Information on data processing according to Art. 13 and 14 General Data Protection Regu-lation (GDPR)
We care about the protection of your personal data and your privacy. For this reason, we will inform you in the follow-ing about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them and the
data protection claims and rights to which you are entitled. When we subsequently talk about data, we mean your personal information. This is all the information that identifies you as a person, directly or indirect-ly.
Please read the following information carefully.
About this Policy
(but amendments will not be made retrospectively). We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the "controller" of all personal data we hold
Who is responsible for data processing?
The responsible controller is:
MED-EL Elektromedizinische Geräte Gesellschaft m.b.H.
Tel.: +43 5 77 88
The responsible data protection officer can be contacted directly firstname.lastname@example.org or
MED-EL Elektromedizinische Geräte GmbH
Which data are being processed and from which sources does this data come from?
We process personal data that we receive from you in the course of the business relationship. If you decide to contact us your personal data includes in particular:
Data collected for monitoring and updates:
- The application name and App Store identifier.
- The application bundle identifier and build version.
- The application state when it crashes.
- The operating system name and version number.
- The device model name.
- The device language and country settings.
- The device jailbreak status. (iOS only).
- The stacktrace.
For what purposes and on what legal basis is your data being processed?
We process your personal data in accordance with the data protection regulations (DSGVO and the Data Protection Act (DSG) in the current version).
You are able to contact MED-EL (e.g. for support, etc.) by filling out the contact form. The contact is normally made by email, if a phone number is given by phone.
When submitting the mobile application’s contact form your data of the contact fields (device type, OS version, app version, duration of app use, country) as well as name and a-mail are processed.
Answering/assisting you with your request
Consent – Art. 6 (1) lit. a) GDPR
To help us detect and fix potential errors early on, we have built a crash report service into our mobile app. We use a crash reporting mechanism reporting via Microsoft Visual Studio App Center (a service of Microsoft Corporation, One Microsoft Way,
Redmond, WA 98052-6399, USA), so when it actually comes to a crash, Microsoft App Center collects the following data to help us identify the problem: application name and App Store identifier, application bundle identi-fier and build version, application
state when it crashes, operating system name and version number, device model name, device language and country settings, device jailbreak status (iOS only), stacktrace.
Safeguarding a stable application
Legitimate Interests– Art. 6 (1) lit. f GDPR
This mobile application sends an update check request to our server on every start. This is a safety measure to ensure that the mobile application version is still valid and allows MED-EL to block the start of the application in case of safety-relevant
problems. This request contains: application name, application bundle identifier and build version, operating system name and version number, device model name, selected language.
Note: For apps obtained from the App Store, update checking is handled by the operating system, not the app.
Safeguarding an up-to-date application
Legitimate Interests – Art. 6 (1) lit. f GDPR
Who receives your data?
Within MED-EL Elektromedizinische Geräte Gesellschaft m.b.H., only those departments or employees receive your data, as far as they need it for processing for the corresponding purposes. In addition, commissioned by us processors (IT service providers,
printing services, marketing, etc.) receive your data, if they need the data to fulfill their respective performance. All processors have been carefully selected and take appropriate technical and organisational measures to ensure that your data is
processed in accordance with data protection obligations and that your rights are protect-ed. Above all, contract processors are not permitted to use your personal data for their own purposes.
With regard to a transfer of data to other third parties, we point out that such a transfer is made only on the basis of a valid legal basis and for pre-determined purposes.
How long will your data be stored?
We process your personal data, as far as necessary, for the duration of our business relationship (initiation, processing and termination of a contract) as well as in accordance with the statutory storage and documentation obligations aris-ing from the
Austrian Commercial Code (UGB) and the Federal Tax Code (BAO) or to assert, exercise or defend legal claims.
Basically, your data will therefore be deleted after complete execution of the contract, revocation of your consent or your objection, if the storage for the fulfillment of a legal obligation or for the establishment, exercise or defence of legal claims
is not required. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved any further data processing that is permitted by law.
There is the possibility that anonymisation of the data is carried out instead of a deletion. In this case, any personal ref-erence is irretrievably removed, which is why the data protection cancellation obligations no longer apply. In this case, no personal
reference can be restored.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to Other Websites
MED-EL mobile applications may contain links to other websites. MED-EL is not responsible for the privacy practices or the content of other websites or mobile applications.
Under the GDPR you have the following rights:
- Right of access – Art. 15 GDPR:
The right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access to the personal data;
- Right to rectification – Art. 16 GDPR:
The right to obtain without undue delay the rectification of inaccurate personal data concerning yourself;
- Right to erasure ('right to be forgotten') – Art. 17 GDPR:
The right to obtain the erasure of your personal data concerning yourself without undue delay;
- Right to restriction of processing – Art. 18 GDPR:
The right to obtain restriction of processing of your personal data;
- Right to data portability – Art. 20 GDPR:
The right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another
controller without hin-drance;
- Right to object – Art. 21 GDPR:
The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 (1) lit. e) or f) GDPR.
Although we will strive to address any questions or concerns you may have, if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can com-plain to the supervisory
authority. In Austria the data protection authority is responsible.
As the Internet matures, so will our Data Privacy Protection Policy. We will post changes to our Data Privacy Protection Policy on this page. Please check this page regularly to keep up-to-date.
This Policy was last updated in October 2018.