PRIVACY POLICY

If you use the services of our company via our website, your personal data may be processed. As a rule, we only conduct such processing with the prior consent of the user on the legal basis of point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR), with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

This Privacy Policy explains which personal data are processed by us, the type of processing that is conducted, and the purpose of the processing. Furthermore, reference is made to the rights of the data subject.

Our company has implemented numerous technical and organizational measures to ensure that the protection of the personal data processed via our websites is as complete as possible. Nevertheless, absolute security cannot be guaranteed since there may be security gaps in the transmission of data, and in particular in the online transmission of data.

The terms used in this Privacy Statement are based on the terms used in the EU General Data Protection Regulation (GDPR).

1. Name and address of the controller

The controller pursuant to the General Data Protection Regulation, other national data protection laws of the Member States of the European Union, and other data protection provisions is:

CareVie Medical GmbH
Frohmattstrasse 12

CH-8807 Freienbach

Tel.: +41 079 439 96 51
Website: www.careviemedical.com

2. Cookies

Our websites use cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. That cookie contains a string of characters (cookie ID) that enables clear identification of the browser and recognition of the user when the website is visited again.

That enables us to provide more user-friendly services to users of our website than would be possible without using cookies.

Users of our website can permanently disable cookies at any time by adjusting the settings of the used internet browser accordingly. Furthermore, already stored cookies can be deleted at any time via the relevant internet browser or other software programs.

3. Collection of general data and information

Our websites collect various general data and information whenever they are accessed by a data subject or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:

  1. browser types and versions used,

  2. the operating system used,

  3. the website from which a system accesses our website,

  4. the subpages that the system accessing our website navigates to,

  5. the date and time of access to the website,

  6. the IP address,

  7. the internet service provider of the system accessing the website, and

  8. other similar data and information that serve to protect our information technology systems in the case of attacks.

 

The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they serve the following purposes:

  1. correct provision and display of the content of our website

  2. optimization of the website content and advertising the website

  3. ensuring the long-term functionality of our website

  4. provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.

4. Registration on our website

Our website provides users with the possibility of registering with their personal data to access information such as clinical studies, brochures, technical specifications, and other relevant information. The data are entered using a data entry form on the website and are transmitted to us and stored at the controller. The respective data entry form used for registration indicates which personal data are transmitted to us. The personal data entered by the data subject are solely collected and stored for internal use and for our own purposes. The data may be used for the occasional provision of information about our services and for optimizing our services and marketing activities. 

Registered persons may modify the data provided by them at any time or have the data erased by us at any time, providing that this is not in conflict with any statutory retention periods.

Every data subject has the right to obtain information about the above.

5. Contact options via our website

Our website contains contact forms enabling users of the website to contact our company directly and quickly and to request information. If a user contacts us using such a form, the personal data entered are automatically stored by us.  The data entry form indicates which personal data are sent to us. The data are collected in order that an employee of our company or of a processor can contact or send further information to the person whose data were entered using the data entry form.

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data that are sent by e-mail are stored for the purpose of contacting the user.

The collected data are only collected and stored for our own purposes and used for the optimization of our marketing activities. The personal data may be transferred to one or more processors. The processing conducted by the processor will likewise be conducted solely for our internal use.

6. Rights of the data subject

If your personal data are processed and you are a data subject pursuant to the GDPR, then you may have the following rights vis-à-vis the controller:

a) Right of access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning yourself are being processed by us.

Where that is the case, you have the right to obtain the following information from the controller:

  1. the purposes of the processing of the personal data;

  2. the categories of personal data concerned;

  3. the recipients or categories of recipient to whom personal data concerning yourself have been or will be disclosed;

  4. the envisaged period for which personal data concerning yourself will be stored, or, if not possible, the criteria used to determine that period;

  5. the existence of the right to request from the controller rectification or erasure of personal data concerning yourself, or restriction of processing of personal data by the controller, or to object to such processing;

  6. the right to lodge a complaint with a supervisory authority;

  7. where the personal data are not collected from the data subject, any available information as to their source;

  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information about whether personal data concerning yourself are transferred to a third country or an international organization. You have the right to obtain information about appropriate safeguards pursuant to Article 46 GDPR with respect to such transfer of data.

b) Right to rectification

You have the right to require the controller to rectify or complete processed personal data concerning yourself if such data are incorrect or incomplete. The controller shall rectify the data without undue delay.

c) Right to restriction of processing

You have the right to obtain restriction of processing of personal data concerning yourself in the following cases:

  1. the accuracy of personal data concerning yourself is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

  2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;

  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims, or

  4. if you have objected to processing pursuant to Article 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data concerning yourself has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.

d) Right to erasure

I. Obligation to erase data

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. personal data concerning yourself are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  2. you withdraw your consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.

  3. you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

  4. personal data concerning yourself have been unlawfully processed.

  5. personal data concerning yourself have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.

  6. personal data concerning yourself have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

II. Informing third parties

Where the controller has made personal data concerning yourself public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

III. Derogations

The right to erasure does not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;

  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;

  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

  5. for the establishment, exercise, or defense of legal claims.

e) Right to be informed

If you have obtained rectification, deletion or restriction of processing from the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

f) Right to data portability

You have the right to receive the personal data concerning yourself which you have provided to a controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, or on a contract pursuant to point (b) of Article 6(1) GDPR, and

  2. the processing is carried out by automated means.

In exercising that right, you also have the right to have personal data concerning yourself transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercise of that right.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process personal data concerning yourself unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data concerning yourself are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, personal data concerning yourself shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

h) Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

i) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. That does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and a data controller,

  2. is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

  3. is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Note: our company does not conduct automated decision-making using personal data.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

7. Privacy policy concerning deployment and use of social media elements

Components of various social media, such as Facebook, Google+, LinkedIn, YouTube, Twitter, and Instagram, are integrated into our website.

If a user accesses one of our websites with such an integrated social media element, that component allows the display of components retrieved from the server of the operator of the social media components.

Furthermore, once the user visits our websites, a direct connection is created via the social media components between your browser and the server of the operator of the social media components. Each time our website or subpages of our website are accessed, the operator receives information about which specific websites and subpages are visited by the user with the corresponding IP address.  Please note that we are not informed of the content of the transmitted data and the use of such data by the operator.

Once the user clicks on a link to one of the social media components, the subpage of the operator of the social media components opens in a new browser window and shows the content of the controller. Please note that the websites linked to by the social media components are not operated by us, so this Privacy Statement does not apply to those websites. Furthermore, for the afore­mentioned reason, we cannot assume any liability for the protection of personal data when accessing such websites.

For further information on the privacy policies of the integrated social media components, please see

Facebook: https://www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy?hl=en

Twitter: https://twitter.com/privacy?lang=en

Instagram: https://www.instagram.com/about/legal/privacy/

8. Privacy policy concerning the deployment and use of Google Analytics

The Google Analytics data traffic analysis service is integrated into our website.

The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics collects and analyzes data about user behavior on specific websites. Such data include visits to websites and their subpages, the length of time spent on the website, and the website from which the user accessed the website that uses Google Analytics.

The purpose of web analysis using Google Analytics is to optimize our website and to perform a cost/benefit analysis for online advertising.

Google Analytics uses cookies (see the section on "Cookies") that are stored on the user's computer and that enable analysis of the user's use of our website. In general, the data stored in the cookie are transmitted to a Google server and stored there.

Google Analytics is used on our website with the "anonymized" extension for anonymization. That anonymization function truncates the IP address of the user accessing the website once the user is recognized to be within the European Union or another signatory state to the Agreement on the European Economic Area. The IP address transmitted by your browser in the scope of Google Analytics is not merged with other data held by Google.

The data transmitted to Google are used on our behalf to analyze the use of our website, to compile website activity reports, and to perform further services related to website use and internet use. Any data transmitted by us that are linked with cookies, user identification (e.g. user ID), or advertising IDs are automatically erased after 14 months. The data are automatically erased once a month following the expiry of their retention period.

For further information on the terms of service and privacy policy of Google Analytics, please see

https://www.google.com/analytics/terms/gb.html (Great Britain)

https://www.google.com/analytics/terms/us.html (United States of America)

https://policies.google.com/?hl=en

You may prevent the storage of cookies by adjusting your browser settings accordingly; however please note that if you do so you will not be able to use the full functionality of this website. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in the future. To prevent the collection by Google Analytics on multiple devices, you need to opt-out on all systems used.

9. Privacy policy concerning the deployment and use of Google AdWords

The Google AdWords advertising optimization service is integrated into our website.

The operator of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google AdWords is used to advertise our website by displaying relevant advertising on the websites of third-party companies and in Google search engine results.

If a data subject accesses our website via a Google ad, Google stores a conversion cookie (see the section on "Cookies") on the computer of the data subject. The conversion cookie expires after thirty days and does not serve to identify the data subject. The conversion cookie indicates whether specific subpages on our website have been visited. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via an AdWords ad has generated sales, i.e. has completed or canceled a purchase.

The data and information collected using the conversion cookie are used by Google to generate traffic statistics for our website. Neither our company, nor other Google AdWords advertising customers receive information from Google enabling identification of the data subject.

By storing the cookie, Google obtains knowledge of personal data, such as the IP address of the user, since such personal data are transmitted to Google in the USA. Those personal data are stored by Google in the USA. Google may share those personal data with third parties.

If you do not wish cookies to be stored, you can disable them by adjusting your browser settings accordingly. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected by Google and processing of such data by Google by downloading and installing the following add-on:

https://tools.google.com/dlpage/gaoptout?hl=en

Opt-out cookies will prevent your data from being collected when you visit this website in the future.

Furthermore, the data subject may disable personalized advertising by Google by opening this link

https://adssettings.google.com

from each internet browser used and adjusting the settings there accordingly.

For further information and the applicable Google privacy policy, please see

https://policies.google.com/privacy?hl=en

10 Duration of storage of personal data

Personal data are stored for a duration corresponding to the respective statutory retention period. Following the expiry of that period, the relevant data are routinely erased, provided they are no longer required for the fulfillment of contractual obligations or for taking steps prior to entering into a contract.