn more about our privacy practices.

This Privacy Statement is issued on behalf of the Laerdal group of companies so when we mention Laerdal we are referring to the relevant company in the Laerdal group of companies responsible for processing your personal information.  The relevant controller of your personal data is listed in the link at the beginning of this paragraph. If you require further information about which entity is the controller of your personal information, then please contact us using the information given in the “How to contact us” section below. Laerdal Medical AS is the controller responsible for Laerdal.com and the Forum portal for suppliers.

The Privacy Statement covers all personal information processing arising from your interaction with us either in-person, online or offline, and includes the following instances:

  • When you visit or use this or any other website maintained by Laerdal (referred to as “Website” or “Websites”); or
  • When you use any Laerdal product, service, application or programme including any trial where we act as a controller of your personal information (collectively referred to as “Services”). This does not include those services, applications or programs that you use at the direction of your employer, training establishment or other third party; or
  • When you meet in person or on-line with any of our employees or representatives; or
  • When you register for, attend or take part in our events, webinars, and programs; or
  • When you communicate with us by telephone, fax, post, email or through a live-chat function; or
  • When you interact with our branded social media pages and ads; or
  • When you participate in surveys, research or other similar information collection activities facilitated by us; or
  • When you visit Laerdal offices and premises; or
  • When you register on our online portals for supplier management or recruitment.

Please note that this Privacy Statement does not apply to the extent we process personal information in the role of a processor on behalf of our customers (e.g., during the provision of services that our customers provide to their end users; during personal information processing done by us on behalf of our customers). If you are an end user of a Laerdal customer, please consult our customer’s privacy notices and policies to learn how they handle your personal information.

It is important that you read this Privacy Statement together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we use your data. Some products and services have specific privacy notices that apply to their processing. This Privacy Statement supplements other provided notices and is not intended to override them. Our privacy practices vary based on the countries we operate in, to comply with local practices and legal requirements. Such variations in processing from the information in this Privacy Statement will be set out in those more specific privacy notices.

This Website and Services are not intended for children under the age of 18 and we do not knowingly collect personal information relating to children through Websites and Services.

1. Types of Personal Information We Collect

The terms “personal data” and “personal information” are generally used interchangeably to talk about a vast range of information. Privacy and data protection laws define these concepts in different ways and thereby by “personal information” we mean any information that relates to an identified or an identifiable, living individual (“personal information”).

The personal information we collect depends on the context of your interaction with Laerdal and can include:

  • Identity data including first and last name, username, title.
  • Contact data including email address, postal address (billing or delivery), employer or organization details, phone number and other similar contact data.
  • Recruitment data such as CV, application, references, interview notes, background checks and other information.
  • Profile data including username and credentials such as passwords, password hints and other similar information for authentication and account access, purchases or orders made by you, feedback and survey responses, browsing history, search history and your interaction with our websites and advertisements including responses sent to us.
  • Usage data including information about how you use our websites or Services.
  • Demographic data such as location, country and preferred language.
  • Payment data such as your bank account details, credit card or other bank card number.
  • Transaction data such as details about payments to and from you and other details of products or services you have bought from us.
  • Network and Technical data including internet protocol (IP) addresses, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Websites or Services, including our Websites or Services performance and error data.
  • Marketing and communication data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Company or Organization data such as the name, size and location of the company or organization you work for and your role within that company or organization.
  • Call recording or chat transcript data from sales and customer support calls and live chat sessions.
  • Videos of CPR training and CPR performance data collected by the Team Reporter App.
  • Performance records (if relevant) your employer or your organization’s name, hire date, department and job title; details of any training or performance records and levels of competence obtained through your use of the Services and details of your access to and use of the Services. See the IMPORTANT NOTE in the grey box below.

We may aggregate or otherwise de-identify your personal information, so that we can use it for our own statistical, analytical or benchmarking purposes. We do this in order to better understand how users interact with our Websites, or to understand and evaluate how our products are used, so that we can make evidence-based improvements to them. The de-identified information that we use for these purposes cannot be used directly or indirectly to reveal your identity.

2. When We Collect Your Personal Information

Information we may collect from you

When you use the Websites or contact us in any way: You can give us information about yourself by filling in forms on our Websites or by corresponding with us by phone, email, fax, live chat or in person at our offices or at events, seminars, conferences or otherwise. This includes information you provide when you submit documentation to us, register to use our Websites, enquire about or purchase our Services, subscribe to our Services, make a purchase, interact with our personnel, report a problem on our Websites or when you provide feedback. If you contact us through the Websites, we will keep a record of our correspondence.

When you use the Services: We receive and store information that you directly provide to us through your use of Services including any personal information that you provide to us when you register for the first time as a user of our Services. Please see the IMPORTANT NOTE in the grey box below.

When you apply for a job with us: We will use your personal information to process your job application. Please note that this Privacy Statement only describes how we handle your information during the recruitment period and ceases to apply after you become employed by us (if successful). This Privacy Statement does not apply to Laerdal employees in the context of their employment.

When you register as a supplier or a potential supplier: We may collect personal information from individuals working for our current or potential suppliers.

When you visit our premises: We may collect personal information about individuals that register or visit our office and other premises. Personal information is usually collected via a registration form as well as surveillance cameras that are used to ensure safety and security of the Laerdal employees, visitors and premises.

When you interact with our branded social media pages and ads: We collect your personal information when you reach out to us via our social media pages and accounts. Some information is also be collected when you interact with our ads on these social media pages.

When you register for, attend or take part in our events, webinars, and programs: We collect your personal information to allow you to register, attend and participate in a specific event, webinar or program.

When you participate in surveys, research or other similar information collection activities.

When you or your employer are about to enter into a contractual relationship with us or when we are already in a contractual relationship.

When you work for one of our business partners or customer organizations.

When you sign up to receive newsletters or other promotional material.

IMPORTANT NOTE: Many Services are intended for use by our customer organizations and are, in those cases, administered by those organizations. We collect and process end users’ information on the instructions of our customers and in accordance with our agreements with them. Your use of the Services may be subject to your organization’s policies, if any. If you use any Services under direction from an organization you have a connection with (such as an employer or a school), that organization will (1) control and administer your use of the Services and (2) access and process your personal information. If your organization administers your use of the Services, please direct your privacy enquiries to your organization. Your organization is the data controller of your personal information for such purposes, and we are the data processor. Laerdal is not responsible for the privacy or security practices of its customers, and these may differ from those set out in this Privacy Statement.

If you provide us with any personal information relating to other individuals, you represent that you have the authority and legal basis to do so, and where required, have obtained the necessary consent.

Information we collect automatically

When you use the Websites or the Services: We automatically collect technical information including the Internet Protocol (IP) address used to connect your computer to the internet and your login information, browser type and version, time zone setting as well as information about your visit including pages visited. We will also collect information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information and any phone number used to call our customer service number.

Information collected by cookies and similar technologies: We use cookies and similar technologies when you interact with our Websites and Services. We do so in order to provide a more personalized service to you, to ensure high level of security and to improve our Websites and Services, to keep you logged in, to memorize your language preferences, to assist our advertising and marketing efforts, and for other legitimate purposes. By cookies and similar technologies, we mean small pieces of text used to store information on web browsers and other devices (cookies), web beacons, pixels, local storage objects, tags, scripts and similar technologies that collect information (collectively referred to as “cookies”). Cookies may use both direct and indirect identifiers such as IP addresses, unique identifiers, information about the browser, operating system and device, visited web pages, and other data points. To allow you to make an informed decision about the use of cookies, we have grouped them into four categories: Strictly Necessary, Functional, Performance and Targeting. Please note that Strictly Necessary cookies cannot be turned off since they are essential to providing necessary security and functioning of Websites and Services as expected. On the other hand, Functional, Performance and Targeting cookies are non-essential and they can be enabled and disabled at any moment by you. You may see a complete list of cookies and change the cookie preferences anytime by selecting the cookie icon in the bottom left corner or by clicking on the “cookie settings” in the website footer. Also, please note that you can set your browser to block all cookies, but in that case, it is possible some parts of Websites and Services may not work.

Information we receive from third parties

We obtain personal information from third parties and other sources according to the practices described in this Privacy Statement together with any additional restrictions imposed by the source of the data. This means that we may combine this information with personal information already collected about you. These third-party sources include:

  • Customer organisations (please refer to the IMPORTANT NOTE in the grey box above).
  • Business partners such as the event organizers or co-organizers.
  • Service providers such as recruitment agencies, payment and delivery service providers, website analytics providers and others.
  • Customer organisations, suppliers and business partners in instances when you work for them.
  • Partners with which we offer co-branded Services or engage in joint marketing activities such as the American Heart Association, British Heart Foundation and others.
  • Other sources that contain publicly available data including but not limited to business registers, the EU Open Data Portal, UNICEF Data Warehouse, World Health Organization Data Collections.

If you would like further information about the source of any data that was not obtained from you directly, please contact us using the details provided in Section 10, below.

3. How We Use Personal Information

We process personal information as a controller for the purposes outlined below. The chart specifies:

  1. Our purposes for processing your personal information;
  2. Our legal basis under data protection laws for processing personal information for each purpose;
  3. Types of personal information (see Section 1 for the lists of data categories in each of these types) which we process for each purpose;
  4. Legitimate interests pursued by us or a third party when processing of personal information is based on a legitimate interest.
Purpose
Type of Personal Information
Legal Basis

To register you as a new customer or as a user of our Services or to register your business as a supplier to us

(a) Identity

(b) Contact

(c) Demographic

(d) Profile

(a)  Performance of a contract with you

(b)  Necessary for our legitimate interests (to manage and assert the identity of our Website and Services users)

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Payment

(d) Transaction

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To notify you about changes to our terms or Privacy Statement

(a) Identity

(b) Contact

 

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and ensure that individuals are informed about the latest versions of documents)

To manage our relationship with you which will include communicating with you when you interact with us in any way (e.g., when you fill our “contact me” form, request user support, or contact us in any other way)

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to ensure communication with individuals)

To evaluate you or your employer as a supplier or service provider and make steps necessary for entering into the contract with you or your employer

(a) Identity

(b) Contact

(c) Company or Organization data

(a) Performance of a contract with you

(b) Necessary for our or third parties’ legitimate interests (to evaluate you or your employer as a supplier/service provider and take steps necessary for entering into the contract)

To fulfill contracts and agreed terms with you or your employer/organization (e.g., if you work for our suppliers or service providers, or if you are an authorized user of Services)

(a) Identity

(b) Contact

(c) Company or Organization data

(d) Payment data

(a) Performance of a contract with you

(b) Necessary for our or third parties’ legitimate interests (to fulfill agreed contractual commitments)

To administer surveys, feedback questionnaires or assessments and conduct product research

(a) Identity

(b) Contact

(c) Profile

(d) Usage or

(e) Demographic

(f) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our or third parties’ legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To manage event registrations and attendance (including sending related communication)

(a) Identity

(b) Contact 

(a) Performance of a contract with you

(b) Necessary for our or third parties’ legitimate interests (to enable individuals to attend the events and webinars for which they have registered or attend)

To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

 

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Network and Technical

(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To enable participation in contests, programs and promotions

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our or third parties’ legitimate interests (to enable individuals to participate in contests, programs and promotions)

To improve our Websites or Services, marketing, customer relationships and experiences by relying on data analytics and usage data

(a) Network and Technical

(b) Usage

(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website and Services updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations as well as display personalized advertisement and content to you about Services that may be of interest to you. This includes marketing of our Services and tailoring of our marketing activities to you or your organization’s interests

(a) Identity

(b) Contact

(c) Network and Technical

(d) Usage

(e) Profile

(a) Necessary for our legitimate interests (to develop our Services and to grow our business)

(b) On the basis of your Consent

To provide you and/or (where applicable) your employer/organization with help associated with the Services including training, competence records and certificates

(a) Identity

(b) Contact

(c) Network and Technical

(d) Usage

(e) Performance records

(a) Necessary for our legitimate interest (in providing value-add services to our customers)

(b) Necessary to perform our contract with your employer or with you.

Provide you and/or (where applicable) your employer/organization with user support and customer support to diagnose and resolve Service problems and other customer care and support activities

 

(a) Identity

(b) Contact

(c) Network and Technical

(d) Usage

(e) Performance records

(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications)

(b) Necessary for our legitimate interest (in providing customer support to our customers)

Administer your account and/or (where applicable) the Services we provide to your employer/organization

(a) Identity

(b) Contact

(c) Network and Technical

(d) Usage

(e) Performance records

(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications)

(b) Necessary for our legitimate interest (in making accounts available to our customers)

To assess your skills, qualifications and suitability for any job that you may seek with us and to communicate with you during the recruitment process and keep records of our hiring process

(Please note that this Privacy Statement only describes how we handle your information during the recruitment period only and ceases to apply after you become employed by us (if successful). This Privacy Statement does not apply to Laerdal employees in the context of their employment)

(a) Identity

(b) Contact

(c) Academic and professional skills

(d) Employment history

(e) Title

(f) Date of birth

(g) Any other information you choose to provide to us in connection with your job application

(a) Necessary for our legitimate interests (in contacting you for potential job interviews and deciding whether to hire you)

To analyze your CPR training videos and other manikin CPR performance data gathered by the Team Reporter App

(a) Videos of CPR training collected by the Team Reporter App

(b) CPR training data from manikins gathered by the Team Reporter App

(a) Necessary for our legitimate interests (to improve the functionality of the Team Reporter App for CPR training)

To register and host you and other visitors at our premises

(a) Identity

(b) Contact

Necessary for our legitimate interests (to ensure security, health, and safety of our staff and visitors, as well as to protect confidential information)

To perform due diligence reviews and undertake tasks required for accounting and auditing purposes.

(a) Identity

(b) Contact

(c) Payment

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with our legal obligations, for example in relation to the requirements of tax authorities and regulatory reporting requirements.

(b) Necessary for our legitimate interests (to ensure that our practices are aligned with standards and good practices)

To pseudonymize and aggregate data sets, in order to use them for statistical and analytics purposes.

(a) Identity

(b) Contact

(c) Network and Technical

(d) Usage

(e) Demographic data

(a) Necessary for our or third parties’ legitimate interests (to enable us to rely on statistical and analytics data in order to make informed business decision)

To administer and protect our business and Websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Network and Technical

(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws.

(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

To promote security and prevent abuse of our Websites and Services (in order to ensure a high level of security in all of our Services and Websites as well to prevent abuse and fraud in use of the Services and Websites)

(a) Identity

(b) Contact

(c) Usage

(d) Financial

(e) Transaction

(f) Network and Technical

(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws.

(b) Necessary for our or third parties’ legitimate interests (to achieve a high level of security, prevent abuse and fraud in use of Services and Website, and protect our rights and rights of third parties)

To establish, exercise or defend of legal claims

(We might process your personal information when necessary for establishment, exercise or defense of legal claims or rights whether in court proceedings or in an administrative or out-of-court procedure.)

(a) Identity

(b) Contact

(c) Payment

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with a legal obligation (for example to comply with requests or orders from courts as applicable)

(b) Necessary for our or third parties’ legitimate interests (for the purpose of establishing, exercising and defending legal claims and/or right)

Compliance with any other legal obligations and regulations applicable to us (for example, we process personal information in order to meet statutory legal obligations such as accounting laws, tax laws, data protection laws, medical device regulatory frameworks, etc.)

(a) Identity

(b) Contact

(c) Payment

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with applicable legal obligations (e.g. accounting, tax, data protection and medical device requirements)

Generally, we do not rely on consent as a legal basis for processing your personal information other than as identified in the table above. Also, please note that in some jurisdictions outside the European Economic Area we will rely on consent as a lawful basis for processing personal information, even where consent is not specified as an applicable legal basis in the table above. If you want to understand more about the processing undertaken on the basis of consent in your jurisdiction, please use the details in the How to Contact us and Additional Information sections below. Regardless of our legal basis for marketing, you have the right to prevent future marketing messages being sent directly to you at any time by contacting us at [email protected] or by using the unsubscribe links contained in our emails or on the Websites. If you specifically consent to additional uses of your personal information, we use your personal information in a manner consistent with that consent. Separately, your employer may collect consents from you for their own purposes as a data controller (see the following box).

Please note that if we need to process your personal information in order to enter into a contract with you, and you fail to provide the required personal information, we may not be able to enter into contracts or perform the contract with you.

Where you use the Services at the request of your employer, and we provide Services to your employer, we collect, use and share your personal information for the above purposes at the request of, and in accordance with the directions of your employer. Your employer is the data controller of your personal information for such purposes, and we are the data processor. Your employer has personal information protection policies and processes that may differ from the privacy statement you are currently reading, and we recommend that you read such policies before accessing or using the Services.

If you have yourself individually subscribed to the Services as a controller, we collect, use and share your personal information for the above purposes for and on your behalf and we are the processor of your personal information for such purposes.

We will not sell your personal information or share it with third parties for use in advertising or marketing of their products or services.

4. How We Share Information

We do not share personal information we collect about you, except as described in this Privacy Statement, or as described in other applicable privacy notices. We share personal information with:

  • Members of the Laerdal Group of Companies and its affiliates and subsidiaries for purposes provided in this Privacy Statement.
  • Service providers such as suppliers, consultants, professional advisers and other service providers act on our behalf in order to achieve processing purposes specified in this privacy statement.
  • Customers when we provide Services in the capacity of a service provider that process personal information on their behalf.
  • Third parties whose products and services are integrated into our Websites and Services in order to deliver desired functionalities.
  • Third party websites and social media networks when you directly engage with them so that Laerdal can advertise on their websites and networks.
  • Third parties involved in a business transaction that involve a merger, reorganization, dissolution or other significant business change.
  • Third parties when we believe that such personal information disclosure is instrumental to protect individuals’ vital interests.
  • Law enforcement and other public authorities in case we believe in good faith it is necessary for us to do so in order to comply with a legal obligation or respond to a valid legal process.
  • Other third parties after receiving your consent. The category and brief description of activities carried out by those 3rd parties will be disclosed when obtaining your consent.
  • Other third parties as permitted by applicable laws and regulations such as tax authorities, data protection authorities and as required under medical devices regulations.

Where you use the Services at the request of your employer, and we provide Services to your employer, we share your personal information with your employer for certain purposes as data processor of your employer - see "How We Use Personal Information" above.

We use third-party service providers (for example, order fulfillment, website management, event management, information technology and related infrastructure provision, customer service, email delivery) to store and process your personal information in order to perform business functions on behalf of Laerdal.

Our service providers have entered into contracts with us that require them to follow our express instructions when processing your personal information and they must comply with appropriate retention and security measures to protect such personal information. We do not allow them to use this information for their own purposes.

5. International Transfers of Your Personal Information

Laerdal has operations around the world and our services providers operate in countries across the world. To facilitate global operations, your personal information may be transferred, disclosed, stored or processed in countries other than your own. Those countries may have different privacy and data protection laws from the country where personal information was originally provided. One way in which this may occur is where your personal information is stored in a controlled access repository in the cloud. “In the cloud” refers to servers in a data center that are managed by a third party and accessible through the Internet, and that data center may be in a country other than your own. Whenever we transfer your personal information to other countries, we have taken appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Statement, and that any transfers to countries other than the country of your location are carried out in compliance with applicable legal requirements.

In case that your personal information is transferred outside the European Economic Area we will rely on the European Commission’s 2021 Standard Contractual Clauses, or other applicable data transfer mechanisms. We may also transfer your personal information to countries that have been determined by the European Commission to have an adequate level of data protection (the list of the adequate countries can be found here. We also have equivalent provisions in relation to data being transferred from the United Kingdom (such as the International Data Transfer Addendum to the EU Standard Contractual Clauses) and Switzerland as required by the laws applicable in those jurisdictions. For personal information transfers between our group of companies, we have implemented an intra-group agreement based on the European Commission’s 2021 Standard Contractual Clauses (with any modifications required by local laws). These also include implementation of appropriate data processing agreements and safeguards with third parties, where relevant. If you would like to obtain a copy of the safeguards, we use to transfer personal information outside of your jurisdiction, please contact us at [email protected]

6. Retention of Your Personal Information

In the limited circumstances where we are the controller of your personal information (see "How We Use Personal Information" above for further details), we keep your personal information only for as long as is it is necessary to fulfill the processing purposes described in this statement. Once the purposes for your personal information processing are exhausted or retention period has expired, whatever comes first, we will either delete your personal information by relying on a technical method that makes recovery or retrieval of such information impossible or render data no longer personally indefinable by removing certain data categories that identify you.

To ensure that personal information is only processed for a limited period of time, we have established data retention policies and schedules that specify applicable retention periods for each purpose of personal information processing. Namely, we will delete personal information after the processing purpose is exhausted unless the personal information is required for compliance with legal obligations or establishment of legal claims. By way of example, once your organisation ceases to use our Services, we will delete account information and other personal information necessary to use the Services (in respect of which we are the controller), unless the data is required for compliance with legal obligations or establishment of legal claims.

In case we rely on consent for processing your personal information, we will stop processing when the consent is withdrawn, or the processing purpose is exhausted, whatever comes first. Please note that withdrawing consent will not affect lawfulness of the processing based on consent before withdrawal. Where you have withdrawn your consent, in some cases personal information cannot be deleted, due to the technical reasons, from our systems and backups. Where this is the case, we will ensure that appropriate measures that prevent further use of such personal information are in place. Please note that in some circumstances we store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal and regulatory requirements (e.g. tax laws, accounting laws, etc.). In specific circumstances we also store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Where your employer or another organization is the controller of your personal information, please refer to their personal information protection policies and processes for information about the relevant retention period(s).

7. Personal Information Integrity and Security

We are committed to ensuring a high level of privacy, data protection and security of the personal information in our control or possession. Security of your personal information is our priority and we maintain reasonable technical, contractual, organizational and physical measures to safeguard your personal information. We are certified under the ISO 27001 standard for our Information Security Management System and our information security practices are audited annually by internal and external auditors. The ISO 27001 certification requires us to have appropriate physical, electronic and managerial protection measures in place to prevent unauthorized access, erasure, loss, use, processing or disclosure of your personal information. We have implemented frameworks for continuous improvement of security, privacy and data protection, and we will continue to review and update our security measures where appropriate, as new technology becomes available.

8. Your Rights

If the data processing we undertake is subject to the GDPR (General Data Protection Regulation) or equivalent laws, and taking into account certain exemptions, (in some cases this is dependent upon the processing activity we are undertaking), you have the following rights in relation to your personal information:

  • To access personal information - You have the right to ask us if we have your personal information. Where we do have your personal information, you have the right to request us to hand over copies of your information.
  • To rectify personal information - You have the right to request that we rectify your personal information when the data is inaccurate or incomplete.
  • To erase/delete personal information - You have the right to request that we delete your personal information under certain circumstances.
  • To restrict the processing of your personal information - You have the right to request that we stop the processing of your personal information under certain circumstances.
  • To transfer your personal information - You have the right to request that we transfer your personal information in electronic format to another organization or you.
  • To object to the processing of personal information - You have the right to object to the processing of your personal information on the basis of legitimate interests at any time. Please note that this right does not apply if we can demonstrate strong and legitimate reasons to continue using your information.
  • To withdraw consent to processing of personal information - You have the right to withdraw your consent to processing of personal information at any time whenever our processing is based on your consent.
  • To object to our use of your personal information for direct marketing purposes – You have the right to tell us not to send you marketing communication.
  • To obtain a copy of personal information safeguards used for transfers outside your jurisdiction – You have the right to request a copy of appropriate safeguards that serve as a transfer mechanism for GDPR covered transfers.
  • Not to be subject to automated decision-making - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similar effects on you.
  • To lodge a complaint with the relevant supervisory authority or regulator – You have the right to file a complaint to the relevant authorities in case that you are not satisfied with our privacy practices.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing any personal information requested by you.

Please note that this list may not be exhaustive. This means that you may have additional rights in accordance with your local laws. Please review the Additional Information sections for your jurisdiction, below. In addition, the exercise of the specified rights may be limited in some circumstances by local law requirements. If you would like to learn how to exercise your rights or inquire about our privacy practices, please go to the “How to Contact Us” section.

In situations where we act as a processor of your personal information (for example, when we handle personal information on behalf of our customers) you should exercise your rights against the relevant data controller (for example, your employer, where your employer is the customer organization which has purchased our Services).

10. How to Contact Us

You may contact us in a number of ways listed below in connection with your personal information.

  1. If you wish to opt out of marketing communications we send you at any time you can either do this by (a) completing the Website form found here, (b) by clicking on the “unsubscribe” link in the marketing emails that we send to you, or (c) by contacting us directly at [email protected].
  2. You may choose to Exercise Your Rights as set out in Section 8 or Section 12 specific to your jurisdiction by (a) filling in the form here, (b) by emailing us [email protected] or (c) by writing to us at the address set out in the paragraph below.
  3. If you have any questions about this Privacy Statement or our privacy practices or you would like to complain about our handling of your personal information, you can also contact our data protection manager by post or email using the details set out below:

Laerdal Medical AS
For the attention of the Data Protection Manager
Postal: Tanke Svilands Gate 30, Stavanger Norway 4007
Email: [email protected]

11. Updates to Global Privacy Statement

We will update this Privacy Statement from time to time to align it with changes in our privacy practices. All updates will be posted on this website. When we post such updates, we will revise the “last updated” date at the top of this statement. We encourage you to periodically review this Privacy Statement to stay informed about how Laerdal is processing and protecting your personal information.

12. Additional Notices for Certain Jurisdictions

Additional information for the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF
Laerdal Labs DC, Inc and Laerdal Medical Corporation (collectively referred to as “Laerdal USA”, “our”, “we”, and “us” under this subsection) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU and UK individuals and Swiss individuals as set forth by the U.S. Department of Commerce.  Laerdal USA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, from Switzerland on the Swiss-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the principles contained in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), the principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Addressing Complaints
Laerdal USA commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) should first contact Laerdal USA at the below address:

Laerdal Medical AS
For the attention of the Data Protection Manager
Postal: Tanke Svilands Gate 30, Stavanger Norway 4007
Email: [email protected]

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Laerdal USA commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to ICDR/AAA DPF IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR/AAA DPF IRM Service are provided at no cost to you

If your DPF complaint remains unresolved through the aforementioned channels, you may, under specific circumstances, seek binding arbitration for any remaining claims that have not been addressed by other available redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedures.

Choice
If personal data covered by this Privacy Statement is intended for a purpose that significantly differs from the original collection or subsequent authorization, or if it will be disclosed to a third party that is not an agent and not outlined in this Statement, Laerdal USA will offer you the chance to opt out of such use or disclosure. To request an opt-out regarding the use or disclosure of your personal data, please refer to the “How to Contact Us” section above.
Certain types of personal data, including information related to medical or health conditions, racial or ethnic origin, political beliefs, and religious or philosophical views, are classified as “Sensitive Information.” Laerdal USA will not use Sensitive Information for any purpose other than that for which it was originally collected or subsequently authorized by the individual, unless Laerdal USA has obtained your explicit and affirmative consent (opt-in)

Investigation and Enforcement Powers
Laerdal USA is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

Onward Transfers to Third Parties
If we disclose your personal information to a third party acting as a data controller or agent, we will comply with the Accountability for Onward Transfer Principle and ensure the protection of your personal information as outlined in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We remain liable for the processing of personal information received under the frameworks and subsequently transferred to a third party acting as an agent, unless we can demonstrate that we are not responsible for any damages caused.

Disclosure to Public Authorities
We may be obliged to disclose personal information in response to lawful requests by public authorities, including situations involving national security or law enforcement requirements.

Additional information for California residents only:

With regard to personal information of California residents, in addition to the information already provided in the sections above, the following additional section of this Privacy Statement also applies to you.

This section of the Privacy Statement does not address or apply to:

  • Our handling of personal information which is exempt under section 1798.145 of the California Consumer Privacy Act 2018; or
  • Personal information we collect about employees, contractors or job applicants or other individuals who are not California residents; or
  • Personal information we collect about persons acting in their capacity as representatives (B2B contacts) of our customers, prospective customers, suppliers and other businesses we conduct business with to the extent that we use this personal information only in the context of conducting our business relationship with their respective business.

Under the California Consumer Privacy Act (“CCPA”) you have the right to:

  • request that we disclose the categories of your personal information that we have collected, used, disclosed and sold (if applicable) in the 12 months prior to your request as well as the categories of sources of such personal information within the last 12 months prior to your request
  • request that we delete your personal information and we will respond to verifiable requests to do so;
  • non-discriminatory treatment for the exercise of any of your data protection rights;
  • access your personal information in a portable and to the extent, technically feasible, readily usable format that allows you to transmit this information to others without hindrance;
  • opt-out of the sale of your personal information.

Please note that we do not sell Personal Information collected about you as defined by the California Consumer Privacy Act. However, we will provide the “Do Not Sell” link that will allow you to instantly submit an opt-out request in all instances where we may sell your personal information. We may share or disclose Personal Information to third parties, service providers and business partners or allow them to collect Personal Information from our Websites and Services. This might occur only in in case that third parties, service providers and business partners have entered into a contractual relationship with us that ensures high level of Personal Information protection and facilitates compliance with applicable laws and regulations. If you would like to learn about “business purposes” for which we disclose Personal Information as well as categories of Personal Information disclosed, please visit the section “Types of Personal Information We Collect” and “How We Use Personal Information”

California residents may submit a request to disclose or a request to delete by contacting us in the method described in the “How to Contact Us” section. Additionally, individuals located in California can contact to exercise their rights under the CCPA by calling our toll-free number: 1-888-LAERDAL (523-7325). Please note that we may need to verify your identity and place of residence before complying with your request.

Additional information for Canadian residents

In addition to the methods mentioned in “How to Contact Us” section above, you can also subscribe, manage your email settings and unsubscribe from Laerdal marketing communications at:

http://www.laerdal.com/ca/support/newsletter-update-profile/