Effective: 1 January 2023
This Privacy Notice (the “Notice”) informs Candidates and Successful Candidates as to how the Company collects and uses their Personal Information, and how they can exercise their rights with respect to their Personal Information.
The Intuitive Surgical entities covered by this Notice include Intuitive Surgical, Inc., Intuitive Surgical Operations, Inc., Intuitive Surgical Sarl, and affiliated companies (collectively, “Intuitive” or “Company”).
The Company is the controller of the Candidate and Successful Candidate Personal Information. You may contact the Data Privacy Officer of the Company at data.privacy@intusurg.com, with regards to any issue related to the Processing of your Personal Information and to the exercise of your rights.
For purposes of this Notice, “Personal Information” (also known as identifiable information or personal data) means any information relating to an identified or identifiable natural person. “Processing” means any operation or set of operations which is performed on Personal Information, such as collection, recording, organization, structuring, storage, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Collection, Processing and Disclosure of Personal Information
Collection
The Company collects Personal Information when you submit your application to the Company, directly or through recruiting agencies, and throughout employment. Depending on whether you are a Candidate or a Successful Candidate, the Company may collect the following categories of Personal Information:
- Identification Data: e.g. name, work and personal contact information, emergency contact information, date and place of birth, gender, marital status, citizenship, nationality, driving license information, ID card information, visa and work/residence permit, unique personal identifier, social security number and/or national identifier number, job title and role, signature;
- Recordings: e.g. photos, videos, still images, audio recordings;
- Education and Professional Data: e.g. education history, academic transcripts, qualifications, certifications, trainings, languages, professional memberships;
- Background Check Data: e.g. background check information, criminal background information, reference information;
- HR Data: e.g. CV, cover letter, hire date, workplace, job details (business title, department, assignment status, working hours, work history etc.), information regarding compensation and benefits (healthcare, insurances, share awards, company car etc.), health information such as information related to occupational medical examination, travel information, military service information; holiday entitlement, leave of absences, performance-related information, disciplinary and grievance information, termination date and reason, family information such as children and spouse names and dates of birth;
- Financial data: e.g. bank account information, information related to personal tax situation, corporate expenses and payments, taxpayer ID;
- Judicial data: e.g. legal proceedings;
- Information system activity data: e.g., the Employee’s use of Company information and communications systems;
- Any other information provided by the Employee.
Where it is required under local or national laws or regulations, or where permitted by your express consent, the Company may also collect and Process sensitive personal information such as:
- Trade union membership;
- Information about health, including disability status, medical condition, health and sickness records;
- Biometric data for identification purposes.
Processing
The Company Processes Personal Information as necessary to perform a contract, to comply with legal obligations, or to pursue the legitimate interests of the Company. In some cases, Personal Information may be Processed only on the basis of your consent. Processing purposes may include the following:
Legitimate Interest of the Company/Performance of a Contract:
- Setting up a personnel file and managing employment matters
- Administering payroll, compensation and benefits (e.g. insurance, car fleet)
- Employee performance management, salary review
- Management of holidays and leave of absences; Work time management
- Corporate expense management
- Facilitating business travel and accommodation
- Granting access to the Company’s software, and to provide hardware
- Grievance and disciplinary procedures
- Coordinating relocation
- Termination and post-termination matters
Legitimate Interest of the Company:
- Recruitment, background checks and replacement planning
- Managing information technology and communication systems, and related services
- Training
- Budgeting, financial management and reporting, and strategic planning
- Security measures and operations; fraud prevention; protecting data and assets
- Risk management
- Administrative tasks
- Event management, internal communication, rewards and gifts to employees
- Maintaining licenses, permits, certifications and authorizations applicable to the Company’s business operations
Legal Obligation:
- Employee complaint management (e.g. compliance hotline)
- Protecting the health and safety of Employees and third parties
- Managing legal claims, investigations and disputes
- Meeting legal and regulatory requirements (e.g. taxation, social charges, social and insurance obligations, immigration, work and residence permits)
Disclosure
The Company may disclose your Personal Information to:
- Third-parties under written contracts with the Company providing services or systems for:
e.g. recruitment; background checks; human capital management; benefits & compensation; insurance; legal advice; medical and health care; training; time and absence management; financial services; accounting; payroll; corporate travel; information technology, security and communication; - Third parties where Company is bound by legal obligation:
e.g. tax, regulatory, government agencies and other authorities; external auditors; - (jointly, “Authorized Third Parties”).
- The Company may also disclose your Personal Information to other third parties if you have provided your consent for doing so.
Transfer of Personal Information
As the Company is a global multinational corporation, Personal Information might be disclosed or transferred to, or Processed by any affiliate of the Company. Each affiliate is a data controller of the Candidates and Successful Candidates Personal Information within their control, and may transfer it to Authorized Third Parties for the purposes described above.
The Company will use appropriate safeguards when transferring Personal Information. Intra-Company transfers of Personal Information originating from the European Economic Area (“EEA”) or Switzerland to countries not considered to offer an adequate level of data protection are subject to the Standard Contractual Clauses approved by the European Commission, or updated or similar documents required by a particular jurisdiction.
Security Measures for Personal Information
The Company has implemented appropriate technical, organizational and physical safeguards to protect Personal Information. The Company stores Personal Information using industry-standard information technology and cloud services, and follows industry standard practices to maintain confidentiality, integrity and availability.
The Company stores and retains the Candidates and Successful Candidates Personal Information during and after the employment as required or permitted by applicable law.
No Automated Individual Decision-Making
The Company does not make decisions concerning the Candidates and Successful Candidates based solely on automated Processing.
Requirement to Provide Data
As part of their employment, the Successful Candidate must provide Personal Information that may be used to establish, administer or terminate the employment relationship. Without Personal Information, the Company will not be able to have an employment relationship with the Successful Candidate. Both the Successful Candidate and the Company have legal obligations described in 1.2 above. The Company will only request Personal Information from the Successful Candidate for the purpose of fulfilling those obligations, and the law requires that the Successful Candidate provide this Personal Information when requested.
Candidates and Successful Candidates Rights with respect to their Personal Information
The Company will respect the rights of its Candidates and Successful Candidates in accordance with applicable laws.
The rights applicable to Candidates and Successful Candidates may include:
- the right to access their Personal Information;
- the right to request that the Company rectifies, erases or restricts the Processing of their Personal Information;
- the right to object to the Processing of their Personal Information;
- the right to data portability;
- the right to give instructions on use and disclosure of their Personal Information after their death;
- the right to request compensation for alleged unlawful processing of their Personal Information;
- when Processing of Personal Information is based on the Employee’s consent, the Employee may at any time withdraw their consent.
The Employee can exercise these rights by contacting the Company’s Data Privacy Officer via e-mail at data.privacy@intusurg.com
The Employee also has the right to lodge a complaint with any local data protection authority or with the Commission Nationale de l’Informatique et des Libertés (CNIL), the Company’s lead data protection authority in the EU.
California Privacy Rights
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of personal information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us at data.privacy@intusurg.com. This request may be made no more than twice in a 12-month period and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this policy. Note that we do not currently share personal information with third parties for those third parties’ direct marketing purposes.
In addition, California residents have the following privacy rights:
- The right to know. You have the right to request to know (i) the categories of personal information we have collected about you in the last 12 months; (ii) the specific pieces of personal information we have about you; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your personal information.
- Right to correct. You have the right to obtain without undue delay the correction of inaccurate, incomplete or outdated personal information concerning you.
- The right to deletion. You have the right to request that we delete the personal information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected. If we deny your request for deletion, we will let you know the reason why.
- The right to equal service. If you choose to exercise any of these rights, the Company will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of our websites or services.
Right to opt-out the “sale” or “share” of your personal information (as defined in the CCPA and CPRA respectively). Intuitive does not “sell” or “share” your personal information for monetary value. However, some third-party cookies and other trackers placed on our sites may be considered a “sale” or a “share” when used for our “targeted” or “cross-contextual” advertising campaigns. If you opt-in to targeting cookies, we allow trusted parties to collect via cookies certain information about you when you interact with our sites to provide you with targeted advertising. You can opt-out of these cookies as detailed in Cookies section by changing your cookie preferences on the link below.
here
Alternatively, you can rely on an opt-out preference signal to tell us you wish to opt out of us “selling” or “sharing” your personal information. We will recognize the opt-out preference signal in a “frictionless” manner. We will not (i) charge you for using it, (ii) change your experience with our products and services, or (iii) display pop-ups or other notifications in response to your opt-out signal other than a status indicator.
You may exercise your right to know twice a year. To exercise your rights, contact us via data.privacy@intusurg.com.
We will take steps to verify your identity before processing your request. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.