mymobility™ Privacy Notice

Effective Date: September 2023

Thank you for using mymobility™, the Zimmer Biomet remote rehabilitation mobile application and online service. Zimmer Biomet, together with its affiliates (“we,” “us,” or “Zimmer Biomet”), provides mymobility™ on behalf of physicians, hospitals, rehabilitation centers, and other healthcare providers (each a “Provider”) by contracting with Providers to offer mymobility™ and other home-based programs to patients (including “you” as used in this notice).

This Privacy Notice (“Notice”) explains our practices for the collection and processing of information from or about you (“Personal Data”) through mymobility™, any of the online applications or portals associated with mymobility™, and any other online Zimmer Biomet service that links to this Notice (collectively “Applications” or “mymobility™”). This Notice is unique to the Applications and differs from other Zimmer Biomet and Zimmer Biomet-affiliate privacy policies and notices. By using the Applications, you indicate that you understand and agree to the practices outlined in this Notice.

What Personal Data Do We Process?

Personal Data: Personal Data is any information that can be used to identify you or that we can link directly to you, such as your name, address, email address, telephone number or credit card number. As indicated below, Personal Data includes health-related data. In some jurisdictions, Personal Data can include indirectly identifying information such as a unique number assigned to a patient by a medical facility or healthcare professional, even absent other identifying information. For patients located in the United States, Personal Data may be considered Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA).

The table below summarizes the Personal Data we process, the sources from which we obtain your Personal Data, our purposes for processing your Personal Data, and the potential recipients of your Personal Data. Some jurisdictions require us to state the legal bases for processing your Personal Data, which is also included in the table, but please note that not all jurisdictions may recognize all legal bases included below.

Personal Data We Process:

Category of Personal Data	Personal Data Processed	Sources	Purpose of Processing	Legal Bases of Processing	Recipients of Your Personal Data
Contact information	Your name, address, email address, phone number, username, and password	Directly from you and from your Provider	We process your contact information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance.	We process this Personal Data: for the purposes of the legitimate interests pursued by Zimmer Biomet; for the purposes of medical diagnosis and the provision of healthcare and treatment; and/or to ensure high standards of quality and safety of healthcare and medical devices.	Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Payment data (collected in connection with those who may purchase Apple Watches following their episode of care)	Your name, billing address, and payment details (e.g., credit card number, expiration date, and security code)	Directly from you	We process your payment information data to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance.	We process this Personal Data: for the performance of a contract to which you are a party; and/or for the purposes of the legitimate interests pursued by Zimmer Biomet.	Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information	Information regarding your treatment, including your date of birth, sex/gender, treatment dates, medical history and treatment information, patient-reported outcome measures (e.g., responses to questionnaires and surveys), user activity, pictures and videos of treatment activities, therapy completion and use details, and communications with your Provider, including audio and/or video from telehealth sessions*	Directly from you and from your Provider	We process your health information data to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance.	We process this Personal Data: for the purposes of medical diagnosis and the provision of healthcare and treatment; to ensure high standards of quality and safety of health care and medical devices; for scientific or historical research purposes or statistical purposes; and/or with your consent (which you may withdraw at any time) to anonymize it for Zimmer Biomet’s use.	Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Health information data from Apple HealthKit and/or Google Fit	Information regarding your health from Apple HealthKit and/or Google Fit data, including physical activity, steps, stairs, heart rate, rest periods, and other information collected from those applications**	Through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application	To enhance the functionality of the Applications, you can share your Apple HealthKit and/or Google Fit data with Zimmer Biomet so that Zimmer Biomet can provide that data to your Provider. This data is collected and processed through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit apps.	We process this Personal Data: for the purposes of the legitimate interests pursued by Zimmer Biomet; for the purposes of medical diagnosis and the provision of healthcare and treatment; to ensure high standards of quality and safety of health care and medical devices; for scientific or historical research purposes or statistical purposes; and/or with your consent (which you may withdraw at any time) to anonymize it for Zimmer Biomet’s use.	Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Technical information data	Internet Protocol (IP) addresses, browser type, browser language, device type, and advertising IDs associated with your device (such as Apple’s Identifier for Advertising or Android’s Ad ID or Android’s Advertising ID), as well as the date and time you use the Applications, and Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving at and after leaving our Applications	We automatically collect certain technical information relating to you and your devices when you visit or use the Applications.	We process your technical information to provide you with our products and services, communicate with you, detect security incidents, and protect against malicious or illegal activity; and for short-term, transient use, internal research and development, and quality assurance.	We process this Personal Data: for the purposes of the legitimate interests pursued by Zimmer Biomet.	Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; and government officials, when permitted by this policy or required by law
Anonymised / Deidentified Data	Data for which your individual personal characteristics have been removed such that you are not identified, including by removing identifiers required under HIPAA for such data to be considered deidentified	Directly from you; from your Provider; through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application; and technical information from your devices	We use this anonymized / deidentified data, which is not Personal Data, for Zimmer Biomet’s own purposes.	We process this Personal Data: with your express consent (which you may withdraw at any time) for Zimmer Biomet’s use.	Providers; Zimmer Biomet, our affiliates, subsidiaries, and related companies; partners that assist us in providing the products or services that you request or improving our marketing or administration; government officials, when permitted by this policy or required by law; and other third parties for Zimmer Biomet’s own purposes

* Note that in order to provide you with telehealth services, you will be prompted to provide permission for the mymobility™ application to use your mobile device’s camera and microphone. On Android phones, we are required to ask your permission to access your media files; however, we do not process any media or files on your phone outside of information you enter into mymobility™.

** For Apple HealthKit and/or Google Fit data: To provide you with our full suite of services, we may ask you to share your Apple HealthKit and/or Google Fit data with Zimmer Biomet. We only collect and process Personal Data that we receive through your smartphone and connected device(s) via the Apple HealthKit and/or Google Fit application if you choose to allow those applications to share the data with Zimmer Biomet. If you choose to share this data with Zimmer Biomet, we will collect up to 45 days of Apple HealthKit and/or Google Fit data prior to the date you choose to share the data to provide pre- and post-treatment data to your Provider and in accordance with this Notice. If you do not want us to collect this Personal Data, please do not use these applications or do not choose to allow those applications to share data with us. You can choose to stop sharing this data at any time.

Retention

We will process and store your Personal Data only for the period necessary to achieve the purpose of the storage, or as permitted by law. Specifically, your Personal Data generally will be stored for five (5) years from the date you and your Provider last use the Applications, subject to longer retention periods required in some circumstances for legal and regulatory purposes. After that period has expired, the corresponding Personal Data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

Cookies and Similar Tools

Cookies and Similar Tools: We also collect some other Personal Data from your mobile device automatically, including technical information. Like many Applications, we use cookies, web beacons, and other similar technologies on our Applications. A cookie is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and, among other things, recognize you as a return visitor to our Applications. Web beacons are small pieces of code placed on our Applications that allow us to obtain information about website usage.

Common uses for cookies include:

identifying visitors who have signed into a password-protected website to avoid users having to submit a user name and password for every page;
keeping track of visitors’ preferences regarding the content they would like to see and the format in which they would like to view it so that they don’t need to resubmit the preferences every time they visit the site;
keeping track of which pages visitors request to make improvements to site content and navigation; and
engaging in analytics about how the Applications are used.

You can set your browser to refuse all cookies from this and other websites that you visit. However, it is possible that some portions of the website will not function properly if your cookies are disabled. Please note that other tracking technologies will still function.

For more information on our use of cookies, please see the Zimmer Biomet Applications Cookie Policy at https://www.zimmerbiomet.com/cookies-policy.html.

Transfer of Personal Data Across National Borders

Please be aware that the Personal Data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location, including but not limited to the United States.

We enter into agreements with your Provider, our third-party vendors, and with our affiliates to ensure that your Personal Data is protected when crossing national borders. These agreements may include the Standard Contractual Clauses adopted and approved by the European Commission.

Zimmer Biomet’s privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here: www.cbprs.org.

Your Rights and How to Exercise Them

You may have a right under your jurisdiction’s data protection laws to the following with respect to some or all of your Personal Data:

to request access to the information;
to request that we rectify or erase your information;
to request that we restrict or block the processing of your information;
to provide your information directly to another, i.e., a right to data portability; and
when we previously obtained your consent, to withdraw consent to processing.

To exercise these rights, please go to the mymobility Data Subject Request Form to submit your request. You may also submit your request to privacy.emea@zimmerbiomet.com. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

Additionally, you may have the right to lodge a complaint against us. To do so, contact the relevant governing authority in your country of residence.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Updating Your Information

In addition to other methods outlined in the Notice, you can update some of your Personal Data by logging into your account and changing that Personal Data. With respect to Personal Data provided to us by your Provider, you may have the right to contact your Provider to update information.

Links to Other Websites

Our Applications may contain links to other websites or applications that are not owned or operated by Zimmer Biomet. You should carefully review the privacy policies and practices of these websites or applications before visiting them, as we cannot control and are not responsible for their privacy policies or practices.

Safeguarding Information

We have implemented physical, electronic, and administrative safeguards to protect your Personal Data. However, as is the case with all websites, applications, and online services, we are not able to guarantee security for data collected through our Applications.

Special Note to Patients in the United States

If you are a U.S. patient, please note that this Notice is distinct from your Provider’s HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects, as well as any other privacy practices it applies. Zimmer Biomet, as your Provider’s business associate or contracting partner, collects, uses, and disclosures your information on behalf of your Provider in accordance with your Provider’s HIPAA Notice of Privacy Practices and other privacy practices. Reading this Notice and your Provider’s Notice of Privacy Practices will help you understand how information we collect from you through Zimmer Biomet Applications or directly from your Provider is used and/or disclosed. If there is any inconsistency between this Notice and your Provider’s Notice of Privacy Practices, your Provider’s Notice applies with respect to that conflict.

Your Choices

You can unsubscribe from any marketing or promotional emails. To do so, please email us at support@zbmymobilitysolutions.com or use the unsubscribe mechanism offered in our marketing emails. Please note that if you have already requested products or services when you decide to withdraw consent, a short period of time may elapse before we can update your preferences and ensure that we honor your request.

Changes to This Privacy Notice

We update this Notice from time to time and will post changes in the Applications. Any changes made in the updated Notice will be effective within 5 days after the updated Notice is posted. You should review this Notice periodically to stay aware of changes, as you will be deemed to have consented to them when you use the Applications after the effective date of those changes.

Contact Us

If you have any questions, please contact us at privacy.nam@zimmerbiomet.com.

For visitors from the European Economic Area, Switzerland, and the United Kingdom, to contact our Data Protection Officer, please contact us at privacy.emea@zimmerbiomet.com or write to us at Zimmer Biomet, Attn: Data Protection Officer, P.O. Box 708 1800, West Center Street, Warsaw, Indiana 46581-0708.

For visitors from the Asia Pacific area, please contact the relevant Data Protection Officer listed at https://www.zimmerbiomet.com/privacy-policy.html#contact via the contact details set out therein.