For Mothers Lactation professionals Surgical Care About Medela Careers
You are currently viewing: Medela - Global
You can select an alternative Medela website in one of these countries:
Products Solutions Articles Medela Family App Customer Voices Services
Shop Finder

Data Protection Information for Handling Customer Complaints

Last updated: 16 February 2026

Protecting your privacy is important to us. Therefore, we would like to provide you with the following information.

1. Entity responsible for data processing and contact details (controller)

Medela AG and its local group companies (hereinafter referred to as "Medela")
Lättichstrasse 4b
6340 Baar
Switzerland
privacy@medela.com

2. Purpose and legal base of processing your personal data

When you contact Medela (e.g. by phone, email) to complain about our products and/or services, we may ask for your personal data to assess, investigate and to resolve your complaint. Further, we may process your personal data to improve our product and services, to ensure compliance with legal, regulatory and contractual obligations and to establish, exercise and/or defend legal claims.

We process your personal data based on one or more of the following legal grounds:

  • Performance of a contract, if you bought a product or service directly from Medela and where the complaint relates to products or services we provide
  • Compliance with legal obligations
  • Legitimate interests, such as improving services, ensuring quality, and defending legal rights

For the handling of your complaints, you may voluntarily disclose, or we may also ask for sensitive personal data (e.g. health information). In this case, we will explicitly obtain your consent. You may withdraw your consent at any time by submitting a data protection rights request as described in the Section, Your rights / How to contact us. The withdrawal of consent does not affect the lawfulness of the processing carried out based on your consent prior to the withdrawal nor does it affect any processing carried out on another legal base.

All personal data collected will be processed exclusively for the purposes mentioned above. They are neither processed automatically nor analyzed in relation to personal aspects (profiling).

3. Types of personal data

  • Identification details (e.g., first name, last name)
  • Contact details (e.g., address, email, phone)
  • Birth information
  • Complaint/request details
  • Recording of your call including date and time of the call
  • Transaction details

4. Recipients or categories of recipients

Within Medela, your personal data will only be received by those internal departments and local group companies that process it for the purpose stated in section 2.

Further, Medela has engaged service providers supporting the complaints’ handling (e.g. customer service platforms, call center solutions, communication system, logistics). The service providers may not disclose your personal data to unauthorized third parties or use your personal data for purposes other than as instructed.

Medela may also disclose your personal data to regulatory authorities, if required by law and/or external advisory (e.g. legal counsel) when necessary.

All third parties receiving data are required to implement appropriate security and confidentiality measures.

5. Location and duration of the storage of your personal data

Your personal data is stored on servers in the United Kingdom.

We retain personal data related to customer complaints only for as long as necessary to:

  • Resolve the complaint
  • Fulfill legal and regulatory obligations
  • Establish, exercise, or defend legal claims

Retention periods may vary depending on applicable laws and internal policies.

6. Transmission of personal data abroad
Some Medela local group companies and service providers are located in countries outside that do not provide for the same level of data protection as in your country of residence. If personal data is transferred outside your country of residence (e.g., outside the EEA or Switzerland), we ensure adequate protection through mechanisms such as:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Additional safeguards where necessary

7. U.S. State Law Requirements

Some U.S. state privacy laws such as the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA) and the Connecticut Personal Data Privacy and Online Monitoring (2022 S.B.6) require specific disclosures for state residents. State laws like the CCPA, VCDPA, CPA and 2022 S.B.6 also provide the right to request information about how we collect, use and disclose your information. These laws also provide the right to request deletion or anonymization. We do not discriminate against individuals for exercising these privacy rights. Medela fully complies with all applicable State Privacy Laws, including, but not limited to the California Consumer Privacy Act (“CCPA”), Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act, and any other United States state privacy laws, together with applicable implementing regulations, that provide general privacy protection to consumers.

8. Medela Does Not Sell Personal Data

Medela has never sold Personal Data and does not intend to sell any Personal Data in the future. If this intent changes, we will update this Privacy Notice accordingly. “Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

From time to time we may collect “Sensitive Personal Information” (SPI). SPI includes, but is not limited to, racial origin, religious beliefs, sexual orientation, ethnicity, religion, genetic data, private communications, specified health information and precise geolocation. We do not sell SPI or utilize automated decision making.

9. HIPAA Notice of Privacy Policy for Protected Health Information

To the extent that you are a U.S. citizen and may disclose “protected health information” as defined under U.S. law while you make a complaint with us, please refer to our HIPAA Privacy Policy and Notice of Privacy Practices to understand your rights and how we may use and disclose your protected health information.

10. Your rights / How to contact us

The following data protection rights describe the commonly known privacy standards. However, some rights may not apply according to local privacy law.

Right to access personal data: You have the right to request and receive information on the personal data collected on you or processed or, where applicable, shared with third parties.

Right to rectification: You have the right to have any inaccurate personal data corrected.

Right to erasure ("right to be forgotten"): You have the right to have your personal data deleted – for example, if your personal information is no longer required for the original purpose it was collected – subject to statutory retention obligations.

Right to restrict data processing: You have the right to request the restriction of the processing of your personal data, for example if the processing is unlawful or the accuracy of your personal data is contested.

Right to data portability: You have the right to receive a copy of the personal data you have provided us. You can request to have your personal data transmitted to you or, where technically feasible, to another data controller of your choice.

Right to object: You have the right to object to having your personal data processed for certain purposes or to withdraw your consent to such processing.

Please note that in exceptional cases, your right to exercise the above rights may not be guaranteed due to statutory or regulatory requirements.

If you would like to exercise any of the above rights, please use the following Privacy Request Webform:

For US residents: Click here

Residents of any other country: Click here

Privacy rights requests sent by email will not be processed.

In case of any questions about the collection, processing and/or use of your personal information, please send your request to Medela AG, Global Data Protection Officer, Lättichstrasse 4b, 6340 Baar, Switzerland or email us at privacy@medela.com.

To file an official complaint, please contact the data protection authority in your jurisdiction (For Switzerland: Federal Data Protection and Information Commissioner / Eidgenössischer Datenschutz- und Öffentlichk…; for the EU and EEA, the current list of National Data Protection Authorities, members of the European Data Protection Board, can be found here; for the UK: Information Commissioner's Officer - ICO).