Masimo Corporation

We Participate in the Privacy Shield Framework

Masimo complies with, and participates in the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and its Member States (“EU”), European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland to the United States, respectively (collectively “Privacy Shield“). Masimo Corporation, Masimo Americas, Inc., and Masimo Semiconductor, Inc. (together, “Masimo“) has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles, and is committed to process all personal data received from the EU, EEA, UK and Switzerland in accordance with the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Masimo’s certification, please visit https://www.privacyshield.gov/list.

The Types of Personal Data That We Collect

Masimo collects personal data, as defined in the Privacy Shield Framework, from individuals who visit our public and customer-facing web and mobile sites (“EU, EEA, UK and Swiss Website Visitors“), individual representatives of our corporate customers, suppliers and business partners (“EU, EEA, UK and Swiss Business Contacts“), and Masimo EU, EEA, UK and Swiss employees and temporary staff. Masimo therefore collects both non-human resources personal data, as well as human resources related personal data for Masimo EU, EEA, UK and Swiss employees and temporary staff.

From EU, EEA, UK and Swiss Website Visitors, Masimo may collect the following types of personal data:

• Phone number, email address, and ship to/bill to addresses;
• Company or healthcare organization information;
• Activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to use of our websites and our services;
• Log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our websites;
• Security authorization and authentication information;
• Usage data;
• Personal data of individuals who participate in clinical trials;
• Personal data provided by customers through use of products;
• Photos, social media profile, areas of expertise and any other information EU, EEA, UK and Swiss Website Visitors choose to provide when accessing Masimo social media pages on various platforms;
• Feedback and reviews, or requests for support;
• Event registrations and preferences;
• Resume and applicant information for those applying to job openings; and
• Other personal data provided by the EU, EEA, UK and Swiss Website Visitor.

From EU, EEA, UK and Swiss Business Contacts, Masimo may collect the following types of personal data:

• Phone number, email address, and ship to/bill to addresses;
• Financial and billing information;
• Company or healthcare organization information;
• Activities, interactions, preferences, transactional information, and other computer and connection information (such as IP address) relating to use of our websites and our services;
• Log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our websites;
• Security authorization and authentication information;
• Usage data; and
• Other personal data provided by the EU, EEA, UK or Swiss Business Contact.

From Masimo EU, EEA, UK and Swiss employees and temporary staff, Masimo may collect the following types of personal data:

• Identification information;
• Contact information;
• Financial information;
• Professional career/employment information;
• Skills and development information;
• Security and legal compliance information;
• IT systems information; and
• Employee-provided personal information.

Purposes for the Collection and Use of Personal Data

Masimo collects and uses personal data of EU, EEA, UK and Swiss Website Visitors, EU, EEA, UK and Swiss Business Contacts, and Masimo EU, EEA, UK and Swiss employees and temporary staff for the purposes of:

• Providing information about our services and events;
• Personalizing visitors’ experience on our websites;
• Providing products, services, and support to our customers;
• Communicating with corporate business partners and healthcare organizations about business matters;
• Advertising and marketing to businesses and healthcare organizations;
• Conducting related tasks for legitimate business purposes;
• Aggregating data;
• Preventing fraud;
• Administration of information and network security;
• HR administration, performance management, benefits administration, and internal company communications;
• Meeting legal or regulatory requirements and Masimo’s internal policies;
• Management of travel, lodging, and related expenses; and
• Other purposes separately disclosed at the time of collection.

Commitment to the Principles

All personal data that we receive from EU, EEA, UK and Swiss Website Visitors, EU, EEA, UK and Swiss Business Contacts, and Masimo EU, EEA, UK and Swiss employees and temporary staff in reliance on the Privacy Shield framework is subject to the Privacy Shield Principles and Supplemental Principles. We also receive some personal data through reliance on other EU-toU.S. data transfer mechanisms, such as data transfer agreements based on EU Standard Contractual Clauses.

With respect to human resources data received from the EU, EEA, UK and Switzerland, Masimo commits to cooperate with the EU Data Protection Authorities and with the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and will comply with any advice given by such authorities.

Third Parties With Whom We Share Personal Data

Masimo may share personal data we collect from EU, EEA, UK and Swiss Website Visitors, and EU, EEA, UK and Swiss Business Contacts, and Masimo EU, EEA, UK and Swiss employees and temporary staff with the following types of third parties and for the following purposes:

• Subsidiaries, affiliates and contractors, who process personal data on their own behalf or on behalf of Masimo to provide the services requested or to fulfill contractual obligations;
• Channel partners, such as distributors and resellers, to fulfill product and information requests, and to provide customers and prospective customers with information about Masimo and its products and services;
• Other third party service providers contracted to provide services on our behalf;
• Partners, sponsors or other third parties with whom Masimo jointly offers webinars, white paper downloads or other related services; and
• Other corporate entities if Masimo goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets.

Right to Access; Inquiries or Complaints

If EU, EEA, UK or Swiss Website Visitors, EU, EEA, UK or Swiss Business Contacts, and Masimo EU, EEA, UK and Swiss employees and temporary staff have any questions or complaints regarding this Privacy Shield Notice or need to access, update, change or remove personal data, please contact us at privacy@Masimo.com or by postal mail addressed to:

Masimo Corporation
Attn: Data Protection Manager
52 Discovery
Irvine, CA 92618
United States

Masimo will respond to your question, complaint, and/or request to access or delete your information within 30 days. Your right to access your personal data is subject to conditions set out the Privacy Shield Framework.

Independent Dispute Resolution Body

Under the GDPR, individuals have rights to access, deletion, rectification, objection, restriction, and portability. In compliance with the Privacy Shield Principles, Masimo commits to resolve complaints about our collection or use of your personal information. EU, EEA, UK and/or Swiss individuals with inquiries or complaints regarding this Privacy Shield Notice should first contact privacy@Masimo.com or contact Masimo through the postal address provided above. If you are located in the EEA, EU, UK or Switzerland and we have not been able to satisfactorily resolve your question or complaint regarding our privacy practices, you may raise your concern to the attention of the panel established by the EU Data Protection Authorities (“DPAs”), the Swiss Federal Data Protection and Information Commissioner, as applicable. Masimo commits to cooperate with the panel established by the EU DPAs, UK DPAs and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel and/or Commissioner, as applicable, with regard to data transferred from the EEA, UK and/or Switzerland.

Choices and Means

If you are an EEA, EU, UK or Swiss Masimo Website Visitor or EEA, EU, UK or Swiss Business Contact, if at any time you do not want your information disclosed to third parties not acting on our behalf, as set out above, or used for any additional purpose that we notify you of, you may opt out of such use by contacting us via the contact information in the “Right to Access” section above. You may also choose to unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the message you received. We will retain and use your personal information in a way that does or may identify you for as long as needed to provide you marketing or services, comply with our legal obligations, resolve disputes, and/or enforce our agreements.

Investigatory and enforcement powers of the FTC

Masimo is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and the U.S. Federal Trade Commission has jurisdiction over Masimo’s compliance with the Privacy Shield. Masimo also is committed to cooperating with EEA, EU, UK and Swiss DPAs and any panel set up by them.

Requirement to disclose

Masimo may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce the website Terms and Conditions; or (d) act to protect the interests of our users or others.

Liability

In the context of an onward transfer to a third party acting as an agent on behalf of Masimo, if the third party processes personal data from the EEA, EU, UK and from Switzerland in a manner inconsistent with the Privacy Shield Principles, Masimo will be liable unless Masimo can prove that it is not responsible for the event giving rise to the damages.

In relation to an onward transfer to a third party acting as a controller, Masimo will enter into a contract with such third party that provides that (i) personal information may only be processed for limited and specified purposes and consistent with a declaration of consent provided (where necessary), (ii) the third party will comply with these Principles or equivalent obligations and will notify Masimo if it can no longer meet this obligation, and that (iii) if such determination is made, the third party shall cease processing or take other reasonable and appropriate steps to remediate. This shall be Masimo’s entire liability in respect of processing of personal data by such third parties.

Arbitration

If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Masimo’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Privacy Shield website. Under the GDPR, individuals may also file a complaint with their local national DPAs.