Name and contact person of the party responsible in accordance with Article 4 Para. 7 GDPR
INTEGRA Medical Group S.A. (Aktiengesellschaft)
Name: Paul Lee
Address: 2–2A, Joseph Leydenbach, 1947 Luxembourg
Telephone: (+352) 202 110 70
Data protection officer:
Name: Senya Lee
Address: 21, Rue Jean-Pierre Biermann, 1268 Luxembourg
Safety and protection of your personal data
Ensuring the confidentiality of the personal data you provide and protecting it from unauthorised access is our top priority. This is why we take extreme care and use the latest security standards to ensure the maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures that ensure that both we and our external service providers observe data protection regulations.
1. Personal data
"Personal data" means all information relating to an identified or identifiable natural person (hereinafter referred to as the "person concerned"); a natural person is considered identifiable if that person can be identified directly or indirectly, especially by means of allocation to an identification such as a name, an identity number, location data, an online ID, or to one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means each operation executed with or without the help of automated procedures or any such series of operations in connection with personal data such as the collection, recording, organisation, arrangement, storage, modification or change, export, query, use, disclosure by means of transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.
3. Restriction of processing
"Restriction of processing" means the marking of stored personal data with the objective of restricting its future processing.
"Profiling" means any kind of automated processing of personal data that consists of this personal data being used to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects regarding their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.
"Pseudonymisation" means the processing of personal data in a way that the personal data can no longer be assigned to a specific person concerned without the addition of additional information, provided that this additional information is kept separate and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
6. File system
"File system" is each structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is maintained centrally, decentrally, or arranged according to functional or geographical factors.
7. Party responsible
"Party responsible" is a natural or legal person, authority, agency or other body which, alone or together with others, decides on the purpose and means of the processing of personal data; if the purpose and means of this processing are specified by European Union law or the law of the Member States, the party responsible or rather the specific conditions of its appointment in accordance with European Union law or the law of the Member States can be provided for.
8. Data processor
"Data processor" is a natural or legal person, authority, agency or other body that processes personal data on behalf of the party responsible.
"Recipient" refers to a natural or legal person, public authority, agency or other body to whom person data is disclosed, regardless of whether or not this is a third party. Authorities who may receive personal data as part of a specific request for investigation according to European Union law or the law of the Member States do not count as a recipient, however; this data is processed by the named authorities in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
10. Third party
"Third party" is a natural or legal person, authority, agency or other body apart from the person concerned, the party responsible, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the party responsible or the data processor.
"Consent" granted by the person concerned means each statement of intent that is submitted for the specific case in an informed and unequivocal way in the form of a statement or another clearly confirming action, with which the person concerned intimates that he or she agrees to the processing of the personal data relating to that person.
Lawfulness of the processing
The processing of personal data is lawful only if a legal basis exists for its processing. The legal basis for the processing according to Article 6 Para. 1
(a) – (f) GDPR can be in particular:
- The person concerned has given his or her consent to the processing of the personal data relating to him or her for one or more specific purposes;
- The processing is necessary for the fulfilment of a contract whose contractual party is the person concerned, or to perform pre-contractual measures that take place at the person concerned’s request;
- The processing is necessary to fulfil a legal obligation to which the party responsible is subject;
- The processing is necessary to protect the vital interests of the person concerned or another natural person;
- the processing is necessary for the performance of a task that is in the public interest, or in the exercise of official authority that was vested in the party responsible;
- the processing is necessary for the performance of the legitimate interests of the party responsible or a third party, provided that the interests or fundamental rights and freedoms of the person concerned requesting the protection of personal data do not outweigh this, especially if the person concerned is a child.
Information relating to the collection of personal data
(1) The following information relates to the collection of personal data during the use of our website. Personal data is, for example: name, address, e-mail addresses, user behaviour.
(2) If you make contact with us via e-mail or by using a contact form, the data you provide (your e-mail address or your name and telephone number) is stored by us so that we can answer your questions. We will delete the data that is generated in this context once its storage is no longer necessary, or its processing is restricted if there is a legal obligation to retain the data.
Collection of personal data when you visit our website
If you use our website purely for information purposes, that is, if you do not register on it or send us information otherwise, we collect only the personal data that is transmitted to our server by your browser. If you would like to view our website, we collect the following data that is technically necessary for us to present our website to you and to ensure its stability and security (the legal basis is the first sentence of Art. 6 Para. 1 (f) GDPR):
- IP address
- Date and time of the query
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- The data volume transmitted
- Website from which the request originated
- Operating system and its interface
- Language and version of the browser software
(1) In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive assigned to the browser that you are using and certain information flows through the point that is set by the cookie. Cookies cannot execute any programs or transfer viruses to your computer. They are used for making the Internet offering more user friendly and effective.
(2) This website uses the following types of cookies whose scope and functionality are explained below:
- Transient cookies (also a.)
- Persistent cookies (also b.)
- Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These store what is called a session ID, with which various requests from your browser can be assigned to the same session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you sign out or close your browser.
- Persistent cookies are automatically deleted after a specified duration, which can vary depending on the cookie. You can delete the cookies at any time in the security settings for your browser.
- You can configure your browser setting as you prefer and
reject the acceptance of third-party cookies or all cookies, for example. What are known as "third party cookies" are cookies that were set by a third party and therefore not by the actual website that is currently open. Please note that if you deactivate cookies, you may not be able to use all of the functions of this website.
Additional functions and offerings of our website
(1) In addition to the use of our website purely for information purposes, we offer various services that you may be interested in using. To do this, you usually have to specify personal data which we use for providing the relevant service and to which the previously mentioned principles for data processing apply.
(2) We sometimes use external service providers for processing your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are monitored on a regular basis.
(3) We can also forward your personal data to third parties if we offer sale campaigns, competitions, contract conclusions or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.
(4) If our service providers or partners are based in a country outside of the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.
Our offering is intended for adults only. Persons under 18 years old should not pass personal data to us without the agreement of their parents or guardians.
Rights of the person concerned
(1) Withdrawal of consent
If the processing of personal data is based on consent that was granted, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of consent-based processing carried out up to the point of withdrawal.
You can contact us at any time to exercise your right of withdrawal.
(2) Right to confirmation
You have the right to request confirmation from the party responsible regarding whether we process the personal data relating to you. You can request the confirmation at any time by using the contact details mentioned above.
(3) Right to information
If personal data is processed, you can demand information about this personal data and the following information at any time:
- The purposes of the processing;
- The categories of personal data that is processed;
- The recipient or categories of recipients to whom the personal data has been disclosed or is being disclosed, especially in the case of recipients in third countries or with international organisations;
- If possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for defining this period;
- The existence of a right to correction or deletion of the personal data relating to you, or to restrict its processing by the party responsible, or a right to object against this processing;
- You also have the right to complain to a supervisory authority;
- If the personal data is not collected from the person concerned, all available information about the origin of the data;
- The existence of automated decision-making including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the extent and the desired effects of this type of processing for the person concerned.
If personal data is transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate warranties in accordance with Article 46 GDPR in connection with the transmission. We provide a copy of the personal data that is the subject of the processing. For all other copies that you request, we can demand an appropriate charge based on administrative costs. If you make the request electronically, the information has to be provided in a common electronic format unless indicated otherwise. The right to receive a copy in accordance with Paragraph 3 must not affect the rights and freedoms of other persons.
(4) Right to correction
You have the right to request from us the immediate correction of personal data relating to you that is incorrect. Taking the purpose of the processing into account, you have the right to request the completion of incomplete personal data including by means of a supplementary statement.
(5) Right to deletion ("right to be forgotten")
You have the right to request the party responsible to delete personal data relating to you with immediate effect and we are obligated to delete personal data with immediate effect if one of the following reasons applies:
- The personal data is no longer necessary for the purposes for which is was collected or otherwise processed.
- The person concerned revokes their consent on which processing was based in accordance with Article 6 Paragraph 1 (a) or Article 9 Paragraph 2 (a) GDPR and there is no other legal basis for the processing.
- The person concerned objects to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing that take priority, or the person concerned objects to the processing in accordance with Article 21 Paragraph 2 GDPR.
- The personal data was processed unlawfully.
- The deletion of the personal data is required to fulfil a legal obligation in accordance with European Union law or the law of the Member States to which the party responsible is subject.
- The personal data was collected with regard to services offered by the information society in accordance with Article 8 Paragraph 1 GDPR.
If the party responsible has disclosed the personal data and if the party responsible is obligated to its deletion in accordance with Paragraph 1, then taking into account the available technology and the implementation costs, the party responsible takes appropriate measures for informing the party responsible for data processing who processes the personal data that a person concerned has requested them to delete all links to this personal data, or copies or replications of this personal data.
The right to deletion ("right to be forgotten") does not exist if the processing is required:
- To exercise the right to free expression and information;
- To fulfil a legal obligation requesting the processing in accordance with the law of the European Union or the Member States, to which the party responsible is subject, or for the performance of a task that lies in the public interest or in the exercise of official authority that was vested in the party responsible;
- For reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 (h) and (i) as well as Article 9 Paragraph 3 GDPR;
- For archive purposes in the public interest, for scientific or historic research purposes, or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, provided this does not make the realisation of the objectives of this processing named in Paragraph 1 impossible or seriously affect them, or
- For the assertion, exercise or defence of legal claims.
(6) Right to restriction of processing
You have the right to request the restriction of the processing of your personal data if one of the following prerequisites applies:
- The accuracy of the personal data is disputed by the person concerned and indeed for a period that enables the party responsible to verify the accuracy of the personal data,
- The processing is unlawful and the person concerned rejects the deletion of the personal data and instead requests the restriction of the use of the personal data;
- The party responsible no longer requires the personal data for the purposes of processing, yet the person concerned requires it for asserting, exercising or defending legal claims, or
- The relevant person has objected to the processing in accordance with Article 21 Paragraph 1 GDPR for as long as it has not been determined whether legitimate reasons of the party responsible outweigh those of the person concerned.
If the processing was restricted in accordance with the prerequisites named above, then this personal data – apart from its storage – is processed only with the consent of the person concerned or to assert, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
To assert the right to restriction of processing, the relevant person can contact us at any time by using the contact details specified above.
(7) Right to data portability
You have the right to obtain the personal data relating to you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to a different party responsible without any obstacle from the party responsible to whom the personal data was provided, if:
- The processing is based on consent in accordance with Article 6 Paragraph 1 (a) or Article 9 Paragraph 2 (a) or on a contract in accordance with Article 6 Paragraph 1 (b) GDPR and
- The data was processed by means of automated processes.
When exercising the right to data portability in accordance with Paragraph 1, you have the right to effect the direct transfer of personal data from one party responsible to another if this is technically feasible. The exercise of this right to data portability does not affect the right to deletion ("right to be forgotten"). This right does not apply to processing that is necessary for the performance of a task that is in the public interest, or in the exercise of official authority that was vested in the party responsible.
(8) Right to object
You have the right to object at any time to the processing of personal data relating to you resulting from your personal situation, which is based on Article 6 Paragraph 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. The party responsible will no longer process your personal data unless it can demonstrate compelling legitimate reasons that are worth protecting for the processing that the interests, rights and freedoms of the person concerned, or the processing serves to establish, exercise or defend legal claims.
If personal data is processed for the purpose of direct advertising, then you have the right to object at any time to the processing of personal data relating to you for the purpose of this type of advertising; this also applies to profiling if it is related to such direct advertising. If you object to the processing for purposes of direct advertising, the personal data will no longer be processed for these purposes.
In connection with the use of the services of the information society, regardless of Guideline 2002/58/EC, you can exercise your right to object by means of automated processes with which technical specifications are used.
You have the right to object for reasons resulting from your particular situation to the relevant processing of personal data relating to you that takes place for scientific or historic research purposes, or for statistical purposes in accordance with Article 89 Paragraph 1, unless the processing is required to fulfil a task in the public interest.
You can exercise your right to object at any time by contacting the respective party responsible.
(9) Automated decisions in individual cases including profiling
You have the right not to be subject to a decision that was based exclusively on automated processing – including profiling – that has a legal effect on you or similarly impairs you considerably. This does not apply if the decision:
- Is required for the conclusion or fulfilment of a contract between the person concerned and the party responsible,
- Is permissible based on legal provisions of the European Union or the Member States to which the party responsible is subject and these provisions contain appropriate measures for protecting the rights and freedom and the legitimate interests of the person concerned or
- Is made with the express consent of the person concerned.
The party responsible takes appropriate measures to protect the rights and freedom and the legitimate interests of the person concerned, to which at least the right to obtain intervention by a person on the part of the party responsible, to presenting their case, and the right to challenging the decision belongs.
The person concerned can execute this right at any time by contacting the respective party responsible.
(10) Right to complain to a supervisory authority
Irrespective of the provision of another administrative or legal judicial remedy, you also have the right to complain to a supervisory authority, especially in the Member State of your residence, your workplace or the location of the alleged infringement if the person concerned believes that the processing of the personal data relating to them violates this regulation.
(11) Right to effective judicial remedy
Irrespective of an available administrative or non-judicial remedy, including the right to complain to a supervisory authority in accordance with Article 77 GDPR, you have the right to effective judicial remedy if you believe that your rights based on this regulation were violated as a result of the processing of your personal data that is not in line with these regulations.
Use of Google Analytics
(2) The IP address provided to Google Analytics by your browser will not be merged with any other data from Google.
(3) You can prevent the storage of cookies by selecting the relevant settings in your browser software; please note, however, that you may not be able to use all functions of this website in full in this case. Furthermore, you can prevent the transmission of the data that is created by the cookie relating to your use of the website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that abbreviated IP addresses are further processed to eliminate direct reference to persons. If the data relating to you that was collected gives rise to a reference to persons, this is immediately excluded and the personal data is deleted immediately.
(5) We use Google Analytics so that we can analyse how our website is used and improve it on a regular basis. We use the statistics obtained to improve our offering and make it more interesting to you as a user. For exceptional cases in which personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is the first sentence of Art. 6 Para. 1 (f) GDPR.
(7) This website also uses Google Analytics for the cross-device analysis of visitor traffic which is carried out by using user IDs. You can deactivate the cross-device analysis of your use in your customer account under "My Data", "Personal Data".
Use of Google Maps
(1) We use the Google Maps offering on this website. This enables us to display interactive maps directly on the website and therefore provide a convenient way for you to use the map function.
(2) When you visit the website, Google receives the information that you have called up the corresponding sub-site of our website. The data specified in Section 3 of this policy is also transmitted. This is done irrespective of whether Google provides a user account that you are signed in to, or whether no user account exists. If you are signed in to Google, your data is allocated directly to your account. If you do not want to allow the Google allocation to your profile, you have to sign out before you activate the button. Google stores your data as a usage profile and uses this for the purpose of advertising, market research and/or to design its website to meet the needs of users. Such an assessment is carried out especially to provide appropriate advertisements (even for users who are not signed in), in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile, but you have to contact Google to exercise this right.
(3) Additional information regarding the purpose and scope of the data collection and its processing by the plug-in provider is available in the privacy policies of the providers as listed below. You also obtain additional information here about your rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Use of Google reCAPTCHA
(1) We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our websites. It is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
(2) reCAPTCHA checks whether the data entered on our websites (in a contact form, for example) is entered by a human being or by means of an automated program. reCAPTCHA analyses the website visitor’s behaviour using different characteristics for this purpose. This analysis starts automatically as soon as the visitor accesses the website. reCAPTCHA assesses different information (such as IP address, the website visitor’s dwell time on the website or mouse movements performed by the user). The data that is recorded during the analysis is forwarded to Google.
(3) reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
(4) The data is processed on the basis of Article 6 Para. 1 (f) GDPR. The website operator has a legitimate interest in protecting its web offering from improper and automated spying and from spam.
Use of social media plug-ins
(1) We currently use the following social media plug-ins: [Facebook, Google+]. In doing so, we use the two-click solution. In other words, when you visit our site, initially no personal data is forwarded to the provider of the plug-ins. You can identify the provider of the plug-in from the mark on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in by using the button. The plug-in provider receives the information that you have called up the corresponding website of our online offering only when you click on the selected field, thereby activating it. The data specified in Section 3 of this statement is also transmitted. In the case of Facebook and Xing, according to information from the respective providers in Germany, the IP address is immediately anonymised after it is collected. By activating the plug-in, personal data is transmitted by you to the respective plug-in provider where it is stored (in the USA in the case of US providers). Since the plug-in provider collects data via cookies in particular, we recommend that before clicking on the greyed out box, you delete all cookies by using your browser’s security settings.
(2) We do not have any influence over the data that is collected and the data processing operations, nor are we aware of the full scope of the data collection, the purposes of the processing, or the storage periods. Nor do we have any information regarding the deletion of the data that is collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as a usage profile and uses this for the purpose of advertising, market research and/or to design its website to meet the needs of users. Such an assessment is carried out especially to display appropriate advertisements (even for users who are not signed in), in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of this user profile, but you have to contact the respective plug-in provider to exercise this right. The plug-ins give you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting to you as a user. The legal basis for the use of the plug-ins is the first sentence of Art. 6 Para. 1 (f) GDPR.
(4) The data is forwarded regardless of whether you have an account with the plug-in provider and are signed in there. If you are signed in with the plug-in provider, your data that is collected by us is allocated directly to your account with the plug-in provider. If you press the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and publicly shares it with your contacts. After using a social network, we recommend that you regularly sign out especially before you activate the button. In this way you can avoid the plug-in provider from allocating this data to your profile.
(5) Additional information regarding the purpose and scope of the data collection and its processing by the plug-in provider is available in the privacy policies of these providers as listed below. Here you also obtain additional information about your rights and settings options to protect your privacy.
(6) Addresses for the respective plug-in providers and URL with their privacy policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.