mymobility® Privacy Notice
Effective Date: October 2024
Thank you for using mymobility®, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility® on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers to offer mymobility® and other home-based programs to patients (including “you” as used in this notice).
This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility®, any of the online applications or portals associated with mymobility®, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility®”). This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand and agree to the practices outlined in this Notice.
What Personal Data Do We Process?
Personal Data: Personal Data is any information that can be used to identify you or that we can link directly to you, such as your name, address, email address, telephone number or credit card number. As indicated below, Personal Data includes health-related data. In some jurisdictions, Personal Data can include indirectly identifying information such as a unique number assigned to a patient by a medical facility or healthcare professional, even absent other identifying information. For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).
The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below.
Personal Data We Process:
Category of Personal Data | Personal Data Processed | Sources | Purpose of Processing | Legal Bases of Processing | Recipients of Your Personal Data |
---|---|---|---|---|---|
Contact information | Your name, address, email address, phone number, username^, and password^ | Directly from you and/or from your Provider | We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. | We process this Personal Data:
|
Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law |
Payment data (collected in connection with those who may purchase Apple Watches following their episode of care) | Your name, billing address, and payment details (e.g., credit card number, expiration date, and security code)^ | Directly from you | We process your payment information data to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. | We process this Personal Data:
|
Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law |
Health information | Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information^, health insurance information^ and other information on payment for healthcare services (e.g., patient ID number)^, MRN (Medical Record Number)^, patient-reported outcome measures (e.g., responses to questionnaires and surveys)^, user activity^, gait patterns or rhythms^, pictures and videos of treatment activities^, therapy completion and use details^, and communications with your Provider, including audio and/or video from telehealth sessions*^. | Directly from you and/or from your Provider | We process your health information data to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. | We process this Personal Data:
|
Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law |
Health information data from Apple HealthKit and/or Google Fit^ | Information regarding your health from Apple HealthKit and/or Google Fit data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from those applications** | Through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application | To enhance the functionality of the Applications, you can share your Apple HealthKit and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit apps. | We process this Personal Data:
|
Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law |
Technical information data | Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications | We automatically collect certain technical information relating to you and your devices when you visit or use the Applications. | We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance. | We process this Personal Data:
|
Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law |
Anonymised / Deidentified Data | Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified | Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application; and technical information from your devices | We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes. | We process this Personal Data:
|
Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes |
* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility® application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility®.
** For Apple HealthKit and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit and/or Google Fit data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application if you choose to allow those applications to share the data with Zimmer Biomet. If you choose to share this data with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use these applications or do not choose to allow those applications to share data with us. You can choose to stop sharing this data at any time.
Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under applicable law is indicated with a caret (^) in the chart above.
Consumer Health Data: To the extent the Personal Data we process includes “Consumer Health Data” as defined under applicable U.S. state consumer health privacy laws such as the Washington State My Health My Data Act (MHMDA) and Nevada’s Consumer Health Data Law (SB 370), we will process the Consumer Health Data in accordance with our Consumer Health Data Privacy Policy which can be found here: https://www.zimmerbiomet.com/en/corporate/consumer-health-data-privacy-policy.html.
Personal Data, including Consumer Health Data, may be shared with your Provider for the purposes of medical diagnosis and the provision of healthcare and treatment.
Retention
We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law. Specifically, your Personal Data generally will be stored no longer than six (6) months following the termination date of our contract with your Provider, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.
Cookies and Similar Tools
Cookies and Similar Tools: We also collect some other Personal Data from your mobile device automatically, including technical information. Like many Applications, we use cookies, web beacons, and other similar technologies on our Applications. A cookie is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and, among other things, recognize you as a return visitor to our Applications. Web beacons are small pieces of code placed on our Applications that allow us to obtain information about website usage.
Common uses for cookies include:
- identifying visitors who have signed into a password-protected website to avoid users having to submit a user name and password for every page;
- keeping track of visitors’ preferences regarding the content they would like to see and the format in which they would like to view it so that they don’t need to resubmit the preferences every time they visit the site;
- keeping track of which pages visitors request to make improvements to site content and navigation; and
- engaging in analytics about how the Applications are used.
You can set your browser to refuse all cookies from this and other websites that you visit. However, it is possible that some portions of the website will not function properly if your cookies are disabled. Please note that other tracking technologies will still function.
For more information on our use of cookies, please see the Zimmer Biomet Applications Cookie Policy at https://www.zimmerbiomet.com/cookies-policy.html.
Transfer of Personal Data Across National Borders
Please be aware that the Personal Data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including but not limited to the United States.
We enter into agreements with your Provider, our third-party vendors, and with our affiliates to ensure that your Personal Data is protected when crossing national borders. These agreements may include the Standard Contractual Clauses adopted and approved by the European Commission.
Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.
EU-U.S. Data Privacy Framework
Zimmer Biomet Holdings, Inc., in addition to all U.S. entities listed in Appendix 1 of Zimmer Biomet’s Corporate Privacy Notice (https://www.zimmerbiomet.com/en/corporate/privacy-notice.html) except CD Laboratories, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zimmer Biomet has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Onward Transfer to Third Parties
Zimmer Biomet shall remain liable under the DPF Principles if its agent(s) processes Personal Data in a manner inconsistent with the DPF Principles, unless Zimmer Biomet proves that it is not responsible for the event giving rise to the damage.
Recourse, Enforcement, and Liability
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Zimmer Biomet at: privacy.global@zimmerbiomet.com.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zimmer Biomet commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Individuals may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the above DPF mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
The Federal Trade Commission has jurisdiction over Zimmer Biomet’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Your Rights and How to Exercise Them
You may have a right under your jurisdiction’s data protection laws to the following with respect to some or all of your Personal Data:
- to request access to the information;
- to request that we rectify or erase your information;
- to request that we restrict or block the processing of your information;
- to provide your information directly to another, i.e., a right to data portability; and
- when we previously obtained your consent, to withdraw consent to processing.
To exercise these rights, please go to the mymobility Data Subject Request Form to submit your request. You may also submit your request to privacy.global@zimmerbiomet.com. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
Additionally, you may have the right to lodge a complaint against us. To do so, contact the relevant governing authority in your country of residence.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Updating Your Information
In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.
Links to Other Websites
Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet. You should carefully review the privacy policies and practices of these websites or applications before visiting them, as we cannot control and are not responsible for their privacy policies or practices.
Safeguarding Information
We have implemented physical, electronic, and administrative safeguards to protect your Personal Data. However, as is the case with all websites, applications, and online services, we are not able to guarantee security for data collected through our Applications.
Special Note to Patients in the United States
If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. In the provision of certain services, Zimmer Biomet may act as your Provider’s business associate. Zimmer Biomet, when acting as your Provider’s business associate, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict when Zimmer Biomet is acting as your Provider’s business associate.
Your Choices
You can unsubscribe from any marketing or promotional emails. To do so, please email us at support@zbmymobilitysolutions.com or use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request.
Changes to This Privacy Notice
We update this Notice from time to time and will post changes in the Applications. Any changes made in the updated Notice will be effective within 5 days after the updated Notice is posted. You should review this Notice periodically to stay aware of changes, as you will be deemed to have consented to them when you use the Applications after the effective date of those changes.
Contact Us
If you have any questions, please contact us at privacy.global@zimmerbiomet.com.
For visitors from the European Economic Area, Switzerland, and the United Kingdom, to contact our Data Protection Officer, please contact us at privacy.global@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Data Protection Officer, P.O. Box 708 1800, West Center Street, Warsaw, Indiana 46581-0708.
For visitors from the Asia Pacific area, please contact the relevant Data Protection Officer listed at https://www.zimmerbiomet.com/privacy-policy.html#contact via the contact details set out therein.
If you would like to access this notice in any of the languages set out in the Eighth Schedule of the Constitution of India, please contact Privacy.Global@zimmerbiomet.com.
© 2024 Zimmer Biomet. All Rights Reserved.