Skip to main Content

EMEA Privacy Policy


general privacy policy (EU/EEA)

Your privacy is important to your healthcare institution (referred to as “your institution” or “institution”) and to the Johnson & Johnson family of companies, here represented by Cilag GmbH International (“Johnson & Johnson” and jointly referred to as “we” or “us”) a Swiss entity which has DePuy Ireland UC as representative in the EU. This privacy statement informs you of how we process your personal data when using or accessing certain online services and facilities we make available as part of our Digital Solutions Platform (“Cloud Services”). Personal data is defined as all information that would allow us to identify you either directly or indirectly. It is important to us that you understand how we will handle your personal data and that you are aware of your rights. 

We may amend this privacy statement at any time. Notification of changes to this privacy statement will be posted on https://www.csats.com/privacy-policy. This privacy statement was last updated on March 16,  2021.  

our identity and role

Your institution is the Data Controller as defined in the General Data Protection Regulation (“GDPR”) with regards to the processing of your personal data as described in this privacy statement. Johnson & Johnson acts as a Data Processor of your personal data on behalf of your institution.

what personal data do we collect on behalf of your institution, how do we collect it, and why?

Registration
Institution has created an account to use our Cloud Services on your behalf. Johnson & Johnson receives your name, your institution, your email, your specialty and your national medical certification number that you enter in the registration form. We use this information to confirm your registration and enable you to make use of the Cloud Services. This processing of personal data is necessary for the purposes of the legitimate interest pursued by us to perform the contract that we have entered into with your institution for governing the use of the Cloud Services (article 6(1)(f) GDPR). If you do not provide us these personal data, you will not be able to use the Cloud Services.

Usage Data
We also process information about how you access and use the Cloud Services ("Usage Data"). This processing of personal data is necessary for the purposes of the legitimate interest pursued by us to administer and improve the Cloud Services (article 6(1)(f) GDPR).

Automatic information Collection and Use
We and our service providers may collect certain information automatically as you navigate around the Service. Please read the Cookie Policy https://www.csats.com/cookies for detailed information about the cookies and other tracking technologies used on the Service. The Cookie Policy includes information on how you may disable these technologies. If you do not disable them and continue to use our Service, we will infer your consent to their use.   

We and our service providers may also automatically collect and use information in the following ways: Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly. IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address. Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service. 

with whom do we share your personal data?

The processing of personal data as referred to in this privacy statement may, at the instruction and on behalf of your institution, be carried out (in part) by external service providers such as IT service providers or mobile app providers, through which you may also have access to certain services related to the Cloud Services. Johnson & Johnson has entered into appropriate data processing agreements with such third parties, in protection of your interests.

how long do we retain your personal data?

We retain your personal data no longer than necessary for the purposes for which the personal data are processed. The retention period may differ for each individual purpose. 

If you have created an account, we retain your personal data for the purposes of your registration until you delete your account.  

We may retain your personal data longer if that is dictated by a statutory retention obligation or if that is necessary to protect our rights, for example in case of a (potential) legal dispute. 

security and location of processing

We have implemented appropriate technical and organizational measures to secure your personal data. Our systems and software are secured in order to prevent unauthorized parties inside and outside our organization from gaining access to your personal data. Access to your personal data is limited to persons who require this access for the purposes of the performance of their work.  

Johnson & Johnson may transfer your personal data to various geographic locations, including countries located inside and outside of the European Economic Area. To the extent your personal data is transferred to third countries we have put appropriate contractual and other measures in place to protect your personal data when it is transferred. You may obtain a copy of these measures by contacting Johnson & Johnson’s Data Protection Officer responsible for your country or region, if applicable, at emeaprivacy@its.jnj.com

what are your rights and how do you contact us to exercise them?

You have certain rights in connection with your personal data.  

If you would like to review, correct, update, restrict, object to the processing or delete personal data, or if you would like to receive an electronic copy of the personal data you have provided, you should contact your institution, or us by e-mail to support@csats.com or our EU Representative at MD_EU@its.jnj.com. We may request additional proof of your identity in order to be sure that your request pertains to your personal data. This is in the interests of the protection of your privacy.  

You are at all times entitled to submit a complaint to a competent data protection authority if you believe that we are not processing your personal data in accordance with the GDPR.  

Please click here for contact information for such authorities.  

general privacy policy (countries outside of EU/EEA)

Your privacy is important to your healthcare institution (referred to as “your institution” or “institution”) and to the Johnson & Johnson family of companies, here represented by Cilag GmbH International (“Johnson & Johnson” and jointly referred to as “we” or “us”) a Swiss entity. This privacy statement informs you of how we process your personal data when using or accessing certain online services and facilities we make available as part of our Digital Solutions Platform (“Cloud Services”). Personal data is defined as all information that would allow us to identify you either directly or indirectly. It is important to us that you understand how we will handle your personal data and that you are aware of your rights. 

We may amend this privacy statement at any time. Notification of changes to this privacy statement will be posted on https://www.csats.com/privacy-policy. This privacy statement was last updated on March 16,  2021.  

our identity and role

Your institution is the Data Controller with regards to the processing of your personal data as described in this privacy statement. Johnson & Johnson acts as a Data Processor of your personal data on behalf of your institution.

What personal data do we collect on behalf of your institution, how do we collect it, and why?

Registration  
Institution has created an account to use our Cloud Services on your behalf. Johnson & Johnson receives your name, your institution, your email, your specialty and your national medical certification number that you enter in the registration form. We use this information to confirm your registration and enable you to make use of the Cloud Services. If you do not provide us these personal data, you will not be able to use the Cloud Services.  

Usage data  
We also process information about how you access and use the Cloud Services ("Usage Data").  

Automatic Information Collection and Use 
We and our service providers may collect certain information automatically as you navigate around the Service. Please read the Cookie Policy https://www.csats.com/cookies for detailed information about the cookies and other tracking technologies used on the Service. The Cookie Policy includes information on how you may disable these technologies. If you do not disable them and continue to use our Service, we will infer your consent to their use.   

We and our service providers may also automatically collect and use information in the following ways: Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly. IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address. Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service. 

With whom do we share your personal data? 

The processing of personal data as referred to in this privacy statement may, at the instruction and on behalf of your institution, be carried out (in part) by external service providers such as IT service providers or mobile app providers, through which you may also have access to certain services related to the Cloud Services. Johnson & Johnson has entered into appropriate data processing agreements with such third parties, in protection of your interests. 

How long do we retain your personal data? 

We retain your personal data no longer than necessary for the purposes for which the personal data are processed. The retention period may differ for each individual purpose. 

If you have created an account, we retain your personal data for the purposes of your registration until you delete your account.  

We may retain your personal data longer if that is dictated by a statutory retention obligation or if that is necessary to protect our rights, for example in case of a (potential) legal dispute. 

Security and location of processing 

We have implemented appropriate technical and organizational measures to secure your personal data. Our systems and software are secured in order to prevent unauthorized parties inside and outside our organization from gaining access to your personal data. Access to your personal data is limited to persons who require this access for the purposes of the performance of their work.  

Johnson & Johnson may transfer your personal data to various geographic locations outside of your country of residence. To the extent your personal data is transferred to third countries we have put appropriate contractual and other measures in place to protect your personal data when it is transferred. You may obtain a copy of these measures by contacting Johnson & Johnson’s Data Protection Officer responsible for your country or region, if applicable, at emeaprivacy@its.jnj.com

What are your rights and how do you contact us to exercise them? 

You have certain rights in connection with your personal data.  

If you would like to review, correct, update, restrict, object to the processing or delete personal data, or if you would like to receive an electronic copy of the personal data you have provided, you should contact your institution, or us by e-mail to support@csats.com. We may request additional proof of your identity in order to be sure that your request pertains to your personal data. This is in the interests of the protection of your privacy.  

You may, if applicable, be entitled to submit a complaint to a competent data protection authority.  

Please click below for contact information for such authorities. 
UK: https://ico.org.uk/ 
Switzerland: https://www.edoeb.admin.ch/ 
Israel: https://www.gov.il/he/departments/ministry_of_justice/govil-landing-page