Information on data processing according to Art. 13 and 14 General Data Protection Regulation (GDPR)
We care about the protection of your personal data and your privacy. For this reason, we will inform you in the following about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them and the data protection claims and rights to which you are entitled. When we subsequently talk about data, we mean your personal information. This is all the information that identifies you as a person, directly or indirectly.
Please read the following information carefully.
About this Policy
This policy explains, how your personal information is collected, used and protected by MED-EL and it’s branches (www.medel.com/med-el-offices-worldwide). Further information on specific offers, products and services are described directly in the related sections.
We will always comply with the statutory data protection regulations when dealing with your personal data. For the purposes of the GDPR, we will be the "controller" of all personal data we hold about you.
Who is responsible for data processing?
The responsible controller is:
MED-EL Elektromedizinische Geräte Gesellschaft m.b.H.
Tel.: +43 5 77 88
The responsible data protection officer can be contacted directly
MED-EL Elektromedizinische Geräte GmbH
Which data are being processed and from which sources does this data come from?
We process personal data that we receive directly from you (e.g. contact form, purchases, data of your myMED-EL account) as well as data that is collected through the use of our products and services (e.g. app use, website visit). In addition, we process personal data that we receive from third parties and/or public accessible sources (eg business register, register of associations, country register, press, media) in a permissible manner (eg for the fulfillment of orders / contracts, fulfillment of legal obligations or consent granted by you).
Your personal data from different sources and from different applications and devices can be merged and linked within MED-EL.
For what purposes and on what legal basis is your data being processed?
We process your personal data in accordance with the data protection regulations (DSGVO and the Data Protection Act (DSG) in the current version).
We use a chatbot on some of our websites to answer your questions about MED-EL products and services. The chatbot is a text-based software system, the use is voluntary. Your text entries are saved locally on your PC in a cookie for the duration of your session. Dialogues are analyzed in an anonymous form by MED-EL to further improve the chatbot. If you enter your contact details, they will be forwarded to your MED-EL Office to answer your request.
The chatbot uses the Azure Bot Service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Information on data privacy can be found here: https://privacy.microsoft.com/en-us/privacystatement
Quick help with your requests
Consent Art. 6 (1) a GDPR
If you allow access to position data via your browser, the clinics and distribution partners are displayed nearby. Your position will be located by identifying the position of your IP address. The data will not be saved.
Display of clinics and distribution partners close to your location
Consent – Art. 6 (1) lit. a) GDPR
When you register for conferences, events, etc. your data will be passed on to third parties (PCO, hotel, transportation company, travel agency and visa authorities) in accordance with your details for the purpose of contractual fulfillment, in particular for hotel and travel booking, transfers, registration and visa procurement.
Register for a conference, event
Performance of a contract – 6 (1) b) GDPR
You are able to contact MED-EL (e.g. requests about products, support, etc.) by filling out our contact forms. The contact is normally made by email, if a phone number is given by phone.
When submitting the contact form your data of the contact fields (name, occupation (e.g. surgeon, home care, audiologist), interests (professional interests), telephone, address (street, house number, city, zip code, region, country), e-mail, interest to be included in mailing list) are processed.
Answering/assisting you with your request
Performance of a contract or to perform pre-contractual steps – Art. 6 (1) b) GDPR
In some of our contact forms we use “Google reCAPTCHA”, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Information on data privacy. With this we check if the data entry is done by a human or by an automated program. Analysis starts automatically as soon as you visit our website. reCAPTCHA uses different information for this analysis (e.g. IP address, time of the visit, mouseclicks).
Legitimate interest – Art. 6 (1) f) GDPR - Protection against abusive automated spying and spam.
You can use our online learning management system containing information, courses, webinars and programs on MED-EL products and services. The Academy is a myMED-EL service. Registration takes place through your myMED-EL account.
We use your email address to send you automated information, such as reminders for due dates of courses or assignments, or reminders for webinars and seminar events bookings. You will also receive your certificates via email. In courses or programs with a designated trainer, the trainer can send email messages to the participants as part of the training process.
The Academy uses an essential session cookie, called TotaraSession. You must allow this cookie into your browser to provide continuity and maintain your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server).
The webinars, courses and programs you have attended and your user behavior are recorded within the learning platform in order to optimize our offer. For all learning activities, your learning progress, your answers and test results are recorded in order to document your learning success and to be able to create training certificates.
Operation and optimization of the learning platform
Performance of a contract – Art. 6 (1) lit. b) GDPR
The MED-EL Remote Check enables you to carry out hearing tests independently.
An expert at your clinic will send you a personal invitation for a test by email or SMS. Your test data will be transferred to the expert at your clinic for evaluation. After completing the test, you will receive feedback from the clinician.
Access to Remote Check is via your myMED-EL account. The following data is stored at MED-EL on behalf of your clinic: name, address, e-mail, telephone number, log-in data, gender, date of birth, appointments, test date and results, ratings, any comments and photos. The data is stored in encrypted form on AWS servers in data centers within the EU. AWS, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxemburg. Information on data privacy: https://aws.amazon.com/compliance/data-privacy/.
MED-EL uses app usage data from the app in anonymised form for research and statistics and for product improvement.
Performance and evaluation of hearing tests by transferring data to your clinic.
Consent - Art. 6 (1) a, Art. 9 (2) a, Art. 6 (1) b – performance of a contract, legitimate interest – Art. 6 (1) f and Art. 89 GDPR – Art. 6 (1) f) and Art. 89 GDPR – statistics, research and improvement of our products and services.
Via your myMED-EL Account you can register for the interactive hearing trainings for music from Meludia (Meludia SAS, 149 rue Saint-Honoré, 75001 Paris, France). To do this, your name and email address are forwarded to Meludia. Information on data privacy at Meludia can be found here: https://www.meludia.com/en/privacy-policy/.
Performance of a contract – Art. 6 (1) b) GDPR.
MED-EL offers a range of applications for rehabilitation training and support purposes that work on smart phones, tablets and web devices. These applications have their own built in privacy policies.
The purpose of these applications is to help get the best out of your MED-EL product; to hear and understand better, to progress learning and to give our users quality of life features. For some apps it is possible to send the test-results in pdf form by E-Mail.
Registration takes place via your myMED-EL account.
Use of the mobile apps for rehabilitation, training and support purposes.
Consent – Art. 6 (1) a, 9 (2) a and Performance of a contract – Art. 6 (1) b GDPR
The myMED-EL platform provides registered users access to personalized MED-EL offers. We process, based on the registered role, the following categories of data, in order to authenticate your registration, and provide the right information and services for your medical device or professional needs:
Email address, name, address, country, date of birth, parent or guardian details, product type, serial number, relationship to user, profession, institution and address of institution.
The date of birth is necessary to ensure that recipient accounts for children are only set up with the consent of parents or legal guardians.
We use your contact details to
- send you messages about your myMED-EL account.
- address further questions or ask for additional data to verify you as MED-EL user.
- inform you that your myMED-EL account is granted.
MED-EL uses this data in anonymized form for statistics, research and product improvement.
The authentication for the access to myMED-EL and the personalized services is carried out by means of the Auth0 software component, a service of Auth0 Inc.,10800 NE 8th, St. Suite 700, Bellevue, WA 98004, USA. This requires forwarding your email address and password to Auth0 for a secure login process. More information can be found here https://auth0.com/terms/ and here https://auth0.com/privacy/. You can unsubscribe anytime by contacting us, e.g. via e-mail directly in your myMED-EL profile.
Your contact details are required to confirm your identity and to meet the required services and contact requests.
Consent – Art. 6 (1) a) GDPR, Performance of a contract - Art. 6 (1) b) GDPR and Art. 89 GDPR – Research and improvement of product services.
We offer various free subscription services via our website and social media that provide information about MED-EL products, services and our work. From time to time we send out optional surveys that ask for your anonymous feedback.
In order to provide relevant and accurate marketing we process your name, profession and professional interests, phone number, address, email address and user behavior (opening emails, clicking on links).
You can unsubscribe anytime, a link is included in each newsletter.
MED-EL cares about the privacy of our users and partners with the following providers in order to deliver marketing and communications to you securely, and in a legal manner:
Microsoft Dynamics 365 Marketing: https://docs.microsoft.com/de-de/dynamics365/get-started/gdpr/
Momentive (former Survey Monkey): https://www.surveymonkey.com/mp/legal/privacy/?utm_source=momentive
Information about MED-EL specific topics, products and services
Consent – Art. 6 (1) lit. a) GDPR and Legitimate interests – Art. 6 (1) lit. f) GDPR advertising and optimizing of online offers.
We offer hearing tests and surveys on our website, as well as in some countries the option of uploading audiograms or test results. Depending on the test, your data (name, contact details, age, gender, test result, speech perception, audiogram) will be transmitted to a MED-EL expert in your area.
For minors this request can only be submitted by their legal representatives.
Answering/assisting you with your request on available hearing solutions; analysis of your audiogram/test result and providing you with information about your hearing.
The test results are processed in an anonymized form also for statistical and research purposes.
Consent – Art. 6 (1) a), 9 (2) lit. a) GDPR and Legitimate Interest – Art. 6 (1) f) and Art. 89 GDPR – Statistics, Research and improvement of our products and services.
You can submit an unsolicited application as well as an application for a specific listed position through our website.
For more information acc. to Article 13 of the General Data Protection Regulation (GDPR) in connection with the collection and processing of your personal data in the context of the online application please have a look at our MED-EL Data Privacy Information for applicants.
Consent – Art. 6 (1) lit. b) GDPR
MED-EL offers online events, meetings, webinars and consultations, as well as support for audiologists, speech pathologists and surgeons via videoconference. For registration purposes and to communicate with you, we will process the following data: first name, last name, email address, profession, institution, city/country, name of MED-EL representative.
Online events may be recorded and are made available via the MED-EL Academy.
Depending on the type of online event, we use the following providers:
“WebEx” is a service of Cisco Systems Inc., 170 West Tasman Dr., San Jose, CA 95134, USA. Privacy information: http://www.cisco.com/c/en/us/about/legal/privacy.html.
Adobe Connect is a service of Adobe Systems Software, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. Privacy information: https://www.adobe.com/privacy.html.
Zoom is a service of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, California 95113, USA. Privacy information: https://zoom.us/privacy.
Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way Redmond, Washington 98052. Privacy information: https://privacy.microsoft.com/en-us/privacystatement.
Registration and access to online events and consultations, webinars and video conferences.
Performance of a contract – Art. 6 (1) b GDPR and Legitimate interests – Art. 6 (1) f GDPR – Provide online events and training material.
In some countries we accept online payments via Paypal (Europe) S.a.r.L, 22-24 Boulevard Royal, L-2449 Luxembourg. In order to complete a transaction, your personal data will be securely shared between MED-EL and Paypal. This includes your name, address, email address, IP address, transaction ID.
Further information can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Payment by PayPal
Performance of a contract – Art. 6 (1) b GDPR
Authorized MED-EL partners can upload and save hearing maps directly to the myMED-EL platform, our trained clinical specialists use these maps to deal with service cases, warranties, and patient specific customizations.
In order to provide this service, we process the data of the audio processor, serial number, product type, date of fitting and hearing map. MED-EL anonymize this data and use it for statistics, research and product improvement.
Faster handling of service and repair cases.
Consent – Art. 6 (1) a), 9 (2) a) GDPR and Legitimate interests - Art. 6 (1) f) and Art. 89 GDPR -Research and improvement of product services.
You can find MED-EL online via social media. We use these platforms to communicate with you and publish information about our products and work. Your feedback is used to improve our products and services. We receive anonymous statistics from these providers about: comments, sharing, likes, subscriptions and similar interactions, you can find their privacy information below.
We are jointly responsible with the providers. For inquiries about your personal data, you can contact both, the operator and us.
Online communication, publish information about products and services. Evaluate Feedback for product and service improvement.
Legitimate interests – Art. 6 (1) f) GDPR – public relations and communication, improvement of products and services.
Twitter is a service of Twitter International Company, 26 Fenian St., Dublin, Ireland. Data protection information: https://twitter.com/en/privacy.
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data protection information: https://policies.google.com/privacy.
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Data protection information: https://www.linkedin.com/legal/privacy-policy.
Facebook and Instagram
are services of Meta Platforms Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Further information on the use of personal data can also be found here: https://www.facebook.com/legal/controller_addendum
As a professional you can get access to our online media database containing case studies on implantation of MED-EL products via your myMED-EL account.
The videos are hosted by the platform Vimeo (Vimeo LLC, 555 West 18th Street, New York 10011, USA). Information on data privacy at Vimeo can be found here: https://vimeo.com/privacy.
Existing registrations by the service provider Arri Media GmbH, Türkenstraße 89, 80799 München can still be used in the transition phase. Information on data privacy at Arri.
Access and registration to the Surgical Video Library
Performance of a contract – Art. 6 (1) b) GDPR
Hearpeers is MED-EL’s international community for hearing implant recipients and candidates. It is a place where hearing implant users and anyone interested in life with hearing implants can connect with one another, learn from each other and finally hear life again. Your (nick)name, picture and posted content is visible to other members.
Registration takes place via your myMED-EL Account.
The Hearpeers Mentors
Hearpeers Mentors have been through the hearing implant process themselves. They will understand your concerns and can offer free one-on-one support.
Contact a Mentor for confidential, private and direct conversations, for one-to-one support from someone who understands and for individual answers to all your personal non-medical questions about life with a hearing implant.
Your mentor will share your contact information with MED-EL (name, e-mail, initial question) so they can support you in finding the best solution for you. The content of conversations remains confidential between you and your mentor.
The Hearpeers Forum
Registration also includes access to the Hearpeers Forum, a social networking service supported by MED-EL that aims to bring together hearing implant recipients and candidates, caregivers, and families all around the world to support one another through shared experiences. Members can post and answer questions and share visual content. All posted content, your (nick)name and picture (if uploaded) is publicly visible to members, as well as visitors who are not signed in.
Register to the Hearpeers Community
Consent – Art. 6 (1) a) and Art. 9 (2) a) GDPR
If you use our Webshop you can order products from MED-EL. To fulfill the orders we will collect the following information: name, contact details, email, date of birth, clinic of implantation, date of implantation, name of recipient, contact details of recipient, reason of disability, device serial number, billing address, shipping address, phone number, IP address and browser information.
Operate the store, provide services and fulfill orders.
Performance of a contract – Art. 6 (1) lit. b) GDPR
Who receives your data?
Data can be passed on within the MED-EL group. Only those branches, departments or employees have access to your data that they need for proper processing.
Transmission of data to third parties:
We use various service providers and third parties ("data processors") to continuously improve our website and mobile applications and to provide you with user-friendly services.
MED-EL only uses data processors who have signed the corresponding data protection agreements and offer sufficient guarantees under applicable law. As far as possible, we select cooperation partners who are based or have their servers within the European Union (EU).
In order to be able to offer you certain services, we commission third-party providers with headquarters or servers outside the EU. Unless otherwise stated below, we use the EU standard contractual clauses as suitable guarantees: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj to ensure a GDPR-compliant level of protection of your data.
In addition, we pay attention to additional security measures and data protection regulations or certifications of our partners.
For billing purposes or for your health care, data may have to be passed on to health insurance companies or medical institutions.
The updating of your personal data takes place primarily on the basis of your direct feedback or change notices to us. However, updating is also possible due to information from third parties or the use of publicly available information.
How long will your data be stored?
We process your personal data, as far as necessary, for the duration of our business relationship (initiation, processing and termination of a contract) as well as in accordance with the statutory storage and documentation obligations arising from the Austrian Commercial Code (UGB) and the Federal Tax Code (BAO) or to assert, exercise or defend legal claims.
In addition, the storage period is also judged by the statutory limitation periods, which may be, for example, under the General Civil Code (ABGB) usually 30 years, in some cases, but only 3 years.
Basically, your data will therefore be deleted after complete execution of the contract, revocation of your consent or your objection, if the storage for the fulfillment of a legal obligation or for the establishment, exercise or defence of legal claims is not required. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved any further data processing that is permitted by law.
There is the possibility that anonymisation of the data is carried out instead of a deletion. In this case, any personal reference is irretrievably removed, which is why the data protection cancellation obligations no longer apply. In this case, no personal reference can be restored.
Under the GDPR you have the following rights:
- Right of access – Art. 15 GDPR:
The right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access to the personal data;
- Right to rectification – Art. 16 GDPR:
The right to obtain without undue delay the rectification of inaccurate personal data concerning yourself;
- Right to erasure ('right to be forgotten') – Art. 17 GDPR:
The right to obtain the erasure of your personal data concerning yourself without undue delay;
- Right to restriction of processing – Art. 18 GDPR:
The right to obtain restriction of processing of your personal data;
- Right to data portability – Art. 20 GDPR:
The right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance;
- Right to object – Art. 21 GDPR:
The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 (1) lit. e) or f) GDPR.
Where data processing requires your consent, you can withdraw your consent to future use at any time by emailing firstname.lastname@example.org or by adjusting your choice in our Cookie Settings.
Although we will strive to address any questions or concerns you may have, if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria the data protection authority is responsible.
Is there an obligation to provide data?
As part of the business relationship, you only need to provide the personal information that is required to establish and conduct the business relationship or that we are required to collect by law. You are also required to notify us of any changes in your data. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the contract or an existing contract can no longer be performed and consequently terminated.
Is my data used for automated decision making including profiling?
We do not use automated decision-making according to Art. 22 DSGVO.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
About cookies on this website
Click on „Accept all Cookies“, to accept all cookies and navigate directly to the website; or click on „Cookie Settings“, to get a detailed description of the types of cookies we use and to decide whether certain cookies should be saved. You can withdraw your consent to future use at any time directly in our Cookie settings.
We use the following providers for the improvement and optimal operation of our website:
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
For more information on data protection please visit: https://policies.google.com/
Consent – Art. 6 (1) a GDPR
To optimize images in real time, we use imgIX, a service of the company Zebrafish Labs Inc., 423 Tehama St, San Francisco, CA 94103, USA, on our website. For more information on data protection please visit: https://imgix.com/privacy
Legitimate interests – Art. 6 (1) f) GDPR – optimized display of images in real time
In order to be able to provide our online offer safely and efficiently, we take the services of the web hosting provider Pantheon (Pantheon Systems, Inc., 717 California Street, San Francisco, CA 94108). For more information on data protection please visit: https://www.pantheon-inc.com/privacy-statement
Legitimate interests – Art. 6 (1) f) GDPR – error-free and secure provision of our website
We also use so-called social media plugins (hereinafter “buttons”) to link our website to social networks:
- Clearspring Technologies (AddThis)
- Meta Platforms (Facebook and Instagram comments, Like Button and Social Widgets)
- LinkedIn (LinkedIn Button and Social Widgets)
- Twitter (Twitter Tweet Button and Social Widgets)
- Google (Google+ Button and Social Widgets, Google Fonts, YouTube Button and Social Widgets)
When you visit our website, these buttons are disabled, i.e. they do not send any data to the respective social networks without your intervention. You can activate the buttons with your click. The buttons remain active until you de-activate them or delete your cookies.
After activation, a direct connection is established with the server of the social network. If you are logged in to the social network, this can assign your visit to this website to your user account.
We have no influence on the amount of data transferred to the social network.
Consent – Art. 6 (1) a GDPR
We use the Google Tag Manager, a tool of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.
The Google Tag Manager itself does not store cookies or process personal data. However, it enables additional tags to be triggered that can collect and process personal data to allow a needs-based design and to optimize our website.
For more information on the Tag Manager please visit: https://support.google.com/tagmanager/answer/9323295?hl=en
We use ”Google Ads“, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
For more information on Google data protection please visit: https://policies.google.com/technologies/ads?hl=en.
We use Google Ads for marketing and optimization purposes, mainly to show you relevant and interesting ads and to improve reports on campaign performance. We do not collect or process any personal data. We only receive anonymized statistical evaluations from Google. Google Ads automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google.
Optimization of our marketing offer.
Consent – Art. 6 (1) a GDPR
We use the services “Facebook Pixel”, “Conversion API” and “Facebook Custom Audiences” of Meta Platforms Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For more information on Meta's data protection please visit: https://m.facebook.com/privacy/explanation.
These services enable Meta to show our ads on Facebook only to those Facebook users who visited our website and showed interest in certain topics or products.
For marketing and optimization purposes, mainly to place relevant and interesting ads on Facebook and thus improve our offer.
Consent – Art. 6 (1) a GDPR
This Policy was last updated in March 2022.