Privacy and cookie policy

Privacy Statement

If you use the services of our company via our website, your personal data may be processed. As a rule, we only conduct such processing with the prior consent of the user on the legal basis of point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

This Privacy Statement explains which personal data are processed by us, the type of processing that is conducted, and the purpose of the processing. Furthermore, reference is made to the rights of the data subject.

Our company has implemented numerous technical and organizational measures to ensure that protection of the personal data processed via our websites is as complete as possible. Nevertheless, absolute security cannot be guaranteed since there may be security gaps in the transmission of data, and in particular in the online transmission of data.

The terms used in this Privacy Statement are based on the terms used in the EU General Data Protection Regulation (GDPR).

We may use cookies and similar technologies (for simplicity reasons, hereinafter referred to as cookies), when you visit use our website, applications and other products and services. Our cookie banner and consent management system show you a list of the cookies we use, including their provider, purpose, description and other relevant information. In the default setting, only the essential cookies are enabled. Via the consent management system, you can determine whether you allow the setting of additional cookies or not. You can adjust your preferences at any time via the consent management system. Click here to acces your Privacy Settings.

The controller pursuant to the General Data Protection Regulation, other national data protection laws of the Member States of the European Union, and other data protection provisions is:

medin Medical Innovations GmbH
Adam-Geisler-Str. 1
82140 Olching
Germany

Phone: +49 8142 448 46 0
Website: www.medin-medical.com

Our websites use cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. That cookie contains a string of characters (cookie ID) that enables clear identification of the browser and recognition of the user when the website is visited again.

That enables us to provide more user-friendly services to users of our website than would be possible without using cookies.

Users of our website can permanently disable cookies at any time by adjusting the settings of the used internet browser accordingly. Furthermore, already stored cookies can be deleted at any time via the relevant internet browser or other software programs.

Our websites collect various general data and information whenever they are accessed by a data subject or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:

  1. browser types and versions used,
  2. the operating system used,
  3. the website from which a system accesses our website,
  4. the subpages that the system accessing our website navigates to,
  5. the date and time of access to the website,
  6. the IP address,
  7. the internet service provider of the system accessing the website, and
  8. other similar data and information that serve to protect our information technology systems in the case of attacks.

The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they serve the following purposes:

  1. correct provision and display of the content of our website
  2. optimization of the website content and advertising the website
  3. ensuring the long-term functionality of our website
  4. provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.

Our website contains contact forms enabling users of the website to contact our company directly and quickly and to request information. If a user contacts us using such a form, the personal data entered are automatically stored by us. The data entry form indicates which personal data are sent to us. The data are collected in order that an employee of our company or of a processor can contact or send further information to the person whose data were entered using the data entry form.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data that are sent by e-mail are stored for the purpose of contacting the user.

The collected data are only collected and stored for our own purposes and used for optimization of our marketing activities. The personal data may be transferred to one or more processors. The processing conducted by the processor will likewise be conducted solely for our internal use.

If your personal data are processed and you are a data subject pursuant to the GDPR, then you may have the following rights vis-à-vis the controller:

a) Right of access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning yourself are being processed by us.

Where that is the case, you have the right to obtain the following information from the controller:

  1. the purposes of the processing of the personal data;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom personal data concerning yourself have been or will be disclosed;
  4. the envisaged period for which personal data concerning yourself will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data concerning yourself, or restriction of processing of personal data by the controller, or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information about whether personal data concerning yourself are transferred to a third country or an international organization. You have the right to obtain information about appropriate safeguards pursuant to Article 46 GDPR with respect to such transfer of data.

b) Right to rectification

You have the right to require the controller to rectify or complete processed personal data concerning yourself if such data are incorrect or incomplete. The controller shall rectify the data without undue delay.

c) Right to restriction of processing

You have the right to obtain restriction of processing of personal data concerning yourself in the following cases:

  1. the accuracy of personal data concerning yourself is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, or
  4. if you have objected to processing pursuant to Article 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning yourself has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.

d) Right to erasure

I. Obligation to erase data

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. personal data concerning yourself are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. you withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. personal data concerning yourself have been unlawfully processed.
  5. personal data concerning yourself have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. personal data concerning yourself have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

II. Informing third parties

Where the controller has made personal data concerning yourself public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

III. Derogations

The right to erasure does not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise, or defense of legal claims.

e) Right to be informed

If you have obtained rectification, deletion or restriction of processing from the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

f) Right to data portability

You have the right to receive the personal data concerning yourself which you have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and
  2. the processing is carried out by automated means.

In exercising that right, you also have the right to have personal data concerning yourself transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by exercise of that right.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process personal data concerning yourself unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning yourself are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, personal data concerning yourself shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

h) Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

i) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. That does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and a data controller,
  2. is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Note: our company does not conduct automated decision-making using personal data.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Application documents may be submitted electronically via our website. We will solely collect and process the submitted personal data for the purpose of conducting the application process. If our company appoints the applicant, the personal data will be stored for administration of the employment. If the applicant is not appointed, the submitted documents and data will be deleted 6 months after notification of the rejection.

Components of various social media, such as LinkedIn and YouTube are integrated into our website.

If a user accesses one of our websites with such an integrated social media element, that component allows the display of components retrieved from the server of the operator of the social media components.

Furthermore, once the user visits our websites, a direct connection is created via the social media components between your browser and the server of the operator of the social media components. Each time our website or subpages of our website are accessed, the operator receives information about which specific websites and subpages are visited by the user with the corresponding IP address. Please note that we are not informed of the content of the transmitted data and the use of such data by the operator.

For further information on the privacy policies of the integrated social media components, please see

Once the user clicks on a link to one of the social media components, the subpage of the operator of the social media components opens in a new browser window and shows content of the controller. Please note that the websites linked to by the social media components are not operated by us, so this Privacy Statement does not apply to those websites. Furthermore, for the afore­mentioned reason, we cannot assume any liability for the protection of personal data when accessing such websites.

We use ClickDimensions marketing and analysis software.

The operator of ClickDimensions is ClickDimensions LLC., 5901 Peachtree Dunwoody Road, NE suite B500 Atlanta, GA 30328, USA. ClickDimensions has certified its compliance with the EU-US Privacy Shield and the Swiss-US Privacy Shield.

ClickDimensions collects and analyzes data about user behavior on specific websites. Such data include visits to websites and their subpages, the length of time spent on the website, and the website from which the user accessed the website that uses ClickDimensions.

The purpose of using ClickDimensions is the provision of targeted information on the basis of your behavior on our website (including its subpages) and the related optimization of our marketing activities.

ClickDimensions uses cookies (see the section on "Cookies") that are stored on the user's computer and that enable analysis of the user's use of our website. In general, the data stored in the cookie are transmitted to a ClickDimensions server and stored there.

The data transmitted to ClickDimensions are used on our behalf to analyze the use of our website, to compile website activity reports, and to perform further services related to website use and internet use. Any data transmitted by us that are linked with cookies, user identification (e.g. user ID), or advertising IDs are flagged for erasure on request. The data are automatically erased once a month.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly.

For the applicable ClickDimensions privacy policy, please see

https://clickdimensions.com/about/privacy-policy/

Google Remarketing services are integrated into our website.

The operator of Google Remarketing is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display targeted advertising. After visiting one of our websites, the user may subsequently be shown targeted advertising messages of our company on other websites visited by the user within the Google advertising network. That is achieved by using cookies, which store personal information (see the section on "Cookies").

By storing the cookie, Google obtains knowledge of personal data, such as the IP address of the user, since such personal data are transmitted to Google in the USA. Those personal data are stored by Google in the USA. Google may share those personal data with third parties.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future.

Furthermore, the data subject may disable personalized advertising by Google by opening https://adssettings.google.com from each internet browser used and adjusting the settings there accordingly.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en

The Google AdWords advertising optimization service is integrated into our website.

The operator of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google AdWords is used to advertise our website by displaying relevant advertising on the websites of third-party companies and in Google search engine results.

If a data subject accesses our website via a Google ad, Google stores a conversion cookie (see the section on "Cookies") on the computer of the data subject. The conversion cookie expires after thirty days and does not serve to identify the data subject. The conversion cookie indicates whether specific subpages on our website have been visited. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via an AdWords ad has generated sales, i.e. has completed or canceled a purchase.

The data and information collected using the conversion cookie are used by Google to generate traffic statistics for our website. Neither our company, nor other Google AdWords advertising customers receive information from Google enabling identification of the data subject.

By storing the cookie, Google obtains knowledge of personal data, such as the IP address of the user, since such personal data are transmitted to Google in the USA. Those personal data are stored by Google in the USA. Google may share those personal data with third parties.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in future.

Furthermore, the data subject may disable personalized advertising by Google by opening this link

https://adssettings.google.com

from each internet browser used and adjusting the settings there accordingly.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en

Personal data are stored for a duration corresponding to the respective statutory retention period. Following expiry of that period, the relevant data are routinely erased, provided they are no longer required for fulfillment of contractual obligations or for taking steps prior to entering into a contract.

This privacy and cookie policy will be amended from time to time in order to comply with legal requirements or to implement changes to our services or products. We reserve the right to change these at any time. You will always find the current version here.

Data protection office

Our data protection officer for Medin Medical Innovations GmbH is:

rowidat GmbH
Lillweg 6
80939 Munich
Germany

In case of questions related to the processing of your personal data please contact Hamilton at dpo@hamilton.ch. However, If you wish to write to our data protection officer in confidentiality, please address you letter to FIRST PRIVACY BV  or rowidat GmbH at contact details specified above.