General information on data processing
This data protection declaration is based on the Swiss Data Protection Act (“DPA”) and the EU General Data Protection Regulation (hereinafter “GDPR”). Since we process personal data which comes from the EU, both the GDPR and DPA apply.
We collect and use personal data (hereinafter also referred to as “personal data” or only “data”) of our users only to the extent necessary to provide a functioning website as well as our content and services.
Possible legal bases for the processing of personal data are in particular (I) consent, (II) fulfilment of a contract or pre-contractual measures, (III) fulfilment of a legal obligation, (IV) our legitimate interest and (V) vital interests of the person concerned.
As the data controller, hystrix medical AG has implemented numerous technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone.
By continuing to use this website, you consent to this data processing and transmission.
We use appropriate technical and organizational security measures to protect your personal data stored with us against unintentional, illegal or unauthorized manipulation, deletion, alteration, access, disclosure or use and against partial or complete loss. Our security measures are continuously adapted and improved in line with technological developments. We assume no liability for the loss of data or their knowledge and use by third parties.
If you register with us as a user, access to your user account is only possible after entering your personal password. You should always treat payment and access information confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to secrecy and compliance with data protection regulations.
Right to information, rectification, deletion or portability
You have the right to assert your data protection rights at any time and to request information about whether and which personal data about you is processed by us. You can also have your personal data corrected, blocked or deleted at any time with written notification and corresponding proof of your identity to the following address: firstname.lastname@example.org.
We reserve the right to correspond with you in this context.
Please note that even after your request to block or delete your personal data, we will still have to retain some of it within the scope of our legal or contractual storage obligations (e.g. for billing purposes) and in this case will only block your personal data to the extent necessary for this purpose. Furthermore, a deletion of your personal data may result in you no longer being able to receive or use the services you have registered. Under certain circumstances, you have the right to demand that we forward your personal data to you or to a third party designated by you in a common format.
Retention period for your personal data
We will only store your data for as long as is legally necessary or appropriate to the purpose for which it is processed. In the case of analyses, we store your data until the analysis has been completed. If we store data on the basis of a contractual relationship with you, this data will be stored for at least as long as the contractual relationship exists and as long as the limitation period for possible claims by us or legal or contractual storage obligations.
A cookie can be used to optimise the information and offers on our website for the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.
The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable under certain circumstances.
Collection of general data and information
The website of hystrix medical AG collects a series of general data and information each time the website is accessed by a person concerned or an automated system. These general data and information are stored in the log files of the server. The (1) browser types and versions used can be recorded, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, hystrix medical AG does not draw any conclusions about the person concerned. Instead, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for it, (3) guarantee the long-term operability of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by hystrix medical AG both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.
Possibility to contact us via the website
Due to legal regulations, the website of hystrix medical AG contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
On the website of hystrix medical AG there is the possibility to subscribe to free newsletters during the registration process. The data from the input mask will be transmitted to us. If you purchase goods or services on our website and enter your e-mail address, we may also use this information to send you a newsletter. In such a case, in addition to information that is relevant to you and customer-specific (e.g. product adjustments, price adjustments, etc.), the newsletter will only send direct advertising for our own similar goods or services. No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. Legal basis for the dispatch of the newsletter is the consent, and as a result of the sale of goods or services our predominant interest and the handling of the contract. The data will be deleted as soon as they are no longer required for the purpose of their collection. The e-mail address of the user will therefore be stored as long as the subscription to the newsletter is active, unless the e-mail address was used by hystrix medical AG for other legitimate purposes. The subscription to the newsletter may be terminated by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.
Registration for online services
The website of hystrix medical AG offers users the opportunity to register by providing personal data, in particular to place online orders in the marketplace and to manage order lists or personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:
– Name and address of the company, incl. e-mail address.
– Name, first name and e-mail of the contact person, further information on a voluntary basis.
The following data will also be stored at the time of registration:
– Time of registration (time + date)
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. A registration is necessary in order to receive a login and to be able to order in the marketplace. Therefore, the legal basis for the processing of the data is the conclusion and execution of a contract. The data are deleted as soon as they are no longer required for the purpose of their collection. This is the case for the personal data collected during the registration process when the data is no longer required for the conclusion or execution of a contract. Even after termination of a contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations or for the purpose of asserting or defending claims.
Data protection for applications and in the application process
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website, to the data controller. If the data controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be stored in the database.
Disclosure of data to third parties
We cooperate with other companies or individuals or commission other companies or individuals to process and store data. In particular, we provide services to our customers in various product areas which make it necessary to pass on personal data of these customers to our suppliers and partners. They may have access to your personal data or usage data, but only to the extent necessary to carry out their tasks.
We pass on your data to third parties as far as this is necessary for the execution of the contract.
We do not sell, rent or trade the personal information you provide to us outside of hystrixmedical.com and the partner companies listed above.
Apart from the disclosures described above, we will only disclose your personal data if you have expressly consented, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
If we make an advance payment, for example in the case of a purchase on account, we may obtain a credit report based on mathematical-statistical procedures from a credit agency in order to safeguard our legitimate interests. For this purpose, we transmit the personal data required for a credit assessment to a credit agency and use the information received on the statistical probability of a default in payment for a decision on the establishment, execution or termination of the contractual relationship. The creditworthiness report may contain probability values (score values) which have been calculated on the basis of scientifically recognised mathematical-statistical procedures and which include address data, among other things, in their calculation. Their interests worthy of protection are taken into account in accordance with the legal provisions.
Use of Google Analytics
IP anonymisation is activated on the hystrix medical AG website, which shortens the IP address of Google visitors before they are transferred to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and only shortened there. On behalf of hystrix medical AG, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services to hystrix medical AG relating to website activity and internet usage.
Visitors can prevent the collection by Google of the data generated by the cookie and related to their use of the website (including their IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on Google’s data protection regulations can be found at https://www.google.com/policies/privacy/.
Using the Google Tag Manager
This website uses Google Tag Manager from Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), a cookie-free domain that does not collect any personally identifiable information. This tool allows “website tags” to be implemented and managed through an interface. Tags are small pieces of code on the Web page that are used, among other things, to measure traffic and visitor behavior and to test and optimize the Web page. By using the Google Tag Manager, hystrixmedical.com can automatically track which button, link or personalized image visitors have actively clicked on and can thus record which content of the website is of particular interest to them.
The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If visitors have deactivated a domain or cookie level, this deactivation is retained for all tracking tags implemented with Google Tag Manager.
Using Google Conversion Tracking
Our websites also use Google Conversion Tracking. Google Adwords places a cookie on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on the AdWords customer’s website and the cookie has not expired, Google and the customer will be able to tell that the user clicked on the ad and was directed to that page. Each Adwords customer receives a different cookie. Cookies can therefore not be traced via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not wish to participate in the tracking process, you can also refuse to set a cookie as required, for example by setting your browser to disable the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.
The hystrix medical AG website contains components from YouTube. YouTube is an Internet video portal that enables video publishers to post video clips and other users to view, evaluate and comment on them free of charge. YouTube permits the publication of all kinds of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be called up via the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a YouTube component (YouTube video) has been integrated into one of the individual pages of this website, which is operated by the data controller, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about. As part of this technical process, YouTube and Google obtain information about which specific subpage of our website is visited by the person concerned.
If the person concerned is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.
YouTube and Google always receive information via the YouTube component that the person concerned has visited our website if the person concerned is logged on to YouTube at the same time as accessing our website; this takes place regardless of whether the person concerned has registered a YouTube-V account or not.
The data protection regulations published by YouTube, which are available at https://www.google.de/intl/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
The data controller has integrated LinkedIn Corporation components into this website. LinkedIn is an Internet-based social network that allows users to connect to existing business contacts and to make new business contacts. More than 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
Each time a LinkedIn component (LinkedIn plug-in) is installed on our website, the LinkedIn component causes the browser used by the individual to download an appropriate representation of the LinkedIn component. More information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the person concerned.
If the person concerned is logged in to LinkedIn at the same time, LinkedIn recognizes which specific page of our website the person concerned is visiting each time the person visits our website and for the entire duration of that person’s stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the person concerned clicks on an integrated LinkedIn button on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.
LinkedIn always receives information through the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the data subject does not want LinkedIn to receive such information, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.
The data controller has integrated Twitter components into this website. Twitter is a multilingual, publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 280 characters. These short messages can be accessed by anyone, including those not registered on Twitter. However, the tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/resources/buttons. As part of this technical process, Twitter obtains information about which specific subpage of our website is visited by the person concerned. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers.
If the person concerned is logged in to Twitter at the same time, Twitter recognizes which specific subpage of our website the person concerned is visiting each time the person concerned accesses our website and for the entire duration of that person’s stay on our website. This information is collected by the Twitter component and assigned by Twitter to the respective Twitter account of the person concerned. If the person concerned clicks on one of the Twitter buttons integrated into our website, the data and information transmitted will be assigned to the personal Twitter user account of the person concerned and stored and processed by Twitter.
Twitter always receives information via the Twitter component that the person concerned has visited our website if the person concerned is logged on to Twitter at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Twitter component or not. If the data subject does not wish to transmit this information to Twitter in this way, he or she can prevent the transmission by logging out of his or her Twitter account before accessing our website.
If you have any questions about data protection on our website, would like to request information or request the deletion of your data, please contact our contact person for data protection by sending an e-mail to email@example.com.
We may change this privacy statement at any time without notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, we will inform you in the event of an update about the change by e-mail or by other suitable means (e.g. via the imprint on our website).