Data Privacy Statement

Version: January 2019

The following Data Protection Guidelines shall be valid for the online website at www.windstar-medical.com.

1. Who are We? (Responsible Party)

The Responsible Party is WindStar Medical GmbH, Am Joseph 15, 61273 Wehrheim, e-mail: info@windstar-medical.com, hereafter also referred to as "WindStar Medical" or "we" and/or "us".
Exceptions shall be discussed in detail in these Data Protection Guidelines.

2. Contact Data of Our Data Protection Officer

If you should have any questions regarding this Data Protection Declaration or generally regarding the processing of your data for this online website, please contact our Data Protection Officer:
SECUWING GmbH & Co. KG / Datenschutz Agentur
Maximilian Hartung
Frauentorstraße 9
86152 Augsburg
Germany
Email: datenschutz@windstar-medical.com

 

3. What Personal Data of Yours do We Process?

General

Personal data are considered to be all information which refers to an identified or identifiable natural person (e.g. name, address, telephone number, birthdate or e-mail address).
If we process personal data, this means that we shall, for example, collect them, save them, use them, transmit them to other persons or delete them.
In principle, you can use our online website without disclosing any personal data. However, the usage of certain services may require the disclosure of personal data, e.g. a registration or the participation in a sweepstakes contest. Obligatory data are regularly marked with an *. If you would not like to provide us with the required data in this regard, you can unfortunately not use the corresponding services.

For What do We Use Your Data and upon What Legal Basis?

We shall process your personal data for the following purposes and upon the basis of the aforementioned legal foundations. In the case that the data processing is based upon a balancing of interests, we shall also elaborate our rightful interest to you which we are pursuing with the processing:

No.Purpose of the ProcessingLegal Basis of the Processing as well as Presentation of the Rightful Interest Insofar as This is Relevant

1.

Supplying of this online websiteContractual fulfilment (Art. 6 Abs. 1b) DSGVO)

2.

Personalisation of the website

Contractual fulfilment or consent (Art. 6 Abs. 1a, b) DSGVO)

3.

Analysis of the website in order to identify usage behaviours including market research and coverage measurement

Balancing of interests; we have a rightful interest in analysing the usage behaviour on our online website in order tobe able to continuously improve it and/or to be able to adapt it to the interests of our users. (Art. 6 Abs. 1f) DSGVO)

4.

Identification of disruptions and guaranteeing the system’s security including the detection and tracking of impermissible accesses and access attempts on our web server

Fulfilment of our legal obligations regarding data security as well as a balancing of interests; we have a rightful interest in the elimination of disruptions, the guaranteeing of system security as well as the detection and tracking of impermissible access attempts and/or accesses. (Art. 6 Abs. 1f) DSGVO)

5.

Safeguarding and defending of our rights

Balancing of interests; we have a rightful interest in the assertion and the defending of our rights. (Art. 6 Abs. 1f) DSGVO)

 

Upon request, you can receive information from us regarding the balancings of interests which we undertake. For this, please simply use the data in the "Contact" section.
Please keep in mind that you have a right of objection with regards to the processing of data for the purposes of direct marketing and/or for personal reasons (see the Affected Parties' Rights section).

4. Who Receives Your Personal Data and Why?

Dissemination of Data to Third Parties

In principle, your personal data are only then disseminated by us to third parties insofar as this is required for the contractual fulfilment, we or the third party have a rightful interest in the dissemination or you have provided your consent in this regard. Insofar as data are disseminated to third parties, this will be discussed in detail in these Data Protection Guidelines. In the case of a dissemination upon the basis of a consent, the elaboration can also be issued when obtaining the consent.
Moreover, data can be disseminated to third parties insofar as we should be obliged to do so owing to the statutory guidelines or an enforceable government or court decree.

Service Providers

We reserve the right to commission service providers to collect and/or process data. We provide the service providers only with the personal data which they require for their concrete work tasks. Thus, for example, your e-mail address may be disseminated to a service provider so that this service provider can deliver to you a newsletter to which you have subscribed. Service providers may also be commissioned to provide server capacities. As a rule, service providers have been integrated as so-called contracted data processors which may process personal data of the users of this online website only in accordance with our instructions.
Insofar as service providers have not already been designated by name in these Data Protection Guidelines (e.g. for web analysis), it entails service providers which are required for contractual fulfilment purposes.

5. When do We Disseminate Data to Countries which are Not Members of the European Economic Area?

We also disseminate personal data to third parties and/or contracted data processors which have their commercial residence in non-EEA countries. In this case, before making dissemination thereof, we shall ensure that the recipient maintains either an appropriate data protection level (e.g. owing to an adequacy ruling by the EU Commission for the respective country in accordance with Art. 45 GDPR, through a self-certification of the recipient for the EU-US Privacy Shield in conjunction with the corresponding adequacy resolution by the Commission in accordance with Art. 45 GDPR or an agreement regarding the so-called EU Standard Contractual Clauses of the European Commission with the recipient in accordance with Art. 46 GDPR) and/or an express consent has been granted by our users.
You can receive from us an overview of the recipients in non-EEA countries and a copy of the concretely-agreed provisions for the guaranteeing of the appropriate data protection level. For this, please use the data in the "Contact" section.

6. How Long do We Store Your Data?

We store your data as long as this is required for the supplying of our online website and the rendering of the related services and/or we have a rightful interest in the continued storage of your data. In all other cases, we shall delete your personal data with the exception of such data which we must continue to retain (e.g. invoices) for the fulfilment of statutorily-prescribed retention timeframes (e.g. under tax or commercial law).
We shall block data that are subject to a retention timeframe obligation until the timeframe has lapsed.

7. Log Files

During each usage of the Internet, certain information shall automatically be transmitted by your Internet browser and stored by us in so-called log files.
The log files shall be stored by us in order to detect disruptions and for security reasons (e.g. for the investigation of attack attempts) for 7 – 10 days and then deleted. Log files whose continued retention is required for documentation purposes shall be excepted from deletion until the definitive clarification of the respective incident and may in the individual case be disseminated to government investigative agencies.
Particularly the following information shall be stored in the log files:
• IP address (Internet protocol address) of the device from which the online website has been accessed;
• Internet address of the website from which the online website has been accessed (so-called origin or referrer URL);
• Name of the service provider by means of which the online website has been accessed;
• Name of the retrieved files and/or information;
• Date and time of day as well as duration of the retrieval;
• Transferred data quantity;
• Operating system and information regarding the Internet browser being used including any installed add-ons (e.g. for the flash player);
• http status code (e.g. "request successful" or "requested file not found");
• Log files are also used for the web analysis.

8. Cookies

What are Cookies?

Cookies are small text files which are sent during the visit to an Internet site and stored in the user's browser. If the corresponding Internet site is accessed again, the user's browser shall send the content of the cookies back and thus enable a recognition of the user. Certain cookies are automatically deleted after the end of the browser session (so-called session cookies) while others are stored for a prescribed timeframe and/or permanently in the user's browser and then are independently deleted thereafter on their own (so-called temporary or permanent cookies).

What Data are Stored in the Cookies?

In principle, no personal data are stored in the cookies, but rather only an online identification number.
How can you prevent the usage of cookies and/or delete the cookies?
You can deactivate the storage of cookies via your browser's settings and delete at any time any cookies that have already been stored in your browser (see "Technical Instructions" section). However, please keep in mind that this online website may possibly not function or only in a restricted fashion without cookies.
Moreover, please keep in mind that objections to the creation of user profiles may sometimes function via a so-called "opt-out cookie". If you should delete all cookies, an objection may thus no longer be valid and you must lodge the objection again.

What Type of Cookies do We Use?

Mandatorily-Required Cookies

Certain cookies are required so that we can securely provide our online website. This category includes, for example:
• Cookies which serve to identify and/or authenticate our users;
• Cookies which temporarily store designated user entries (e.g. content from a shopping basket or an online form);
• Cookies which store designated user preferences (e.g. search or language settings);
• Cookies which store data in order to guarantee the disruption-free playback of video and/or audio content.

Analytical Cookies

We use analytical cookies in order to be able to record the usage behaviour (e.g. advertising banners clicked, sub-pages visited, search queries made) of our users in so-called user profiles and to be able to evaluate such usage behaviour in statistical form.

Advertising Cookies

We also use cookies for advertising purposes. The profiles created via these cookies regarding usage behaviour or also referred to in shortened form as "user profiles" (e.g. advertising banners clicked, sub-pages visited, search queries made) are used by us in order to display advertising and/or offerings to you which are tailored to your interests ("interest-based advertising").

Third-Party Advertising Cookies

We also permit other companies to collect our users' data via advertising cookies ("user profiles"). This enable us and third parties to display interest-based advertising to the users of our online website which is based upon an analysis of their usage behaviour (e.g. advertising banners clicked, sub-pages visited, search queries made) overall and not restricted to our online website.

9. Web Analysis

We require statistical information regarding the usage of our online website in order to be able to design it to be user-friendlier, conduct coverage measurements and do market research.
For this purpose, we utilise the following analytical tools. The user profiles created by the tools via analytical cookies or through the evaluation of the log files are not commingled with personal data.
The providers of the tools shall process data only as contracted data processors in accordance with our instructions and not for their own purposes.
The tools either do not use the IP addresses of the users at all or shorten them immediately after collection.
For each tool, you will find information regarding the respective provider and also regarding how you can object to the collection and processing of data by the tool.
In the case of tools which must lodge the objection via opt-out cookies, it must be kept in mind that the opt-out function is device- and/or browser-specific and in principle valid only for the device and/or browser being used at that respective time. If you use multiple devices and/or browsers, you must select the opt-out on each individual device and in each browser being used.
Moreover, you can prevent the formation of user profiles for analytical purposes overall as well by generally preventing the usage of cookies.

Google Tag Manager

This website uses the Google Tag Manager. By using the Google Tag Manager, marketers can manage website tags via an interface. The Tool Tag Manager itself (which implements the tags) is a "cookie-less" Domain and collects no personal data. The tool affects the activation of other tags which, upon their part, may possibly collect data. The Google Tag Manager shall not access these data. If a deactivation is made on the domain or cookie level, this will continue to exist for all tracking tags which are implemented by means of the Google Tag Manager.
In order to prevent a tracking of all trackers from the Google Tag Manager, use the link in the "Google Analytics" section with the note "Click here in order to be excluded from Google Analytics and additional measurements."

Google Analytics

Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the supplemental function offered by Google in order to anonymise the IP addresses: In so doing, as a rule, the IP address has already been shortened by Google within the EU and solely in exceptional cases shall the IP address only then be shortened in the USA and in any case stored only in shortened form.
You can object to the collection and/or evaluation of your data by this tool by downloading the browser plug-in available by clicking on the following link and installing it http://tools.google.com/dlpage/gaoptout?hl=en.

Click here in order to be exluded from the Google Analytics measurement and additional measurements.

10. Data Collection and Evaluation of Usage Behaviour for Interest-Based Advertising (Also by Third Parties)

On this online website, we would like to present our users with advertising and/or special offers tailored to their interests ("interest-based advertising") and limit the frequency of the displaying of certain advertising. For this purpose, we utilise the tools that are described below.

The user profiles created by the tools via the advertising cookies and/or the advertising cookies of third parties, so-called web beacons (invisible graphics which are also called pixels or tracking pixels) or comparable technologies are not commingled with personal data. The tools either do not process the IP addresses of the users at all or shorten them immediately after the data collection is done.
The Responsible Party for the processing of data in conjunction with the tools is the respective provider insofar as we have announced nothing to the contrary in this regard. The providers of the tools may possibly also forward information to third parties for the aforementioned purposes.
For each tool, you can find information about the provider and also regarding how you can object to the collection of data via this tool. However, please keep in mind that you will not deactivate the advertising through your objection. Your objection will result only in no interest-based advertising being displayed to you which is based upon your usage behaviour.
In the case of tools which work with opt-out cookies, it should be kept in mind that the opt-out function is device- and/or browser-specific and in principle only valid for the device and/or browser being used at that respective time. If you use multiple devices and/or browsers, you must select the opt-out on each individual device and in each browser being used.
Moreover, you can prevent the formation of user profiles overall as well by generally preventing the usage of cookies.
We have subjected ourselves voluntarily to the self-regulation of the Deutschen Datenschutzrat Online-Werbung [German Data Protection Advisory Council for Online Advertising] (DDOW). You can review the Self-Regulation Code that is valid for us (Code for Telemedia Providers – Initial Parties) at the following link: http://meine-cookies.org/DDOW/dokumente/DDOW_%20OBA-SR_Kodex_1st.pdf.
Additional information regarding interest-based advertising is available on the consumer portal http://www.meine-cookies.org. Moreover, by clicking on the following link to this portal, you can view the status of the activation for the tools from various providers and object to the collection and/or evaluation of your data by these tools: http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html.
A central objection option for various tools – particularly from U.S. providers is also available by clicking on the following link: http://optout.networkadvertising.org/#/

11. Ad-Blocker and Opt-Out Cookies

We wish to point out that the usage of an ad-blocker may restrict the functionality of opt-out cookies. Thus, in certain cases, despite the storage of an opt-out cookie, it may occur that the corresponding tools continue to collect data. In this case, you can restore the functionality by correspondingly configuring or de-installing the ad-blocker.

12. Integrations of Services and Third-Party Content

YouTube

We have integrated videos from the YouTube platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA into our website.
You can find its Data Protection Declaration here: https://www.google.com/policies/privacy/ and the opt-out here: https://adssettings.google.com/

Google Fonts

We have integrated the fonts of "Google Fonts" from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
You can find its Data Protection Declaration here: https://www.google.com/policies/privacy/ and the opt-out here: https://adssettings.google.com

Google Maps

We integrate the maps of "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The privacy statement can be found here: https://www.google.com/policies/privacy/ and the opt-out here: https://adssettings.google.com

Google reCAPTCHA

We use Google reCAPTCHA in order to ensure data security during the transmission of forms. It serves the purpose of differentiating between inputted data by natural persons or misuse by automated processing. The query includes the sending of the IP address and, where applicable, any additional data required by Google for the reCAPTCHA service to Google. For this, the deviating Data Protection Guidelines of Google Inc. shall be valid. You can find information regarding the Data Protection Guidelines of Google Inc. at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

13. Data Protection during the Job Application Process

In order to implement the job application process, we collect personal data from the job applicants. In the case that an employment agreement is concluded, these data continue to be stored for the implementation of the employment relationship. In so doing, the statutory guidelines are followed. In the case that a job position is not awarded, the job application documents shall be deleted by no later than after six months. There shall be an exception to this policy if we must retain the job application documents, for example, in order to fulfil a burden of proof obligation during a set of proceedings in conjunction with the General Equal Opportunity Act or other rightful interests are applicable. If we should retain the job application documents in our job applicant pool for an extended period of time, we shall request your consent in this regard.

14. Your Rights (Rights of the Affected Person)

How Can You Assert Your Rights?

Please use the data in the "Contact" section in order to assert your rights. Please also ensure that it is possible for us to clearly identify your person.
Please keep in mind that your data will be initially only blocked insofar as the applicable retention timeframes oppose the deletion thereof.

Your Rights of Information and Correction

You may demand that we confirm to you whether we are processing your personal data and you have a right to request information regarding your data which we are processing. If your data should be incorrect or incomplete, you may demand you're your data be corrected and/or completed. If we have disseminated your data to third parties, we shall notify them of the correction insofar as this is prescribed by law.

Your Right of Deletion

If the statutory prerequisites have been fulfilled, you may demand that we promptly delete your personal data. This shall particularly be the case if
• Your personal data are no longer needed for the purposes for which they were collected;
• The legal basis for the processing was exclusively your consent and you have revoked this;
• You have objected to the processing for advertising purposes ("objection to advertising");
• You have objected to a processing upon the basis of the legal foundation of a balancing of interests owing to personal reasons and we cannot demonstrate that there are prevailing rightful reasons for a processing;
• Your personal data have been illegally processed; or
• Your personal data must be deleted in order to fulfil the statutory guidelines.

If we have disseminated your data to third parties, we shall notify them of the deletion insofar as this is legally prescribed.
Please keep in mind that your right of deletion is subject to restrictions. For example, we must and/or may delete no data which we must continue to retain owing to statutorily-prescribed retention timeframes. Likewise, any data which we require for the assertion, exercising or defending of legal claims shall also be excepted from your right of deletion.

Your Right of Restriction of the Processing

If the statutory prerequisites have been fulfilled, you may demand that we restrict the processing. This shall particularly be the case if
• You dispute the correctness of your personal data and then until we have had the opportunity to verify the correctness thereof;
• The processing is not being done legally and you demand a restriction of the usage instead of deletion (see the prior section in this regard);
• We no longer need your data for the purposes of the processing, but you need them for the assertion, exercising or defending of your legal claims;
• You have lodged an objection for personal reasons and then until it is determined whether your interests are prevailing.
If a right exists to the restriction of the processing, we shall mark the affected data in order to ensure in this manner that they are only still processed within the strict boundaries which are valid for such restricted data (namely particularly for the defence of legal claims or subject to your consent).

Your Right of Data Portability

You shall have the right to receive the personal data, which you have provided to us for the contractual fulfilment or upon the basis of a consent, in a transferable format. In this case, you may also demand that we transmit these data directly to a third party insofar as this is technically feasible.

Your Right of Revocation of the Consent

Insofar as you have granted us a consent for the processing of your data, you may revoke this at any time with effectiveness for the future. However, the legality of the processing of your data until revocation was made shall remain unaffected.
Your Right of Objection to Direct Marketing
Moreover, you can at any time lodge an objection to the processing of your personal data for advertising purposes ("objection to advertising"). Please keep in mind that, for organisational reasons, there may be an overlapping between your revocation and the usage of your data within the parameters of a campaign which is already running.

Your Right of Objection for Personal Reasons

You shall have the right, for reasons which are based on your special situation, to object to the data processing which we do insofar as this is based on the legal foundation of a rightful interest. We will then discontinue the processing of your data unless we can – in accordance with the statutory guidelines – document mandatory reasons worthy of protection for the continued processing which outweigh your rights.

Your Right to Lodge a Complaint with a Government Supervisory Agency

You shall have the right to lodge an objection with a government data protection agency. In this regard, you can contact particularly the government data protection agency which is competent for your place of residence and/or your German state or which is competent for the location where the violation of data protection law occurred. Alternatively, you can also contact the government data protection agency which is competent for us which is namely: The Hessian Data Protection Officer, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, tel. 0611/1408-0.

15. Contact

In order to request information and to provide suggestions regarding the theme of data protection, we and/or our Data Protection Officer Maximilian Hartung would be glad to support you via the e-mail address: datenschutz@windstar-medical.com.
If you would like to contact us, you can also otherwise reach us as follows: WindStar Medical GmbH, Am Joseph 15, 61273 Wehrheim, 06081 95150

16. Schedule: Technical Instructions

Technical Instructions regarding the Deletion of Cookies

Internet Explorer:

• Instructions at http://windows.microsoft.com/de-de/internet-explorer/delete-manage-cookies#ie=ie-11-win-7

Mozilla Firefox:

• Instructions at https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Google Chrome:

• Instructions at https://support.google.com/chrome/answer/95647

Safari:

• Instructions at http://help.apple.com/safari/mac/8.0/#/sfri11471