Do you want to skip to content? Skip to content
Call Us Call Us 0800 88 50 50

Convatec Global Privacy Notice

This privacy notice was last updated October 2023.

How we protect your data

We keep your personal data safe through a combination of administrative, technical, and physical safeguards that consider the nature of your data, how it is processed and any risks it faces. Convatec also uses security and fraud protection tools to protect our websites and mobile apps. 

How long we hold your data for 

The length of time we hold your data for will vary depending on its purpose. In every instance, we only hold your data for as long as is necessary to do so. This includes for legal, accounting or reporting reasons. 

Other factors include the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, why we collected it and whether there’s a way we can proceed without your data. For more information, you can request a copy of our retention policy via our online contact us form.

How we protect your data in transit

To effectively process your personal data, it may be transferred to or accessed by other Convatec entities, including Convatec-affiliated companies or service providers.

How Convatec protects your data when it’s transferred between countries

We comply with the laws on the transfer of personal data between countries. You may access a regional version of this privacy notice in the local language(s), with information on how we’re complying with the region-specific and country-specific privacy and security legislation affecting your personal data. 

We comply with laws such as, but not exclusive to:

  • General Data Protection Regulation (GDPR)
    A European Union (EU) ruling that took effect in 2018.
  • UK GDPR - Data Protection Act 2018 
    The UK GDPR is the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (EU GDPR) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). 
  • California Consumer Privacy Act (CCPA)
    A 2020 law similar to GDPR but specifically for the way businesses store and share California resident data. If you’re a California resident, please see our California Resident Privacy Notice to find out more. 
  • Health Insurance Portability and Accountability Act (HIPAA)
    A law that protects the data rights of patients and contains advice on healthcare cybersecurity for providers like Convatec, 180 Medical (a Convatec subsidiary), hospitals and other organisations that store and collect patient data.

How Convatec protects data transfers outside the EEA and the UK 

Many of our external third-party service providers (for example, IT support consultants or marketing agents) are based outside of the European Economic Area (EEA) or the United Kingdom (UK). This means processing your personal data could involve transferring it outside of these regions.
In this instance, your data will have the same level of protection as it does in the EEA and the UK by ensuring the recipient is signed up to equivalent data protection obligations as the ones contained in GDPR.

We also provide additional protection, by only using legal agreements approved by the European Commission.

How Convatec protects data transferred outside China Mainland

Residents of China Mainland may have their personal data processed in countries/regions outside of China Mainland. This will be done in compliance with local law, including the Personal Information Protection Law. We may also transfer this personal data to third parties, who may in turn store or transfer the data outside of China mainland. Convatec imposes the same or similar protection liability (including notice and consent requirements) on third parties.

Other web technologies

How Convatec uses reCAPTCHA 

Convatec uses a Google technology called reCAPTCHA on some of its web sites. reCAPTCHA is a technology that enables our websites to distinguish between human users and automated systems. This is designed to prevent misuse and abuse of our websites by only allowing humans access.
reCAPTCHA distinguishes between humans and automated systems by monitoring personal information like typing patterns, mouse clicks or screen touches. This information is not stored or collected. You can find more information about how Google uses this information by visiting the link below.

Video player services  

We host videos on our websites using a variety of video player services including YouTube. These typically use an enhanced privacy version of the player to manage the collection of your personal data. 

Clicking play on one of these versions of the video player means it will store and collect interaction data from your computer, but it will not collect personally identifiable information. This means watching a video on our website will not personalise your content on that player service or on any of your subsequent visits to that video platform.

Online chat service

Some of Convatec’s websites include online chat or chatbot service. For your information on how we process your personal data read our privacy policy.

Our Webchat service processes personal data that you provide with your consent.
To enable us to assist you, it is helpful for us to have your contact details when you use our webchat service.
Our preference is that you do not share sensitive personal information via live webchat. If it becomes necessary to share sensitive personal information, we will request an alternative contact channel such as telephone or email.
We may retain a copy of the Webchat transcript for training and reporting purposes only and should you wish to have a copy of the transcript you may in line with our privacy notice.

Third-party links and websites 

Convatec websites contain third-party links that may take you to another website, plug-in or application. Following these links or connecting with these services may allow these external websites to collect or share data about you. 

Convatec does not control third-party websites, or how they use your data. We encourage you to read the privacy notice of any website you visit that you may have concerns about.

Your rights regarding your personal data

Everyone has the right to know, access, correct, transfer, and restrict the processing of any personal data that Convatec has access to. You may also request the deletion of your personal data.
If you choose to exercise these rights, you won’t be treated in a discriminatory way, or receive a lesser degree of service from Convatec. 

Requesting access to your personal data

You may at any time request access to your personal data, commonly known as data subject access request. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

You can do this by contacting us at

Updating the data we hold about you

If your personal data is out of date, incomplete or inaccurate, you can ask us to update these details. We may need to verify the accuracy of the new data you provide to us. Please contact us to update your data. 

Marketing Communications

You can opt out of receiving marketing information from Convatec and its subsidiaries. To unsubscribe from our promotional emails or messages, use the link provided in the promotional messages. Alternatively contact us via email at

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product regulatory issue, product/service experience or other transactions.

Request the deletion of your personal data

You can ask us to delete any information that we hold about you. Please email our Data Protection Officer at to request a deletion of your data.

Sometimes we may have to decline a request

There will be some situations where we cannot grant your request, for example, if you ask us to delete your data where Convatec is legally obligated to keep a record of that transaction to comply with the law.

We might also decline to grant a request that would undermine our legitimate use of data for anti-fraud and security purposes. Other reasons your request might be denied would be if it jeopardises the privacy of others, or is deemed by Convatec to be frivolous, vexatious, or extremely impractical.


Special circumstances

Children’s privacy notice 

Convatec never deliberately markets to children. However, some of our products and services can be used by children.

In any instances where we’ve collected data from children ages 13-16, they will be afforded the same rights as an adult, including the right to access, update, and object to the processing of their personal data. They also have the right to request that their personal data is erased. 

For children younger than 13, we will seek consent from whoever holds parental responsibility for the child, unless the online service we offer is a preventive or counselling service.

How to contact Convatec regarding your data

If you’ve got any questions, comments, requests or complaints about our privacy notice, or would like to request access to or change your data, contact the Convatec Data Protection Officer (DPO) by emailing

What is a Data Protection Officer? 

To protect your data more effectively, Convatec has appointed a data protection officer (DPO) for the group, whose responsibilities include protecting your data and keeping you informed and up to date.
Our DPO ensures that this privacy notice is clear and easy to understand, so you can remain totally informed about the relationship between you, us and your personal data. Our DPO is Convatec’s representative regarding your data, so they’re responsible for answering any questions about this privacy notice – or if you want to exercise any of your rights as listed on this page.

How to contact Convatec’s DPO by post

If you prefer not to use email, please send your inquiry to the following address:

Convatec Group Data Protection Officer 
Floor 7 
20 Eastborne Terrace 
W2 6LG 
United Kingdom 

Changes to this privacy notice

We will revise this notice from time to time by updating this page so that we can improve the experience that we provide. If we make any changes to how we use or share your personal data, we’ll let you know via email and/or a notice on our website. 

You are leaving

This Internet site may provide links or references to other sites but Convatec have no responsibility for the content of such other sites and shall not be liable for any damages or injury arising from that content. Any links to other sites are provided as merely a convenience to the users of this Internet site.
Do you wish to continue?