Information on data processing according to Art. 13 and 14 General Data Protection Regulation (GDPR)
We care about the protection of your personal data and your privacy. For this reason, we will inform you in the following about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them and the data protection claims and rights to which you are entitled. When we subsequently talk about data, we mean your personal information. This is all the information that identifies you as a person, directly or indirectly.
Please read the following information carefully.
About this Policy
Who is responsible for data processing?
The responsible controller is:
MED-EL Elektromedizinische Geräte Gesellschaft m.b.H.
Tel.: +43 5 77 88
The responsible data protection officer can be contacted directly
MED-EL Elektromedizinische Geräte GmbH
Which data are being processed and from which sources does this data come from?
We process personal data that we receive from you in the course of the business relationship. In addition, we process personal data that we receive from third parties and/or public accessible sources (eg business register, register of associations, country register, press, media) in a permissible manner (eg for the fulfillment of orders / contracts, fulfillment of legal obligations or consent granted by you).
Your personal data includes in particular:
- Contact information including e-mail address and phone numbers
- Demographic information such as postal code, geographic location, preferences and interests
- Other information relevant to market research studies
- Usernames and Passwords for protected areas of the website
- For job applications, in addition to name and contact details, the personal data you provide, training, further knowledge and qualifications, earlier employers and sent documents such as CV, certificates, etc.
For what purposes and on what legal basis is your data being processed?
We process your personal data in accordance with the data protection regulations (GDPR and the Data Protection Act (DPA) in the current version).
You can use our online learning management system containing information, webinars, programs, and courses on MED-EL products and services. To register, you have to provide the following data to us: name, e-mail, address, city, country, profession, and organisation. The Academy also collects online learner behaviour and progress metrics to provide insight into learning experience and proficiency.
Registration and use of our Academy online learning management system
Performance of a contract – Art. 6 (1) lit. b) GDPR
If you allow access to position data via your browser, the clinics and distribution partners are displayed nearby. Your position will be located by identifying the position of your IP address. The data will not be saved.
Display of clinics and distribution partners close to your location
Consent – Art. 6 (1) lit. a) GDPR
You are able to contact MED-EL (e.g. requests about products, support, etc.) by filling out our contact forms. The contact is normally made by email, if a phone number is given by phone.
When submitting the contact form your data of the contact fields (name, occupation (e.g. surgeon, home care, audiologist), interests (professional interests), telephone, address (street, house number, city, zip code, region, country), e-mail, interest to be included in mailing list) are processed.
Answering/assisting you with your request
Consent – Art. 6 (1) lit. a) GDPR
In some of our contact forms we use “Google reCAPTCHA”, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Information on data privacy. With this we check if the data entry is done by a human or by an automated program. Analysis starts automatically as soon as you visit our website. reCAPTCHA uses different information for this analysis (e.g. IP address, time of the visit, mouseclicks).
Legitimate interest – Art. 6 (1) f GDPR - Protection against abusive automated spying and spam.
Operate the store, provide services and fulfill orders.
Performance of a contract – Art. 6 (1) lit. b) GDPR
When contacting us, you can subscribe to our newsletter and mailing lists to obtain information about our products and services. The following data will be used:
name, profession, professional interests, telephone, address, email, evaluation of user behavior (i. e. opening e-mails, clicking on links)
You can unsubscribe anytime (“opt-out”). A link is included in each newsletter.
We distribute our newsletter with the service providers “MailChimp” or “Salesforce”.
MailChimp is a service of the US-based Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Information on Data Privacy
Salesforce: Salesforce.com, The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA. Information on Data Privacy
Both providers are certified under the Privacy-Shield-Framework which guarantees compliance with European data protection requirements.
The providers can use your data in pseudonymized form, i.e. without connection to a specific user, to optimize and improve their services (e.g. technical improvement of distribution and display of newsletter, or for statistical purposes).
The provider will not use your data to contact you or forward your data to third parties.
Information about MED-EL specific topics, products and services
Consent – Art. 6 (1) lit. a) GDPR and Legitimate interests – Art. 6 (1) lit. f) GDPR
Consent – Art.6 (1) a GDPR, Legitimate Interest – Art. 6 (1) f GDPR – Optimization of online offers.
We offer audio hearing tests and surveys via our websites. After you have finalized your hearing test or survey we may offer you the possibility to get in contact with us using a contact form. When submitting the contact form your data provided (first name, last name, e-mail) and your results are processed.
The test results are anonymised for statistical purposes.
Answering/assisting you with your request on available hearing solutions.
Consent – Art. 9 (2) lit. a) GDPR and Legitimate Interest – Art. 6 (1) f) GDPR - Research and improvement of products and services.
You can submit an unsolicited application as well as an application for a specific listed position through our website.
For more information acc. to Article 13 of the General Data Protection Regulation (GDPR) in connection with the collection and processing of your personal data in the context of the online application please have a look at our MED-EL Data Privacy Information for applicants.
Consent – Art. 6 (1) lit. b) GDPR
As a professional you can register to our online media database containing case studies on implantation of MED-EL products. For registration you have to provide the following data to us: name, email, country, profession, name of clinic, city, interests, status. Registration is performed by the service provider Arri Media GmbH, Türkenstraße 89, 80799 München. Your name and email address is forwarded to Arri to complete the registration. Information on data privacy at Arri.
Registration and use of our Surgical Video Library
Performance of a contract – Art. 6 (1) lit. b) GDPR
Purpose: Your contact information (Address, Company, email, password) is required by MED-EL to verify your identity and to fulfill the requested services or contracts.
Consent – Art. 6 (1) lit. a) GDPR; performance of a contract – Art. 6 (1) lit. b) GDPR
On our website we offer the possibility to register for various events (e.g. webinars). In this case, data such as first name, last name, address, telephone number and e-mail address are collected and stored within our system. This information is used to conduct the event and to bill for chargeable events. To be able to offer the service “webinar” we use the service “WebEx” from the company Cisco Systems Inc., 170 West Tasman Dr., San Jose, CA 95134, USA. For the provision of this service and the associated data processing Cisco is the responsible controller. Information on data privacy can be found here http://www.cisco.com/c/en/us/about/legal/privacy.html. By registering for participation, you will receive further information and reminders about the event before and after the event by e-mail.
Registration and access to events and webinars.
Performance of a contract – Art. 6 (1) b GDPR
Who receives your data?
Within MED-EL Elektromedizinische Geräte Gesellschaft m.b.H., only those departments or employees receive your data, as far as they need it for processing for the corresponding purposes. In addition, commissioned by us processors (IT service providers, printing services, marketing, etc.) receive your data, if they need the data to fulfill their respective performance. All processors have been carefully selected and take appropriate technical and organisational measures to ensure that your data is processed in accordance with data protection obligations and that your rights are protected. Above all, contract processors are not permitted to use your personal data for their own purposes.
With regard to a transfer of data to other third parties, we point out that such a transfer is made only on the basis of a valid legal basis and for pre-determined purposes.
The updating of your personal data takes place primarily on the basis of your direct feedback or change notices to us. However, updating is also possible due to information from third parties or the use of publicly available information.
How long will your data be stored?
We process your personal data, as far as necessary, for the duration of our business relationship (initiation, processing and termination of a contract) as well as in accordance with the statutory storage and documentation obligations arising from the Austrian Commercial Code (UGB) and the Federal Tax Code (BAO) or to assert, exercise or defend legal claims.
In addition, the storage period is also judged by the statutory limitation periods, which may be, for example, under the General Civil Code (ABGB) usually 30 years, in some cases, but only 3 years.
Basically, your data will therefore be deleted after complete execution of the contract, revocation of your consent or your objection, if the storage for the fulfillment of a legal obligation or for the establishment, exercise or defence of legal claims is not required. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved any further data processing that is permitted by law.
There is the possibility that anonymisation of the data is carried out instead of a deletion. In this case, any personal reference is irretrievably removed, which is why the data protection cancellation obligations no longer apply. In this case, no personal reference can be restored.
Under the GDPR you have the following rights:
- Right of access – Art. 15 GDPR:
The right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access to the personal data;
- Right to rectification – Art. 16 GDPR:
The right to obtain without undue delay the rectification of inaccurate personal data concerning yourself;
- Right to erasure ('right to be forgotten') – Art. 17 GDPR:
The right to obtain the erasure of your personal data concerning yourself without undue delay;
- Right to restriction of processing – Art. 18 GDPR:
The right to obtain restriction of processing of your personal data;
- Right to data portability – Art. 20 GDPR:
The right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance;
- Right to object – Art. 21 GDPR:
The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 (1) lit. e) or f) GDPR.
Although we will strive to address any questions or concerns you may have, if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria the data protection authority is responsible.
Is there an obligation to provide data?
As part of the business relationship, you only need to provide the personal information that is required to establish and conduct the business relationship or that we are required to collect by law. You are also required to notify us of any changes in your data. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the contract or an existing contract can no longer be performed and consequently terminated.
Is my data used for automated decision making including profiling?
We do not use automated decision-making according to Art. 22 GDPR.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Cookies and Social Plug-Ins Cookies
A cookie is a small text file that stores Internet settings. Almost every website uses this technology. It will be downloaded from your internet browser the first time you visit a webpage. The next time this website is accessed using the same device, the cookie and the information stored therein will either be returned to the website that created it (First Party Cookie) or sent to another website to which it belongs (Third Party Cookie). This will tell the web page that it has been viewed with this browser before, and in some cases will vary the content displayed.
Essential cookies, also called "strictly necessary", guarantee functions without which you could not use this website as intended. These cookies are used exclusively by us and are therefore called first party cookies. They are only stored on your computer during the current browser session. Absolutely necessary cookies: For the login function we have a so-called "session cookie". Without this cookie there is no login and thus no functions behind the login.
Furthermore, such cookies ensure, for example, the functionality of a change from http to https, and thus the compliance with increased security requirements for data transmission when changing pages. Consent for the use of essential cookies is not required.
Cookies requiring approval
Cookies that are not strictly required by law to be able to use the website still perform important tasks. Without these cookies, functions that allow comfortable browsing on our website, such as pre-filled forms, are no longer available. Made settings,
such as a language selection cannot be saved and must therefore be queried again on each page. Used first party cookies, including further description:
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.
Opt-out cookies prevent the future collection of your data when you visit this website. If you click here, the opt-out cookie will be set.
This website uses the Visual Website Optimizer (VWO). With the help VWO we create user tests for the optimisation and further development of our website. VWO analyses static data about the use of our website. In addition, the tool is used as an A/B test tool. In the process, data such as the number of visitors, the click behaviour and the average active residence time of the website user are assigned to the corresponding test variants.
Session or some data for up to 10 years (all data are anonymous)
We also use so-called social plugins (hereinafter buttons) of the social networks:
- Clearspring Technologies (AddThis)
- Facebook (Facebook Comments, Facebook Like Button and Social Widgets)
- LinkedIn (LinkedIn Button and Social Widgets)
- Twitter (Twitter Tweet Button and Social Widgets)
- Google (Google+ Button and Social Widgets, Google Fonts, YouTube Button and Social Widgets)
on the website. When you visit our website, these buttons are disabled by default, ie they do not send any data to the respective social networks without your intervention. Before you can use the buttons, you must activate them with your click. The button will remain active until you disable it or delete your cookies.
This Policy was last updated in May 2018.