mymobility® Privacy Notice

Australia/New Zealand
India/Ireland/Kingdom of Saudi Arabia/United Arab Emirates/United Kingdom
Singapore
South Africa

Australia/New Zealand

Thank you for using mymobility® platform, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers or affiliated service groups to offer mymobility and other home-based programs to patients (including “you” as used in this notice).

This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility, any of the online applications or portals associated with mymobility, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility”). Depending on the service arrangement with your Provider, Zimmer Biomet may act as a Data Processor, Data Controller and/or Business Associate with regards to handling Personal Data. In the case Zimmer Biomet serves as a Processor, this Notice should be read in conjunction with and as supplementary information to the privacy notice of your Provider. Information provided to you by your Provider shall govern if there is any conflict between this Notice and information from your Provider.

This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand  the practices outlined in this Notice.

What Personal Data Do We Process?

Personal Data: “Personal Data” is any information – as electronically or otherwise recorded– that can be used to identify a specific individual or that we can link directly to an individual, such as name, address, email address, telephone number, credit card number, or health or treatment information, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person – such as a unique number assigned to a patient by a Healthcare Provider, even absent other identifying information.

Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under applicable law is indicated with a caret (^) in the chart below.

For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).

The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below. Additionally, your Provider may be the Controller of your Personal Data and list the legal bases in its privacy notice.

Personal Data We Process (as a Controller, Processor, and/or Business Associate):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Contact information Your name, address, email address, phone number, username^, and password^ Directly from you and from your Provider We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • for the purposes of medical diagnosis and the provision of healthcare and treatment; and/or
  • to ensure high standards of quality and safety of healthcare and medical devices.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information
  • Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information^,
  • health insurance information^ and other information on payment for healthcare services (e.g., patient ID number)^, MRN (Medical Record Number)^,
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)^,
  • user activity^,
  • gait metrics, patterns or rhythms^,
  • pictures and videos of treatment activities^,
  • therapy completion and use details^,
  • communications with your Provider, including audio and/or video from telehealth sessions
  • intraoperative data (i.e., surgery duration, device size and device adjustment measurements). *
 Directly from you, your Provider and/or Persona IQ implant We process your health information data to provide you with our products and services, communicate with you, detect security incidents, to assist your Provider in payment, treatment, and operations, to protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information data from Apple HealthKit,  Health Connect,  Google Fit and/or derived from your smartphone’s Inertial Measurement Unit (“IMU”)^ Information regarding your health from Apple HealthKit, Health Connect,  Google Fit and/or your Apple or Android phone IMU data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from these sources.** Through your smartphones and connected device(s) via the Apple HealthKit, Health Connect,  application, Google Fit application, and/or other programming interfaces. To enhance the functionality of the Applications, you can share your IMU, Apple HealthKit, Health Connect,  and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   application, Google Fit application, and/or other programming interfaces. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Technical information data Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications We automatically collect certain technical information relating to you and your devices when you visit or use the Applications. We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet.
 Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law

Anonymized Data we Process (as a Controller):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Anonymized / Deidentified Data*** Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   and/or Google Fit application; and technical information from your devices We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes. We process this Personal Data:

with your express consent (which you may withdraw at any time) for Zimmer Biomet’s use.

 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes

* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility.

** For Apple HealthKit, Health Connect, and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition, and/or iOS Location data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition and/or iOS Location data if you choose to share the data with Zimmer Biomet. If you choose to share any this data as referenced in this paragraph with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit, Health Connect,  and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use the Apple HealthKit, Health Connect,  or Google Fit applications and or do not choose to allow Apple HealthKit, Health Connect, Google Fit, Android Activity Recognition and/or iOS Location data to be shared with us. You can choose to stop sharing this data at any time.

*** Zimmer Biomet is the Controller of anonymized / de-identified data derived from Personal Data.

Consumer Health Data: To the extent the Personal Data we process includes “Consumer Health Data” as defined under applicable U.S. state consumer health privacy laws such as the Washington State My Health My Data Act (MHMDA) and Nevada’s Consumer Health Data Law (SB 370), we will process the Consumer Health Data in accordance with our Consumer Health Data Privacy Policy which can be found here: https://www.zimmerbiomet.com/en/corporate/consumer-health-data-privacy-policy.html.

Personal Data, including Consumer Health Data, may be shared with your Provider for the purposes of medical diagnosis and the provision of healthcare and treatment.

Retention

We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law.Specifically, your Personal Data generally will be stored no longer than six (6) months following the termination date of our contract with your Provider, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

Cookies and Similar Tools

To the extent permitted by law, including with your consent where required, we may engage in the following activities:

  • We may collect Personal Data automatically through cookies and other technologies to provide functionality to our Applications; to effect certain security controls; and to recognize you and your preferences across devices when using our Applications.
  • We also perform statistical analyses of the users of our Applications to improve the functionality, content, design, and navigation of the Applications.

For more information about these activities and how to manage or opt out of them, please see our Cookie Notice or contact us.

Transfer of Personal Data Across National Borders

Please be aware that Personal Data we collect or process may be transferred and maintained outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including the United States. In particular, Zimmer Biomet may disclose Personal Data to the countries listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html). Zimmer Biomet has put in place lawful transfer mechanisms and appropriate safeguards, in accordance with applicable legal requirements, to protect your Personal Data, including but not limited to entering into agreements with third parties, such as service providers, to require them to adopt standards that ensure an equivalent level of protection for data as those we adopt.

Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.

TRUSTe

EU-U.S. Data Privacy Framework

Zimmer Biomet Holdings, Inc., in addition to all U.S. entities listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) except CD Laboratories, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Onward Transfer to Third Parties 

Zimmer Biomet shall remain liable under the DPF Principles if its agent(s) processes Personal Data in a manner inconsistent with the DPF Principles, unless Zimmer Biomet proves that it is not responsible for the event giving rise to the damage.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zimmer Biomet at: privacy.global@zimmerbiomet.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the above DPF mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over Zimmer Biomet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Your Rights and How to Exercise Them

Depending on where you live, you may have the following rights with respect to some or all of your Personal Data:

  • To withdraw your consent to processing, when we previously obtained your consent;
  • To request information about whether, and how, we process your Personal Data;
  • to request access to and a copy of your Personal Data including to provide your Personal Data directly to another organization (called, in some locations, a right to data portability);
  • to request that we correct or update your Personal Data ;
  • to request that we delete your Personal Data;
  • to request that we restrict or block or to object to or opt-out of the processing of your Personal Data, including your sensitive Personal Data, or to revoke your consent;
  • to appeal the denial of a request; and
  • to lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, appeal the denial of one of your requests, or make a complaint about how we process your Personal Data, please submit a request using the Privacy Request Form, write at privacy.global@zimmerbiomet.com or for the US only, call us at 1-844-922-2721. Alternatively, you can find the relevant contact details for your country of residence in the section “Contact Us” and in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

Zimmer Biomet will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you with certain Applications, products and services or it may otherwise affect the way we are able to interact with you.

Please note that after receiving your request, we may require additional information from you or your authorized agent to honor your request and may deny your request if we cannot verify your identity or status.  Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

When we receive your Personal Data from others, including your Healthcare Provider, and process your Personal Data on their behalf, we may do so at their request and subject to their instructions. In that case, we do not have control over their privacy and security practices and processes. If your Personal Data has been submitted to us by a third party, we may need to ask you to contact them directly or we may be able to contact them on your behalf. If we need you to contact them directly, we will let you know.

Updating Your Information

In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.

Links to Other Websites

Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet.  Such links do not imply an endorsement with respect to any third party, any website, or the products or services provided thereby. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.

Safeguarding Information

Consistent with applicable laws and requirements, Zimmer Biomet has put in place physical, technical, and administrative safeguards to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure, consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we are not able to guarantee security for data collected through our Applications. In addition, it is your responsibility to safeguard any passwords, identification or ID numbers, or similar individual information associated with your use of the Applications.

Special Note to Patients in the United States

If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. In the provision of certain services, Zimmer Biomet may act as your Provider’s business associate. Zimmer Biomet, when acting as your Provider’s business associate, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict when Zimmer Biomet is acting as your Provider’s business associate.

Special Note for Individuals Located in Japan

If you are located in Japan, the following section also applies to you:

Joint Use of Personal Data

Zimmer Biomet may use your Personal Data jointly with any subsidiary or affiliate of Zimmer Biomet Holdings, Inc. as described here. Personal Data subject to joint use: The personal information indicated in the section “What Personal Data Do We Process?”. Range of joint users: Zimmer Biomet Holdings, Inc., and its subsidiaries and affiliates (please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) for the specific names of the subsidiaries and affiliates). Joint users’ purposes of use: The purposes described in the section “What Personal Data Do We Process?”. Party responsible for managing your Personal Data: Zimmer Biomet Holdings, Inc.

Additional Notes for Mainland China

Personal Data may be processed in various methods including, without limitation, collection, storage, use, transmission, provision, disclosure and deletion, as stipulated under the Personal Information Protection Law of China (the PIPL).

The necessity of processing your sensitive Personal Data and the impact it has on your rights and interests

Our processing of your sensitive Personal Data described herein is necessary for:

  • Providing products and services, and fulfilling other purposes described above in each different scenarios;
  • Performing accounting, audit, internal investigations and other internal reviews;
  • Complying with all applicable laws, legal processes, and internal policies; and
  • Otherwise, accomplishing our business purposes and objectives.

Our processing of your sensitive Personal Data will not impact on your individual rights and interests as described in Section “Your Rights and How to Exercise Them” of this Notice. These rights may be limited by law and regulations for certain purposes, including for the establishment, exercise, or defense of legal claims. Our processing of your sensitive Personal Data will be limited to the minimal level that is necessary to accomplish specific purposes as described above, and will be subject to the physical, technical, and organizational measures for special data protection in accordance with the PIPL and other applicable Chinese data protection laws and regulations.

Zimmer Biomet has conducted necessary security assessment and privacy impact assessment for cross-border transfer for the collection and processing of your sensitive Personal Data in accordance with relevant Chinese data protection laws and regulations.

Your Choices

You can unsubscribe from any marketing or promotional emails. To do so, please use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request. Even if you unsubscribe to marketing emails, we may continue to send you transactional emails related to your mymobility account including updated notices and system outages.

Changes to This Privacy Notice

This privacy notice is effective as of the date last updated, as indicated below. We may update this Notice from time to time without notice. As such, you should review this Notice periodically. Your continued interactions with us and/or the use of our Applications subject to this Notice constitutes your agreement to this Notice.

Contact Us

If you have any questions, including how to access this Notice in an alternative format or to obtain further information about the security measures described in “Safeguarding Information”, please email us at privacy.global@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Global Privacy Officer, 345 East Main Street, Warsaw, IN 46580, United States. You may contact the data protection officer directly at dataprotectionofficer@zimmerbiomet.com.

For more contact details for your country of residence, please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

If you would like to access this notice in any of the languages set out in the Eighth Schedule of the Constitution of India, please contact privacy.global@zimmerbiomet.com.

Updated:  September 2025

© 2025 Zimmer Biomet. All Rights Reserved.

India/Ireland/Kingdom of Saudi Arabia/United Arab Emirates/United Kingdom

Thank you for using mymobility® platform, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers or affiliated service groups to offer mymobility and other home-based programs to patients (including “you” as used in this notice).

This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility, any of the online applications or portals associated with mymobility, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility”). Depending on the service arrangement with your Provider, Zimmer Biomet may act as a Data Processor, Data Controller and/or Business Associate with regards to handling Personal Data. In the case Zimmer Biomet serves as a Processor, this Notice should be read in conjunction with and as supplementary information to the privacy notice of your Provider. Information provided to you by your Provider shall govern if there is any conflict between this Notice and information from your Provider.

This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand  the practices outlined in this Notice.

What Personal Data Do We Process?

Personal Data: “Personal Data” is any information – as electronically or otherwise recorded– that can be used to identify a specific individual or that we can link directly to an individual, such as name, address, email address, telephone number, credit card number, or health or treatment information, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person – such as a unique number assigned to a patient by a Healthcare Provider, even absent other identifying information.

Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under applicable law is indicated with a caret (^) in the chart below.

For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).

The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below. Additionally, your Provider may be the Controller of your Personal Data and list the legal bases in its privacy notice.

Personal Data We Process (as a Controller, Processor, and/or Business Associate):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Contact information Your name, address, email address, phone number, username^, and password^ Directly from you and from your Provider We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • for the purposes of medical diagnosis and the provision of healthcare and treatment; and/or
  • to ensure high standards of quality and safety of healthcare and medical devices.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information
  • Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information^,
  • health insurance information^ and other information on payment for healthcare services (e.g., patient ID number)^, MRN (Medical Record Number)^,
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)^,
  • user activity^,
  • gait metrics, patterns or rhythms^,
  • pictures and videos of treatment activities^,
  • therapy completion and use details^,
  • communications with your Provider, including audio and/or video from telehealth sessions
  • intraoperative data (i.e., surgery duration, device size and device adjustment measurements). *
 Directly from you, your Provider and/or Persona IQ implant We process your health information data to provide you with our products and services, communicate with you, detect security incidents, to assist your Provider in payment, treatment, and operations, to protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information data from Apple HealthKit,  Health Connect,  Google Fit and/or derived from your smartphone’s Inertial Measurement Unit (“IMU”)^ Information regarding your health from Apple HealthKit, Health Connect,  Google Fit and/or your Apple or Android phone IMU data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from these sources.** Through your smartphones and connected device(s) via the Apple HealthKit, Health Connect,  application, Google Fit application, and/or other programming interfaces. To enhance the functionality of the Applications, you can share your IMU, Apple HealthKit, Health Connect,  and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   application, Google Fit application, and/or other programming interfaces. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Technical information data Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications We automatically collect certain technical information relating to you and your devices when you visit or use the Applications. We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet.
 Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law

Anonymized Data we Process (as a Controller):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Anonymized / Deidentified Data*** Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   and/or Google Fit application; and technical information from your devices We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes. We process this Personal Data:

with your express consent (which you may withdraw at any time) for Zimmer Biomet’s use.

 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes

* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility.

** For Apple HealthKit, Health Connect, and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition, and/or iOS Location data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition and/or iOS Location data if you choose to share the data with Zimmer Biomet. If you choose to share any this data as referenced in this paragraph with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit, Health Connect,  and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use the Apple HealthKit, Health Connect,  or Google Fit applications and or do not choose to allow Apple HealthKit, Health Connect, Google Fit, Android Activity Recognition and/or iOS Location data to be shared with us. You can choose to stop sharing this data at any time.

*** Zimmer Biomet is the Controller of anonymized / de-identified data derived from Personal Data.

Consumer Health Data: To the extent the Personal Data we process includes “Consumer Health Data” as defined under applicable U.S. state consumer health privacy laws such as the Washington State My Health My Data Act (MHMDA) and Nevada’s Consumer Health Data Law (SB 370), we will process the Consumer Health Data in accordance with our Consumer Health Data Privacy Policy which can be found here: https://www.zimmerbiomet.com/en/corporate/consumer-health-data-privacy-policy.html.

Personal Data, including Consumer Health Data, may be shared with your Provider for the purposes of medical diagnosis and the provision of healthcare and treatment.

Retention

We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law.Specifically, your Personal Data generally will be stored no longer than six (6) months following the termination date of our contract with your Provider, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

Cookies and Similar Tools

To the extent permitted by law, including with your consent where required, we may engage in the following activities:

  • We may collect Personal Data automatically through cookies and other technologies to provide functionality to our Applications; to effect certain security controls; and to recognize you and your preferences across devices when using our Applications.
  • We also perform statistical analyses of the users of our Applications to improve the functionality, content, design, and navigation of the Applications.

For more information about these activities and how to manage or opt out of them, please see our Cookie Notice or contact us.

Transfer of Personal Data Across National Borders

Please be aware that Personal Data we collect or process may be transferred and maintained outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including the United States. In particular, Zimmer Biomet may disclose Personal Data to the countries listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html). Zimmer Biomet has put in place lawful transfer mechanisms and appropriate safeguards, in accordance with applicable legal requirements, to protect your Personal Data, including but not limited to entering into agreements with third parties, such as service providers, to require them to adopt standards that ensure an equivalent level of protection for data as those we adopt.

Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.

TRUSTe

EU-U.S. Data Privacy Framework

Zimmer Biomet Holdings, Inc., in addition to all U.S. entities listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) except CD Laboratories, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Onward Transfer to Third Parties 

Zimmer Biomet shall remain liable under the DPF Principles if its agent(s) processes Personal Data in a manner inconsistent with the DPF Principles, unless Zimmer Biomet proves that it is not responsible for the event giving rise to the damage.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zimmer Biomet at: privacy.global@zimmerbiomet.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the above DPF mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over Zimmer Biomet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Your Rights and How to Exercise Them

Depending on where you live, you may have the following rights with respect to some or all of your Personal Data:

  • To withdraw your consent to processing, when we previously obtained your consent;
  • To request information about whether, and how, we process your Personal Data;
  • to request access to and a copy of your Personal Data including to provide your Personal Data directly to another organization (called, in some locations, a right to data portability);
  • to request that we correct or update your Personal Data ;
  • to request that we delete your Personal Data;
  • to request that we restrict or block or to object to or opt-out of the processing of your Personal Data, including your sensitive Personal Data, or to revoke your consent;
  • to appeal the denial of a request; and
  • to lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, appeal the denial of one of your requests, or make a complaint about how we process your Personal Data, please submit a request using the Privacy Request Form, write at privacy.global@zimmerbiomet.com or for the US only, call us at 1-844-922-2721. Alternatively, you can find the relevant contact details for your country of residence in the section “Contact Us” and in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

Zimmer Biomet will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you with certain Applications, products and services or it may otherwise affect the way we are able to interact with you.

Please note that after receiving your request, we may require additional information from you or your authorized agent to honor your request and may deny your request if we cannot verify your identity or status.  Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

When we receive your Personal Data from others, including your Healthcare Provider, and process your Personal Data on their behalf, we may do so at their request and subject to their instructions. In that case, we do not have control over their privacy and security practices and processes. If your Personal Data has been submitted to us by a third party, we may need to ask you to contact them directly or we may be able to contact them on your behalf. If we need you to contact them directly, we will let you know.

Updating Your Information

In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.

Links to Other Websites

Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet.  Such links do not imply an endorsement with respect to any third party, any website, or the products or services provided thereby. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.

Safeguarding Information

Consistent with applicable laws and requirements, Zimmer Biomet has put in place physical, technical, and administrative safeguards to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure, consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we are not able to guarantee security for data collected through our Applications. In addition, it is your responsibility to safeguard any passwords, identification or ID numbers, or similar individual information associated with your use of the Applications.

Special Note to Patients in the United States

If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. In the provision of certain services, Zimmer Biomet may act as your Provider’s business associate. Zimmer Biomet, when acting as your Provider’s business associate, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict when Zimmer Biomet is acting as your Provider’s business associate.

Special Note for Individuals Located in Japan

If you are located in Japan, the following section also applies to you:

Joint Use of Personal Data

Zimmer Biomet may use your Personal Data jointly with any subsidiary or affiliate of Zimmer Biomet Holdings, Inc. as described here. Personal Data subject to joint use: The personal information indicated in the section “What Personal Data Do We Process?”. Range of joint users: Zimmer Biomet Holdings, Inc., and its subsidiaries and affiliates (please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) for the specific names of the subsidiaries and affiliates). Joint users’ purposes of use: The purposes described in the section “What Personal Data Do We Process?”. Party responsible for managing your Personal Data: Zimmer Biomet Holdings, Inc.

Additional Notes for Mainland China

Personal Data may be processed in various methods including, without limitation, collection, storage, use, transmission, provision, disclosure and deletion, as stipulated under the Personal Information Protection Law of China (the PIPL).

The necessity of processing your sensitive Personal Data and the impact it has on your rights and interests

Our processing of your sensitive Personal Data described herein is necessary for:

  • Providing products and services, and fulfilling other purposes described above in each different scenarios;
  • Performing accounting, audit, internal investigations and other internal reviews;
  • Complying with all applicable laws, legal processes, and internal policies; and
  • Otherwise, accomplishing our business purposes and objectives.

Our processing of your sensitive Personal Data will not impact on your individual rights and interests as described in Section “Your Rights and How to Exercise Them” of this Notice. These rights may be limited by law and regulations for certain purposes, including for the establishment, exercise, or defense of legal claims. Our processing of your sensitive Personal Data will be limited to the minimal level that is necessary to accomplish specific purposes as described above, and will be subject to the physical, technical, and organizational measures for special data protection in accordance with the PIPL and other applicable Chinese data protection laws and regulations.

Zimmer Biomet has conducted necessary security assessment and privacy impact assessment for cross-border transfer for the collection and processing of your sensitive Personal Data in accordance with relevant Chinese data protection laws and regulations.

Your Choices

You can unsubscribe from any marketing or promotional emails. To do so, please use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request. Even if you unsubscribe to marketing emails, we may continue to send you transactional emails related to your mymobility account including updated notices and system outages.

Changes to This Privacy Notice

This privacy notice is effective as of the date last updated, as indicated below. We may update this Notice from time to time without notice. As such, you should review this Notice periodically. Your continued interactions with us and/or the use of our Applications subject to this Notice constitutes your agreement to this Notice.

Contact Us

If you have any questions, including how to access this Notice in an alternative format or to obtain further information about the security measures described in “Safeguarding Information”, please email us at privacy.global@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Global Privacy Officer, 345 East Main Street, Warsaw, IN 46580, United States. You may contact the data protection officer directly at dataprotectionofficer@zimmerbiomet.com.

For more contact details for your country of residence, please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

If you would like to access this notice in any of the languages set out in the Eighth Schedule of the Constitution of India, please contact privacy.global@zimmerbiomet.com.

Updated:  September 2025

© 2025 Zimmer Biomet. All Rights Reserved.

Singapore

Thank you for using mymobility® platform, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers or affiliated service groups to offer mymobility and other home-based programs to patients (including “you” as used in this notice).

This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility, any of the online applications or portals associated with mymobility, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility”). Depending on the service arrangement with your Provider, Zimmer Biomet may act as a Data Processor, Data Controller and/or Business Associate with regards to handling Personal Data. In the case Zimmer Biomet serves as a Processor, this Notice should be read in conjunction with and as supplementary information to the privacy notice of your Provider. Information provided to you by your Provider shall govern if there is any conflict between this Notice and information from your Provider.

This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand  the practices outlined in this Notice.

What Personal Data Do We Process?

Personal Data: “Personal Data” is any information – as electronically or otherwise recorded– that can be used to identify a specific individual or that we can link directly to an individual, such as name, address, email address, telephone number, credit card number, or health or treatment information, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person – such as a unique number assigned to a patient by a Healthcare Provider, even absent other identifying information.

Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under applicable law is indicated with a caret (^) in the chart below.

For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).

The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below. Additionally, your Provider may be the Controller of your Personal Data and list the legal bases in its privacy notice.

Personal Data We Process (as a Controller, Processor, and/or Business Associate):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Contact information Your name, address, email address, phone number, username^, and password^ Directly from you and from your Provider We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • for the purposes of medical diagnosis and the provision of healthcare and treatment; and/or
  • to ensure high standards of quality and safety of healthcare and medical devices.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information
  • Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information^,
  • health insurance information^ and other information on payment for healthcare services (e.g., patient ID number)^, MRN (Medical Record Number)^,
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)^,
  • user activity^,
  • gait metrics, patterns or rhythms^,
  • pictures and videos of treatment activities^,
  • therapy completion and use details^,
  • communications with your Provider, including audio and/or video from telehealth sessions
  • intraoperative data (i.e., surgery duration, device size and device adjustment measurements). *
 Directly from you, your Provider and/or Persona IQ implant We process your health information data to provide you with our products and services, communicate with you, detect security incidents, to assist your Provider in payment, treatment, and operations, to protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information data from Apple HealthKit,  Health Connect,  Google Fit and/or derived from your smartphone’s Inertial Measurement Unit (“IMU”)^ Information regarding your health from Apple HealthKit, Health Connect,  Google Fit and/or your Apple or Android phone IMU data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from these sources.** Through your smartphones and connected device(s) via the Apple HealthKit, Health Connect,  application, Google Fit application, and/or other programming interfaces. To enhance the functionality of the Applications, you can share your IMU, Apple HealthKit, Health Connect,  and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   application, Google Fit application, and/or other programming interfaces. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Technical information data Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications We automatically collect certain technical information relating to you and your devices when you visit or use the Applications. We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet.
 Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law

Anonymized Data we Process (as a Controller):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Anonymized / Deidentified Data*** Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   and/or Google Fit application; and technical information from your devices We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes. We process this Personal Data:

with your express consent (which you may withdraw at any time) for Zimmer Biomet’s use.

 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes

* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility.

** For Apple HealthKit, Health Connect, and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition, and/or iOS Location data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition and/or iOS Location data if you choose to share the data with Zimmer Biomet. If you choose to share any this data as referenced in this paragraph with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit, Health Connect,  and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use the Apple HealthKit, Health Connect,  or Google Fit applications and or do not choose to allow Apple HealthKit, Health Connect, Google Fit, Android Activity Recognition and/or iOS Location data to be shared with us. You can choose to stop sharing this data at any time.

*** Zimmer Biomet is the Controller of anonymized / de-identified data derived from Personal Data.

Consumer Health Data: To the extent the Personal Data we process includes “Consumer Health Data” as defined under applicable U.S. state consumer health privacy laws such as the Washington State My Health My Data Act (MHMDA) and Nevada’s Consumer Health Data Law (SB 370), we will process the Consumer Health Data in accordance with our Consumer Health Data Privacy Policy which can be found here: https://www.zimmerbiomet.com/en/corporate/consumer-health-data-privacy-policy.html.

Personal Data, including Consumer Health Data, may be shared with your Provider for the purposes of medical diagnosis and the provision of healthcare and treatment.

Retention

We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law.Specifically, your Personal Data generally will be stored no longer than six (6) months following the termination date of our contract with your Provider, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

Cookies and Similar Tools

To the extent permitted by law, including with your consent where required, we may engage in the following activities:

  • We may collect Personal Data automatically through cookies and other technologies to provide functionality to our Applications; to effect certain security controls; and to recognize you and your preferences across devices when using our Applications.
  • We also perform statistical analyses of the users of our Applications to improve the functionality, content, design, and navigation of the Applications.

For more information about these activities and how to manage or opt out of them, please see our Cookie Notice or contact us.

Transfer of Personal Data Across National Borders

Please be aware that Personal Data we collect or process may be transferred and maintained outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including the United States. In particular, Zimmer Biomet may disclose Personal Data to the countries listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html). Zimmer Biomet has put in place lawful transfer mechanisms and appropriate safeguards, in accordance with applicable legal requirements, to protect your Personal Data, including but not limited to entering into agreements with third parties, such as service providers, to require them to adopt standards that ensure an equivalent level of protection for data as those we adopt.

Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.

TRUSTe

EU-U.S. Data Privacy Framework

Zimmer Biomet Holdings, Inc., in addition to all U.S. entities listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) except CD Laboratories, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Onward Transfer to Third Parties 

Zimmer Biomet shall remain liable under the DPF Principles if its agent(s) processes Personal Data in a manner inconsistent with the DPF Principles, unless Zimmer Biomet proves that it is not responsible for the event giving rise to the damage.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zimmer Biomet at: privacy.global@zimmerbiomet.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the above DPF mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over Zimmer Biomet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Your Rights and How to Exercise Them

Depending on where you live, you may have the following rights with respect to some or all of your Personal Data:

  • To withdraw your consent to processing, when we previously obtained your consent;
  • To request information about whether, and how, we process your Personal Data;
  • to request access to and a copy of your Personal Data including to provide your Personal Data directly to another organization (called, in some locations, a right to data portability);
  • to request that we correct or update your Personal Data ;
  • to request that we delete your Personal Data;
  • to request that we restrict or block or to object to or opt-out of the processing of your Personal Data, including your sensitive Personal Data, or to revoke your consent;
  • to appeal the denial of a request; and
  • to lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, appeal the denial of one of your requests, or make a complaint about how we process your Personal Data, please submit a request using the Privacy Request Form, write at privacy.global@zimmerbiomet.com or for the US only, call us at 1-844-922-2721. Alternatively, you can find the relevant contact details for your country of residence in the section “Contact Us” and in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

Zimmer Biomet will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you with certain Applications, products and services or it may otherwise affect the way we are able to interact with you.

Please note that after receiving your request, we may require additional information from you or your authorized agent to honor your request and may deny your request if we cannot verify your identity or status.  Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

When we receive your Personal Data from others, including your Healthcare Provider, and process your Personal Data on their behalf, we may do so at their request and subject to their instructions. In that case, we do not have control over their privacy and security practices and processes. If your Personal Data has been submitted to us by a third party, we may need to ask you to contact them directly or we may be able to contact them on your behalf. If we need you to contact them directly, we will let you know.

Updating Your Information

In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.

Links to Other Websites

Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet.  Such links do not imply an endorsement with respect to any third party, any website, or the products or services provided thereby. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.

Safeguarding Information

Consistent with applicable laws and requirements, Zimmer Biomet has put in place physical, technical, and administrative safeguards to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure, consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we are not able to guarantee security for data collected through our Applications. In addition, it is your responsibility to safeguard any passwords, identification or ID numbers, or similar individual information associated with your use of the Applications.

Special Note to Patients in the United States

If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. In the provision of certain services, Zimmer Biomet may act as your Provider’s business associate. Zimmer Biomet, when acting as your Provider’s business associate, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict when Zimmer Biomet is acting as your Provider’s business associate.

Special Note for Individuals Located in Japan

If you are located in Japan, the following section also applies to you:

Joint Use of Personal Data

Zimmer Biomet may use your Personal Data jointly with any subsidiary or affiliate of Zimmer Biomet Holdings, Inc. as described here. Personal Data subject to joint use: The personal information indicated in the section “What Personal Data Do We Process?”. Range of joint users: Zimmer Biomet Holdings, Inc., and its subsidiaries and affiliates (please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) for the specific names of the subsidiaries and affiliates). Joint users’ purposes of use: The purposes described in the section “What Personal Data Do We Process?”. Party responsible for managing your Personal Data: Zimmer Biomet Holdings, Inc.

Additional Notes for Mainland China

Personal Data may be processed in various methods including, without limitation, collection, storage, use, transmission, provision, disclosure and deletion, as stipulated under the Personal Information Protection Law of China (the PIPL).

The necessity of processing your sensitive Personal Data and the impact it has on your rights and interests

Our processing of your sensitive Personal Data described herein is necessary for:

  • Providing products and services, and fulfilling other purposes described above in each different scenarios;
  • Performing accounting, audit, internal investigations and other internal reviews;
  • Complying with all applicable laws, legal processes, and internal policies; and
  • Otherwise, accomplishing our business purposes and objectives.

Our processing of your sensitive Personal Data will not impact on your individual rights and interests as described in Section “Your Rights and How to Exercise Them” of this Notice. These rights may be limited by law and regulations for certain purposes, including for the establishment, exercise, or defense of legal claims. Our processing of your sensitive Personal Data will be limited to the minimal level that is necessary to accomplish specific purposes as described above, and will be subject to the physical, technical, and organizational measures for special data protection in accordance with the PIPL and other applicable Chinese data protection laws and regulations.

Zimmer Biomet has conducted necessary security assessment and privacy impact assessment for cross-border transfer for the collection and processing of your sensitive Personal Data in accordance with relevant Chinese data protection laws and regulations.

Your Choices

You can unsubscribe from any marketing or promotional emails. To do so, please use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request. Even if you unsubscribe to marketing emails, we may continue to send you transactional emails related to your mymobility account including updated notices and system outages.

Changes to This Privacy Notice

This privacy notice is effective as of the date last updated, as indicated below. We may update this Notice from time to time without notice. As such, you should review this Notice periodically. Your continued interactions with us and/or the use of our Applications subject to this Notice constitutes your agreement to this Notice.

Contact Us

If you have any questions, including how to access this Notice in an alternative format or to obtain further information about the security measures described in “Safeguarding Information”, please email us at privacy.global@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Global Privacy Officer, 345 East Main Street, Warsaw, IN 46580, United States. You may contact the data protection officer directly at dataprotectionofficer@zimmerbiomet.com.

For more contact details for your country of residence, please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

If you would like to access this notice in any of the languages set out in the Eighth Schedule of the Constitution of India, please contact privacy.global@zimmerbiomet.com.

Updated:  September 2025

© 2025 Zimmer Biomet. All Rights Reserved.

South Africa

Thank you for using mymobility® platform, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers or affiliated service groups to offer mymobility and other home-based programs to patients (including “you” as used in this notice).

This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility, any of the online applications or portals associated with mymobility, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility”). Depending on the service arrangement with your Provider, Zimmer Biomet may act as a Data Processor, Data Controller and/or Business Associate with regards to handling Personal Data. In the case Zimmer Biomet serves as a Processor, this Notice should be read in conjunction with and as supplementary information to the privacy notice of your Provider. Information provided to you by your Provider shall govern if there is any conflict between this Notice and information from your Provider.

This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand  the practices outlined in this Notice.

What Personal Data Do We Process?

Personal Data: “Personal Data” is any information – as electronically or otherwise recorded– that can be used to identify a specific individual or that we can link directly to an individual, such as name, address, email address, telephone number, credit card number, or health or treatment information, as applicable. Personal Data in some jurisdictions can include information that indirectly identifies a person – such as a unique number assigned to a patient by a Healthcare Provider, even absent other identifying information.

Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under applicable law is indicated with a caret (^) in the chart below.

For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).

The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below. Additionally, your Provider may be the Controller of your Personal Data and list the legal bases in its privacy notice.

Personal Data We Process (as a Controller, Processor, and/or Business Associate):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Contact information Your name, address, email address, phone number, username^, and password^ Directly from you and from your Provider We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • for the purposes of medical diagnosis and the provision of healthcare and treatment; and/or
  • to ensure high standards of quality and safety of healthcare and medical devices.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information
  • Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information^,
  • health insurance information^ and other information on payment for healthcare services (e.g., patient ID number)^, MRN (Medical Record Number)^,
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)^,
  • user activity^,
  • gait metrics, patterns or rhythms^,
  • pictures and videos of treatment activities^,
  • therapy completion and use details^,
  • communications with your Provider, including audio and/or video from telehealth sessions
  • intraoperative data (i.e., surgery duration, device size and device adjustment measurements). *
 Directly from you, your Provider and/or Persona IQ implant We process your health information data to provide you with our products and services, communicate with you, detect security incidents, to assist your Provider in payment, treatment, and operations, to protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information data from Apple HealthKit,  Health Connect,  Google Fit and/or derived from your smartphone’s Inertial Measurement Unit (“IMU”)^ Information regarding your health from Apple HealthKit, Health Connect,  Google Fit and/or your Apple or Android phone IMU data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from these sources.** Through your smartphones and connected device(s) via the Apple HealthKit, Health Connect,  application, Google Fit application, and/or other programming interfaces. To enhance the functionality of the Applications, you can share your IMU, Apple HealthKit, Health Connect,  and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   application, Google Fit application, and/or other programming interfaces. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet;
  • with your consent (which you may withdraw at any time) for the purposes of medical diagnosis and the provision of healthcare and treatment;
  • to ensure high standards of quality and safety of health care and medical devices;
  • for scientific or historical research purposes or statistical purposes; and/or
  • with your consent (which you may withdraw at any time) to anonymize or de-identify it for Zimmer Biomet’s use.
 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Technical information data Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications We automatically collect certain technical information relating to you and your devices when you visit or use the Applications. We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. We process this Personal Data:

  • for the purposes of the legitimate interests pursued by Zimmer Biomet.
 Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law

Anonymized Data we Process (as a Controller):

Category of Personal Data Personal Data Processed Sources Purpose of Processing Legal Bases of Processing Recipients of Your Personal Data
Anonymized / Deidentified Data*** Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,   and/or Google Fit application; and technical information from your devices We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes. We process this Personal Data:

with your express consent (which you may withdraw at any time) for Zimmer Biomet’s use.

 Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes

* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility.

** For Apple HealthKit, Health Connect, and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition, and/or iOS Location data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit, Health Connect,  Google Fit, Android Activity Recognition and/or iOS Location data if you choose to share the data with Zimmer Biomet. If you choose to share any this data as referenced in this paragraph with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit, Health Connect,  and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use the Apple HealthKit, Health Connect,  or Google Fit applications and or do not choose to allow Apple HealthKit, Health Connect, Google Fit, Android Activity Recognition and/or iOS Location data to be shared with us. You can choose to stop sharing this data at any time.

*** Zimmer Biomet is the Controller of anonymized / de-identified data derived from Personal Data.

Consumer Health Data: To the extent the Personal Data we process includes “Consumer Health Data” as defined under applicable U.S. state consumer health privacy laws such as the Washington State My Health My Data Act (MHMDA) and Nevada’s Consumer Health Data Law (SB 370), we will process the Consumer Health Data in accordance with our Consumer Health Data Privacy Policy which can be found here: https://www.zimmerbiomet.com/en/corporate/consumer-health-data-privacy-policy.html.

Personal Data, including Consumer Health Data, may be shared with your Provider for the purposes of medical diagnosis and the provision of healthcare and treatment.

Retention

We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law.Specifically, your Personal Data generally will be stored no longer than six (6) months following the termination date of our contract with your Provider, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

Cookies and Similar Tools

To the extent permitted by law, including with your consent where required, we may engage in the following activities:

  • We may collect Personal Data automatically through cookies and other technologies to provide functionality to our Applications; to effect certain security controls; and to recognize you and your preferences across devices when using our Applications.
  • We also perform statistical analyses of the users of our Applications to improve the functionality, content, design, and navigation of the Applications.

For more information about these activities and how to manage or opt out of them, please see our Cookie Notice or contact us.

Transfer of Personal Data Across National Borders

Please be aware that Personal Data we collect or process may be transferred and maintained outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including the United States. In particular, Zimmer Biomet may disclose Personal Data to the countries listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html). Zimmer Biomet has put in place lawful transfer mechanisms and appropriate safeguards, in accordance with applicable legal requirements, to protect your Personal Data, including but not limited to entering into agreements with third parties, such as service providers, to require them to adopt standards that ensure an equivalent level of protection for data as those we adopt.

Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.

TRUSTe

EU-U.S. Data Privacy Framework

Zimmer Biomet Holdings, Inc., in addition to all U.S. entities listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) except CD Laboratories, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Onward Transfer to Third Parties 

Zimmer Biomet shall remain liable under the DPF Principles if its agent(s) processes Personal Data in a manner inconsistent with the DPF Principles, unless Zimmer Biomet proves that it is not responsible for the event giving rise to the damage.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zimmer Biomet at: privacy.global@zimmerbiomet.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the above DPF mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over Zimmer Biomet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Your Rights and How to Exercise Them

Depending on where you live, you may have the following rights with respect to some or all of your Personal Data:

  • To withdraw your consent to processing, when we previously obtained your consent;
  • To request information about whether, and how, we process your Personal Data;
  • to request access to and a copy of your Personal Data including to provide your Personal Data directly to another organization (called, in some locations, a right to data portability);
  • to request that we correct or update your Personal Data ;
  • to request that we delete your Personal Data;
  • to request that we restrict or block or to object to or opt-out of the processing of your Personal Data, including your sensitive Personal Data, or to revoke your consent;
  • to appeal the denial of a request; and
  • to lodge a complaint with the data protection authority in your jurisdiction.

To exercise these rights, appeal the denial of one of your requests, or make a complaint about how we process your Personal Data, please submit a request using the Privacy Request Form, write at privacy.global@zimmerbiomet.com or for the US only, call us at 1-844-922-2721. Alternatively, you can find the relevant contact details for your country of residence in the section “Contact Us” and in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

Zimmer Biomet will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you with certain Applications, products and services or it may otherwise affect the way we are able to interact with you.

Please note that after receiving your request, we may require additional information from you or your authorized agent to honor your request and may deny your request if we cannot verify your identity or status.  Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

When we receive your Personal Data from others, including your Healthcare Provider, and process your Personal Data on their behalf, we may do so at their request and subject to their instructions. In that case, we do not have control over their privacy and security practices and processes. If your Personal Data has been submitted to us by a third party, we may need to ask you to contact them directly or we may be able to contact them on your behalf. If we need you to contact them directly, we will let you know.

Updating Your Information

In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.

Links to Other Websites

Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet.  Such links do not imply an endorsement with respect to any third party, any website, or the products or services provided thereby. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.

Safeguarding Information

Consistent with applicable laws and requirements, Zimmer Biomet has put in place physical, technical, and administrative safeguards to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure, consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we are not able to guarantee security for data collected through our Applications. In addition, it is your responsibility to safeguard any passwords, identification or ID numbers, or similar individual information associated with your use of the Applications.

Special Note to Patients in the United States

If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. In the provision of certain services, Zimmer Biomet may act as your Provider’s business associate. Zimmer Biomet, when acting as your Provider’s business associate, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict when Zimmer Biomet is acting as your Provider’s business associate.

Special Note for Individuals Located in Japan

If you are located in Japan, the following section also applies to you:

Joint Use of Personal Data

Zimmer Biomet may use your Personal Data jointly with any subsidiary or affiliate of Zimmer Biomet Holdings, Inc. as described here. Personal Data subject to joint use: The personal information indicated in the section “What Personal Data Do We Process?”. Range of joint users: Zimmer Biomet Holdings, Inc., and its subsidiaries and affiliates (please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) for the specific names of the subsidiaries and affiliates). Joint users’ purposes of use: The purposes described in the section “What Personal Data Do We Process?”. Party responsible for managing your Personal Data: Zimmer Biomet Holdings, Inc.

Additional Notes for Mainland China

Personal Data may be processed in various methods including, without limitation, collection, storage, use, transmission, provision, disclosure and deletion, as stipulated under the Personal Information Protection Law of China (the PIPL).

The necessity of processing your sensitive Personal Data and the impact it has on your rights and interests

Our processing of your sensitive Personal Data described herein is necessary for:

  • Providing products and services, and fulfilling other purposes described above in each different scenarios;
  • Performing accounting, audit, internal investigations and other internal reviews;
  • Complying with all applicable laws, legal processes, and internal policies; and
  • Otherwise, accomplishing our business purposes and objectives.

Our processing of your sensitive Personal Data will not impact on your individual rights and interests as described in Section “Your Rights and How to Exercise Them” of this Notice. These rights may be limited by law and regulations for certain purposes, including for the establishment, exercise, or defense of legal claims. Our processing of your sensitive Personal Data will be limited to the minimal level that is necessary to accomplish specific purposes as described above, and will be subject to the physical, technical, and organizational measures for special data protection in accordance with the PIPL and other applicable Chinese data protection laws and regulations.

Zimmer Biomet has conducted necessary security assessment and privacy impact assessment for cross-border transfer for the collection and processing of your sensitive Personal Data in accordance with relevant Chinese data protection laws and regulations.

Your Choices

You can unsubscribe from any marketing or promotional emails. To do so, please use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request. Even if you unsubscribe to marketing emails, we may continue to send you transactional emails related to your mymobility account including updated notices and system outages.

Changes to This Privacy Notice

This privacy notice is effective as of the date last updated, as indicated below. We may update this Notice from time to time without notice. As such, you should review this Notice periodically. Your continued interactions with us and/or the use of our Applications subject to this Notice constitutes your agreement to this Notice.

Contact Us

If you have any questions, including how to access this Notice in an alternative format or to obtain further information about the security measures described in “Safeguarding Information”, please email us at privacy.global@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Global Privacy Officer, 345 East Main Street, Warsaw, IN 46580, United States. You may contact the data protection officer directly at dataprotectionofficer@zimmerbiomet.com.

For more contact details for your country of residence, please refer to Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html).

If you would like to access this notice in any of the languages set out in the Eighth Schedule of the Constitution of India, please contact privacy.global@zimmerbiomet.com.

Updated:  September 2025

© 2025 Zimmer Biomet. All Rights Reserved.

This material is intended for patients utilizing the mymobility® application by Zimmer Biomet.
©2020-2025 Zimmer Biomet.