Medical Device Integration
Remote Monitoring and Notification
Analytics and Reports
Last Updated: 12/9/2021
We, Masimo, provide this Masimo Services General Privacy Notice to explain how we collect, use, disclose and otherwise process your personal information when you attend our events or use our websites or online applications (collectively, “Masimo Services”), and rights you may have under applicable data privacy and protection laws. However, if you use any of the following Masimo Services, please instead refer to its privacy notice for information on how we process personal information you provide through that Masimo Service:
We use the term “personal information” or “personal data” to mean any information relating to an identified or identifiable natural person. If you are located in the European Economic Area, United Kingdom, Switzerland or Turkey, “Masimo” refers to Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria. If you are located in other jurisdictions, “Masimo” refers to Masimo Americas, Inc. 52 Discovery, Irvine, 92618, USA. If you reside in California or are located in the European Economic Area, United Kingdom, Switzerland, Turkey, Singapore, Hong Kong or Japan, please refer to the corresponding Jurisdiction-Specific Disclosures further below for additional information we are required to provide to you under your local laws.
Depending on what Masimo Services you use and how you use them, we may collect the following types of personal information about you, which we have grouped together as follows:
We refer to the above groups of personal information by their respective sub-heading (e.g., Identifying Information) throughout this Privacy Notice.
We have set out below a description of the purposes for which we may use personal information. For each purpose, we identify the groups of personal information we use for that purpose.
Purposes of Use
Group of Personal Information Concerned
To manage our relationship with you which includes:
To send and tailor our marketing communications to you
To interact with you on social media
To administer an event that you sign up to attend
To ensure the security of Masimo Services, maintain and support Masimo Services, analyze the performance of Masimo Services, fix errors and troubleshoot issues
To improve our products, services, events and offerings
If we take steps to enter into a reorganization, restructuring, merger, acquisition or transfer of assets (“Business Transfer”), we may also use your personal information to give effect to that Business Transfer. We will only do so in compliance with applicable law.
We may disclose your personal information to the following categories of third parties.
In general, we store personal data only as long as necessary to fulfil the purpose for which we collected it (the “General Retention Period”), except in the following situations: (1) where applicable laws require us to retain your personal data for a legally prescribed period beyond the General Retention Period. In these cases, we will keep that personal data for the legally prescribed time period before deleting it; (2) where your personal data is relevant to potential legal claim(s) by or against us. In these cases, we will keep that personal data for as long as the legal claim(s) can be made or, if it has been made, for as long as the personal data is relevant to the resolution of the claim(s) or any appeal thereto; (3) if we are instructed by a court order, subpoena, or other legal directive to retain your personal data; and (4) we will retain your personal data for a reasonable period of time necessary for us to verify the purposes for which we collected your data no longer apply and to delete the data following such verification. If any of these exceptions apply to certain personal data, we will retain personal data for as long as either exception applies. For additional information about how long we retain your personal data specifically, please email firstname.lastname@example.org.
Masimo Services are not directed at children under the age of 13. Children may only use Masimo’s hardware products on the instructions, under the supervision, and with the consent, of their healthcare providers and parent or legal guardian.
We work to protect the security of your personal information by using organizational, technical, and administrative measures such as encryption of data in transit, configuring internal access controls on the basis of the least privilege principle, and background checks of our employees and contractors. However, we cannot guarantee that your use of Masimo Services will be completely secure. We encourage you to use caution at all times. If you have reason to believe that your personal information has been compromised, please contact us immediately.
You may have rights under applicable data privacy and protection laws, which may include to access, review, modify or delete the personal information we hold about you. To submit a request to exercise any rights you may have under applicable privacy laws, please contact us using the contact details under “Contact Us” below and clearly describe your request. If you have rights under applicable privacy laws and your request complies with the requirements under such laws, we will give effect to your rights and respond within any mandatory timeframes as required by law.
Masimo is aware of the Court of Justice of the European Union’s decision on July 16, 2020 to declare as invalid the European Commission Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield and of the September 8, 2020, statement by the Swiss Federal Data Protection and Information Commissioner on the adequacy of the Swiss-U.S. Privacy Shield Framework. Masimo, however, continues to comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred before July 16, 2020, from the European Union or the United Kingdom, and from Switzerland before September 8, 2020, to Masimo in the United States. For transfers of personal information after those dates, Masimo addresses cross-border data transfer requirements under the EU General Data Protection Regulation 2016/679 and European Economic Area and Swiss data protection laws by relying on Standard Contractual Clauses and other adequate measures For more information about Masimo Corporation’s Privacy Shield and EEA practices, please see EEA Disclosures section.
This Privacy Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal information by us. We may revise this Privacy Notice from time to time by making the revised document available through the Masimo Services and updating the “last updated” date above. We will also obtain consent from you where required by applicable law before processing your personal information for any purpose incompatible with the purposes set forth in prior versions of this Privacy Notice.
To exercise your rights under applicable data privacy and protection laws, or if you have any questions about the information in this Privacy Notice, please contact us using the following contact details. Masimo Attn: Data protection team 52 Discovery Irvine, CA 92618 Email: Privacy@masimo.com Our toll-free number if you are in the USA: 844-820-6576.
You may also configure your choices regarding the types of marketing communications you would like to receive from us by clicking on our communications preferences portal accessible via a web link in our communications.
In these Jurisdiction-Specific Disclosures, we provide additional (i) information related to rights you may have under the applicable privacy laws of your jurisdiction; and (ii) disclosures required by the privacy laws of particular jurisdictions.
What laws apply?
Who is the data controller?
Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria. You can contact its data protection officer at email@example.com. Its UK GDPR representative is Masimo Europe Limited, Matrix House, Basing View, Basingstoke - Hampshire RG21 4DZ.
What legal bases of processing does Masimo rely on?
We rely on the following legal bases to process your personal data, as appropriate:
More information is provided below. For additional details regarding the lawful bases of processing your personal data specifically, please contact firstname.lastname@example.org.
Legal Basis and Legitimate Interest
To give effect to a Business Transfer
Where is your personal data processed and on what basis do we transfer personal data across borders?
Masimo operates Masimo Services with the assistance of affiliated and unaffiliated service providers in the European Economic Area (Frankfurt, Paris and Dublin) and from time to time, if it is necessary for example for troubleshooting, in the United States. We take measures to ensure that service providers in the United States provide an adequate level of data protection by entering into appropriate data transfer agreements based on Standard Contractual Clauses and performing data protection assessments of data transfer arrangements as appropriate. Data transfer agreements are accessible upon request by contacting us at the details shown further above.
Do you have to provide personal data?
There is no law or contract stating that individuals in the EEA, UK or Switzerland have to use Masimo Services. We ask you to provide Identifying Information so that we may provide certain Masimo Services or information that you request; in these cases, we cannot provide you with the requested account, information or services unless you provide such Identifying Information. If you would like to purchase any products or services from us through the Masimo Services or receive our customer services, we require your Purchase and Customer Service Information to provide these offerings to you. If you would like to interact with our social media pages, we require your Social Media Information to provide a response on that social media platform. If you would like to attend one of our events, we require your Event Information to allow you to register and provide you with requested accommodations. You do not have to consent to receive our marketing communications but we record your Marketing Settings to comply with applicable data protection and anti-spam laws. You are not required to provide Information You Give Us and there is no consequence to withholding this information. If you do not allow us to collect Device and Technical Information, some of our Masimo Services may not work properly or be as tailored to you as they could otherwise be, but they will still generally be usable.
In the EEA, Switzerland and the UK you have the following rights, subject to the conditions under the GDPR and/or local data protection law:
(a) To object, on grounds relating to your particular situation, to the processing of your personal data by us. This includes the right to object to our processing of your personal data for direct marketing and the right to object to our processing of our personal data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. Where we use your personal data for direct marketing for our own products and services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.
(b) To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
(c) To obtain from us the rectification of inaccurate personal data concerning you.
(d) To ask us to erase your personal data to the extent it is not required for legally required purposes.
(e) To request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
(f) To receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
(g) To lodge a complaint with a supervisory authority (only for EEA and UK).
(h) In some jurisdictions such as France and Portugal, you also have the right to provide Masimo with guidelines as to the processing of your personal data after your death.
You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
Data protection authority’s website
You can exercise your rights by contacting our Data Protection Officer via email at email@example.com or by mail at Masimo Österreich GmbH, Attn: Data Protection Officer, Mariahilfer Straße 136, 1150 Vienna, Austria.
Turkey’s Law No. 6698 on Protection of Personal Data (the “KVKK”). If we use a term that the KVKK defines in this section for users in Turkey, the term has the same meaning as under the KVKK.
Masimo Österreich GmbH, Mariahilfer Straße 136, 1150 Wien, Austria. You can contact its data protection officer at firstname.lastname@example.org.
Masimo operates Masimo Services with the assistance of affiliated and unaffiliated service providers in the European Economic Area (Frankfurt, Paris and Dublin) and from time to time, if it is necessary for example for troubleshooting, in the United States. We take measures to ensure that service providers provide an adequate level of data protection by entering into appropriate data transfer agreements.
In Turkey, you have the following rights, subject to the conditions under the KVKK:
(a) To obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to details about how we process your personal data and copies of the personal data.
(b) To request correction of the personal data if the data is processed incompletely or inaccurately.
(c) To request deletion or destruction of the personal data when purposes of processing cease to exist.
(d) To request notifying third persons to whom the personal data is transferred, about deletion and correction.
(e) To object to negative consequences about you that are concluded as a result of analysis of the processed personal data by solely automatic means.
(f) To request for indemnification if you suffered damage because of illegal processing of your personal data. You can exercise your rights by contacting our Data Protection Officer via email at email@example.com or by mail at Masimo Österreich GmbH, Attn: Data Protection Officer, Mariahilfer Straße 136, 1150 Vienna, Austria.
What laws apply?
The Personal Data Protection Act of Singapore (the “PDPA”). If we use a term that the PDPA defines in this section for users in Singapore, the term has the same meaning as under the PDPA.
In Singapore, you have the following rights, subject to the conditions under the PDPA:
(a) To withdraw consent and request that we stop collecting, using and/or disclosing your personal data for any or all of the purposes listed in this or any other Privacy Notice we provide to you. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time that it is withdrawn by you in writing.
(b) To request access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data.
(c) To correct or update any of your personal data which we hold about you.
You can exercise your rights by submitting your request in writing or via email to our Data Protection Officer at firstname.lastname@example.org .
Transfers of Personal Data Outside of Singapore
We may transfer your personal data overseas, to our affiliates and unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, for the purposes listed in this or any other Privacy Notice we provide to you, or as otherwise permitted or required by applicable laws. If we transfer your personal data to a territory outside of Singapore, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. We do this, for example, by entering into appropriate data transfer agreements based on the requirements of the PDPA.
The Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”).
Who is the data user?
The data user is Masimo Americas, Inc. 52 Discovery, Irvine, 92618, USA.
In Hong Kong, you have the following rights under the PDPO:
(a) To obtain from us confirmation as to whether your personal data is being processed us, and, where that is the case, to request access to details about how we process your personal data and receive copies of the personal data.
To exercise these rights, or if you have any other questions concerning our privacy practices, please contact us via email at email@example.com .
It is voluntary for you to provide us with your personal data. However, if you do not provide us with your personal data, you will not be able to use Masimo Services.
The Act on Protection of Personal Information of Japan (“APPI”).
Who is the Business Operator under the APPI?
The Business Operator under the APPI is Masimo Americas, Inc. 52 Discovery, Irvine, 92618, USA.
Transfers of Personal Data Outside of Japan
We may transfer your personal data overseas, to our affiliates and unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, for the purposes listed in this Privacy Notice, or as otherwise permitted or required by applicable laws. If we transfer your personal data to a territory outside of Japan, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that required under the APPI. We do this, for example, by entering into appropriate data transfer agreements based on the requirements of the APPI.