Last Updated: January 4, 2022
The protection of your privacy is a top priority for ndd Medical Technologies. We are committed to looking after your personal data in a responsible manner when you access our services or when you visit our homepage and browse our sites. We collect and process your data in accordance with legal provisions, in particular those of the California Consumer Privacy Act (“CCPA”), the Swiss Data Protection Act and the European General Data Protection Regulation (“GDPR”).
· Visit this website or our offices;
· Register for events;
· Request additional information; or
· Send or receive communications to or from us, including emails, phone calls, chat dialogue, texts or fax.
“Personal Data” can include information such as your name, date of birth, email address, postal address, phone number, mobile number, information about the device you use, and information relating to your personal circumstances and how you use our sites and services. The online services we provide include our website, all sites, functions and contents connected with our website, including the live chat function, as well as related external online platforms (such as our social media profiles). For the purpose of this policy, we will refer to all of these collectively as “online services.” With regard to the terms used in this policy, e.g., “processing” or “controller,” we refer to the definitions in the GDPR.
· What Personal Data is collected from you, how it is used and with whom it may be shared.
· What choices are available to you regarding the use of your Personal Data.
· The security procedures in place to protect the misuse of your information.
· How you can correct any inaccuracies in the information.
What Personal Data We Process
· general information (e.g., your name and postal address)
· contact information (e.g., your email address and telephone number)
· data relating to content provided by you (e.g., text, chat content)
· health information, if you choose to provide it
· your browsing history on our sites (e.g., websites you visited, contents you viewed, access times)
· meta data or communication data (e.g., information relating to your device, such as your IP address).
Whose Data We Process
We process the data of visitors and users of our online services (henceforth referred to as “users”).
Why We Process Personal Data
We use the information:
· to provide, maintain and enhance our online services
· to respond to queries and communicate with users
· to ensure safety
· to measure reach and to carry out marketing analysis
Legal Grounds for Using Your Personal Data
We process data lawfully, in a transparent manner and in accordance with individuals’ rights (as applicable). The use of information collected through our online services will be limited to our legitimate interests, where we have considered these are not overridden by your rights, or based upon your informed consent.
Security of Your Personal Data
We have implemented appropriate technical and organizational measures to protect your data adequately. We have done so specifically by taking into account the state of the art, the costs of implementation, the nature, scope, context and purpose of our processing your data, as well as the various risks to your rights and freedoms.
We protect the confidentiality, integrity and availability of your data in a number of ways: e.g., by controlling physical access to where the data are stored; by controlling the means to access, enter and transfer them; by ensuring the data are indeed available to authorized persons when needed; and by ensuring that appropriate means to separate the data from direct identifiers are available (e.g. to allow pseudonymization). Pseudonymization, as defined by the GDPR, is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information that is kept separately. Furthermore, we have established procedures which allow us to observe the rights of data subjects adequately, to delete data as needed and to act appropriately when data appear to be threatened. We integrate the necessary safeguards to protect your data both at the time of the determination of the means for processing them and at the time of the processing itself. We do so by taking into account data protection requirements early on, i.e., even as we develop or select the hardware, software and technologies we intend to use for our services.
Collaboration With Other Processors and Third Parties
We will only grant access to, disclose or transfer data to other persons or companies (processors or third parties) where we have legal grounds to do so. In every case, when applicable, the legal grounds will be one referred to in the CCPA and the GDPR, which includes the following: you have given consent, the processing is necessary in order to comply with a legal obligation, or our legitimate interests require it (e.g., when we employ other processors or use web hosts to deliver our services).
When we engage third parties to process data for us (by means of what is commonly referred to as an “order processing contract”), we do so in compliance with the CCPA and the GDPR.
We will not sell or rent your Personal Data to anyone. We may share your Personal Data with the following selected third parties:
· our website hosting and operating suppliers located in the US, which store your Personal Data in the US and other countries, to enable us to operate our website and deliver web content to you and who enable you to conduct certain activities on our website, such as downloading a document;
· our analytics and search engine providers, located in the US and other countries, which store your personal data in the US, the EU and other countries, to assist us in the delivery, improvement and optimization of the website;
· the provider or providers of remote software hosting services that we engage to host our software, which may store your personal data in the US, EU, UK and other countries depending on the location from which you are accessing the software and whether we or our customer have authorized storage of your personal data in that location, if you are a user of our services;
· (unless you opt out) our marketing partners located in the US, UK and EU, which store your personal data in the US, UK, EU and other countries;
· in individual instances, professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data; and
· if we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by third party, with such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Because we value your privacy, we have taken the necessary precautions to be in compliance with the CCPA. We therefore will not sell your personal data to outside parties without your consent. You have the right not to receive discriminatory treatment by the business for the exercise of the privacy rights conferred by California law.
International Data Transfer
When you interact with our English-language online services, your Personal Data is stored in the United States.
If we transfer personal data from the European Union (EU) or the European Economic Area (EEA) to a third country (i.e., outside of the EU or EEA), we only do so on legal grounds. Your data may need to be transferred when we process information in a third country, when we use services provided by third parties, or when we disclose or transfer data to third parties. In every case, the legal ground will be one of the following: the transfer is necessary for us in order to comply with contractual or with legal obligations, you have given consent, or our legitimate interests require it. Subject to legal or contractual permission, we allow data submitted to us in the EEA to be processed in a third country only if the conditions laid down in the GDPR are complied with.
Your Rights with Regard to Personal Data
When we receive information directly from visitors to the online services who are citizens or residents of countries in the EEA, that information is likely to include “personal information,” as regulated by GDPR. As the recipient of this information (generally just contact information), we are a “data controller” under the GDPR. As such, we will use that information only for the limited purpose of providing information about our products and services until the person who submitted the information no longer wishes that to occur, and anyone who submits personal information to the online services consents to our use of that data for those purposes.
Data subjects’ rights
As mandated by the GDPR, you can contact us with regard to the following rights in relation to your Personal Data:
· If you would like to have a copy of the Personal Data we hold regarding you or if you think that we hold incorrect Personal Data about you, we will honor your request.
· Where you have provided us with consent to use your Personal Data, you can withdraw this at any time.
· You also have the right to ask us to delete your Personal Data or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your Personal Data for certain purposes.
If you want to make any of these requests, please contact us using the contact information provided below.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.
Transfer of personal information
Whenever we transfer your Personal Data from the EEA to a location outside of the EEA, we put in place at least one of these safeguards:
· We will only transfer your Personal Data to countries that have been found to provide an adequate level of protection for Personal Data.
· We may also use specific approved contracts with our service providers that are based in countries outside the EEA. These contracts give your Personal Data the same protection it has in the EEA.
We may transfer your Personal Data from the EEA to the United States of America for the following reasons:
· To store your Personal Data
· To communicate with you
· To monitor the behavior of visitors to the online services.
California Consumer Privacy Act Compliance
Because we value your privacy, we have taken the necessary precautions to be in compliance with the CCPA. We therefore will not distribute your Personal Data to outside parties without your consent.
Modification or deletion of Personal Data gathered through the online services
Upon request, we will provide you with information about whether we hold any of your Personal Data. You may have a legal right under certain applicable laws (for instance if you are residing in the EEA or in California as applicable) to receive, rectify, erase, and restrict Personal Data about them that is held by us, to object to processing and, if processing occurs based on consent, to withdraw their consent. Users of our online services may also have the right to withdraw consent for processing for statistical and research purposes and in some cases (subject to applicable laws) to request cessation of any collection of Personal Data. We will never discriminate against any person based on his or her exercising of their rights hereunder.
If, for any reason, you wish to modify, delete or retrieve your Personal Data collected through the online services and are entitled to under applicable laws, you may do so by contacting us at the address detailed below. We shall perform the necessary process to identify you as an individual who has the right to retrieve the specific information and then we will ask for specific identification information (as shall be applicable for the requested data – for instance IP address and time of uploading the information to our servers (IP address is not enough for an identification of user or data)). We shall make efforts to respond to a request within 30 days or as required under applicable law however, deletion of data may take longer (see below).
Please note that Personal Data may be either deleted or retained in an aggregated manner, without being linked to any identifiers or Personal Data, depending on technical commercial capability.
For any request or question regarding deletion or amendment of Personal Data, you can contact our Data Protection Officer at the contact details listed below, and we shall make efforts to respond and support your request within no more than 30 days.
The Information gathered through the online services shall not be retained longer than legally permitted.
You may opt out of receiving future communications from us by sending us an email at the address below under “How to Contact Us.” You may also opt out of receiving commercial e-mail from us, or other target advertising, by following the instructions in each email.
Cookies are small text files that are placed on your computer or mobile device by the websites you visit. They are able to record various types of data. A cookie is used primarily to store information about the user (or about the user's device on which the cookie is set) during or after the user's browsing of a particular website. Temporary cookies, also called “session cookies” or “transient cookies,” are created temporarily while you are visiting a website. They are deleted once you leave the site or close your browser. Typical examples of such cookies are the online shopping cart feature or your login status. “Permanent” or “persistent cookies,” on the other hand, remain stored in your browser's subfolder even after you have closed your browser. This allows the website to, for example, store your login status for several days and to remember it when you accesses the website again. Such cookies are also used to store information reflecting your interests, which can be used for reach measurement and for marketing purposes. The term “third-party cookie” refers to cookies placed on your device by a website other than the one you are actually visiting (cookies created by the website you are visiting are called “first-party cookies”).
If you do not want cookies to be saved on your device, you can set your browser to remove or reject cookies. You can do so by changing the system settings of you browser. The drawback of disabling cookies on your browser is that certain features and services may not function properly for you.
You can opt out from receiving personalized advertising. Personalized advertising (also known as “interest based advertising”) enables advertisers to reach users based on their interests. You can opt out of interest based advertising, particularly with regard to tracking technologies, through the US-website http://optout.aboutads.info/choices or the EU-website http://www.youronlinechoices.com/. Tracking technologies follow and record your digital habits. They are used by providers to, e.g., understand how you navigate their websites and to determine which of their messages you open. It is also possible to stop your browser from saving cookies altogether by changing your browser’s cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. Please be aware that disabling cookies will mean that certain functions may no longer be available to you.
How Long We Keep Your Data
How to Contact Us
E.U. residents have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any EU data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.