GDPR Compliance Statement

The EU General Data Protection Regulations (“GDPR”) focus on the collection, storage, retention and use of personal information, along with providing those from whom data is collected notice of the procedure for ensuring their personal information is deleted should it be stored after collection. Cadwell equipment and software are capable of being used in compliance with the GDPR so that personal information can be collected, utilized and safeguarded in a GDPR-compliant manner. Cadwell’s software architecture includes log-in authentication for user access, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates and data encryption, which support GDPR-compliant use.

Clinicians use Cadwell equipment to collect personal information, however outside of the U.S. Cadwell does not host, store or retain personal information on behalf of clinicians when software is hosted in a customer’s own data center. All collected personal information remains under the control of the equipment/software user and the network host for the network into which the equipment is integrated. In the event equipment containing personal information is sent back to Cadwell for service, Cadwell follows annually-reviewed and audited procedures (“Internal Procedures”) to safeguard personal information and prevent all unauthorized disclosures while in Cadwell’s care. All employees are trained annually on the Internal Procedures. For more information see Cadwell’s privacy policy at https://www.cadwell.com/privacy-notice/.

Effective date: January 14, 2026