Occlutech Group Privacy Notice
We are happy you show an interest in knowing more about how personal data is processed within Occlutech (“we”, “our” or “us”). Data protection is important for us and we want you to know that we always strive to protect your personal data to the very best of our ability.
On this page you can read more about how your data is being processed as well as the rights you have in connection to these activities.
1. General information
1.1 Responsible parties for your data
In accordance with governing data protection laws and regulations, incl. the EU General Data Protection Regulation (“GDPR”), the controller for your personal data can be one of the companies below. Although, in some instances, the companies may be joint controllers for data processing that is carried out for shared purposes.
in Germany:
Occlutech GmbH
Winzerlaer Straße 2
07745 Jena
Germany
Phone: +49 3641 508-324
Fax: +49 3641 675-122
germany@occlutech.com
in Sweden:
Occlutech International AB
Landskronavägen 2
SE-252 32 Helsingborg
Sweden
Phone: +46 (0)704 33 65 32
Fax: +46 (0)42 311 09 70
info@occlutech.com
in Turkey:
Occlutech Tıbbi Urunler San.ve Tic.Ltd.Sti.
AHL Serbest Bolgesi, E-5 Blok
34149, Istanbul
Turkey
Phone: +90 212 465 04 97
Fax: +90 212 465 47 57
info-istanbul@occlutech.com
1.2 Data Protection Officer
If you have any questions about data protection, please send us an email or get directly in touch with our Data Protection Officers:
Global DPO
Occlutech International AB
Landskronavägen 2
SE-252 32 Helsingborg, Sweden
E-Mail: DPO@occlutech.com
DPO for Occlutech Germany (Occlutech GmbH)
Occlutech GmbH
Otto-Schmerbach-Straße 19
09117 Chemnitz, Germany
E-Mail: datenschutz@qdc.de
1.3 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with your supervisory data protection authority. In Sweden the supervisory authority for privacy is Integritetsskyddsmyndigheten (www.imy.se). In Germany you will find a list of the different data protection supervisory authorities for the non-public area and their addresses under: https://www.bfdi.bund.de/DE/Infothek/addressen_Links/anschriften_links-node.html.
1.4 Data protection principles
Occlutech displays its commitment to privacy and data protection by inter alia embracing the following principles in accordance with article 5 GDPR:
Occlutech only processes personal data lawfully, fairly, correctly and in a transparent manner.
Occlutech only collects necessary personal data, and only to fulfill a legitimate purpose.
Occlutech stores personal data as long as necessary and erases it when it’s no longer needed
Occlutech protects personal data with appropriate technical and organizational security measures.
1.5 Disclosed parties
Your data may be transferred within the Occlutech Group (see the listed controllers above). Additionally, your personal data will be disclosed to a third party only if:
- you have given us your explicit consent to do so (pursuant to Article 6(1)(a) GDPR),
- this is necessary for the performance of a contract with you (Article 6(1)(b) GDPR),
- this is necessary for the compliance with a legal obligation (Article 6(1)(c) GDPR),
- this is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) GDPR),
- this is required for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6(1)(f) GDPR).
1.6 Place of processing
Occlutech processes your personal data within the EU/EEA. However, in exceptional cases, and when necessary, we may transfer it to a country outside the EU/EEA. Any such third country transfer will be carried out in accordance with Articles 44-49 in the GDPR and applicable national data protection legislation. The transfer of your personal data to a third country will be based on Standard Contractual Clauses (SCCs) if the transfer cannot be based on an adequacy decision, together with supplementary measures.
1.7 Legal basis
Occlutech only processes (collects, stores, transfers, uses etc.) your personal data with a legal basis in accordance with Article 6 GDPR. Legal basis may be based on your consent, by contract, statutory obligations or from our legitimate interest as a business. We only process sensitive personal data if one of the exceptions in Article 9 GDPR is fulfilled. You will be informed for every processing activity we carry out that contains your personal data.
2. Processing activities
Occlutech processes your data for different purposes. Below you can find the different processing activities that may be applicable to your personal data.
2.1 Job applications
During a recruitment process we may process your personal data in order to carry out the recruitment. Your data will only be processed for the purpose of the application process and, if applicable, for the purpose of your subsequent recruitment. For above stated purpose we have a legitimate interest for processing your personal data.
Only authorized personnel at Occlutech will be accessing the personal data collected through the recruitment process.
Once we have notified you about our decision concerning the recruitment, we shall either completely erase your data or (in the event of your recruitment) store them in your personnel file.
2.2 Clinical trials
We process pseudonymized personal data in clinical trials. Your personal data will be processed for the following purposes:
- For the performance of the study and development.
- As required to comply with applicable laws and regulations.
- In aggregated and anonymized form in connection with scientific research.
Every time we process your personal data in a clinical trial, we will rely on a legal basis of processing under GDPR. We process personal data in clinical trials for the performance of a task carried out in the public interest. We also process personal data in clinical trials in the context of safety reporting or in the context of an inspection by national competent authority, or the retention of clinical trial data in accordance with archiving obligations set up by the Clinical Trial Regulation (CTR) or, as may be the case, relevant national laws, to comply with legal obligations to which we are subject to. If we use your consent as a legal basis for our processing of personal data in a clinical research, we do so only in the situation where we can ensure that no imbalance of power between you and us exists and the requirements for explicit consent in GDPR can be met.
We will need to process data about health in clinical trials. Health data is a “special category” of personal data under the GDPR. Special rules apply to this type of data. We process special category of personal data (sensitive personal data) only if one of the exceptions in Article 9 of the GDPR becomes applicable to the processing such as the exception in Article 9(2)(i) or 9(2)(j) GDPR.
Personal data in clinical research is only processed by authorized personnel at Occlutech.
The storage of personal data in clinical trials depends on our responsibilities under relevant legislation such as CTR.
You will receive additional information about data protection before participating in our clinical trials.
2.3 Customer support
In order to give you service and support, (via email and/or telephone) we may process your personal data. Your personal data will be processed to manage and answer your questions and complaints. We have a legitimate interest as a business to process your personal data for customer support purposes.
Your personal data will be processed by personnel within Occlutech Group in order to support you in your errands.
The storage of your data depends on your errand. Your personal data will only be kept for as long as it is necessary to provide and manage the support you need. We only keep the data if we have an outstanding obligation to you or by other reason prevented from erasure.
2.4 Embedded Youtube videos
We embed YouTube videos on some of our websites. When you visit a page with the Youtube plug-in, a connection with the servers of Youtube will be established and Youtube will be informed which pages you are visiting. If you are logged into your Youtube account, Youtube can allocate your surfing behavior personally to you. You can prevent this by logging out of your Youtube account prior to it.
The legal basis for embedding Youtube and the data transfer to Google associated with it is consent (Article 6, sub-section 1 a, GDPR). Your data will be shared with Youtube and Google and your data may be processed in the United States.
If you have deactivated the storage of cookies for the Google Ads program, we will not process any cookies when you are you are watching these Youtube videos. However, Youtube will also store non-personal usage information in other cookies. If you like to prevent this, you will have to block the storage of cookies in the browser.
For further data protection information in connection with Youtube in the provider’s data protection statement please see: https://www.google.de/intl/de/policies/privacy/
3. Cookies
3.1 Occlutech’s use of cookies
Occlutech uses cookies, i.e. small text files that are transmitted by a website server to your hard disc, to analyze the traffic on our websites. The information analyzed includes the number of visits, the pages visited and traffic sources, all with the aim of improving the user experience to our visitors. We also use cookies in connection to our marketing materials to make our advertising as relevant as possible for our customers.
We place non-essential cookies on your device only if you have given your explicit consent. You can withdraw your consent at any time if you change your mind. As a visitor, you can set your own browser to allow cookies to be stored on your computer or not. You can also choose to delete any cookie file that has been placed on your computer at any time.
We use cookies from third parties (for example Google Analytics). As a result, your personal data may be processed in a country outside the EU or EEA. The level of legal protection for personal data may differ in these countries and may not provide the same level of protection as data protection legislation in the EU/EEA. Therefore, in the event of such a transfer, we will take appropriate safeguards to keep your information secure when needed. This means that we sign SCCs when no other transfer mechanism is available, and implement additional safety measures to the data, such as pseudonymization, encryption and authorization control. You can contact us if you have any questions about the measures taken to protect your personal data transferred outside the EU/EEA.
3.2 How to use our website without cookies
You can also view our website without cookies. Internet browsers are usually set in such a way that they accept cookies. In general, you can deactivate the use of cookies at any point in time via the settings in your browser. You may want to use the help functions of your Internet browser, in order to find out how to change these settings. Please note that some functions of our website may not work, if you have deactivated the use of cookies.
Provided your browser settings allow the use of cookies, or you have given us any necessary consent, the cookies below can be used on our websites. You can delete individual cookies or the entire cookie inventory via your browser settings. Depending on the provider of your browser, you will find the relevant information on how to e.g., block cookies in advance by visiting the following links:
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
- Opera: http://www.opera.com/de/help
- Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
4. Your rights as a data subject
You have the right to, at any time, exercise the following rights by getting in touch with our data protection officer by using the contact details provided under Section 1.2:
Right of access (Article 15 GDPR)
You have the right to obtain information on the processing of your personal data, and if so, receive a copy of it. Such a copy is commonly referred to as a data subjects access request (DSAR).
Right to rectification (Article 16 GDPR)
If you deem your personal data inaccurate or incomplete, you have the right to have the data corrected (rectified).
Right to erasure (Article 17 GDPR)
In certain cases, you have the right to demand your personal data to be erased. This right is not absolute, and we may still process your personal data. For example, if we are required by law.
Right to restriction (Article 18 GDPR)
You have the right to restrict the processing of personal data we carry out.
Right to data portability (Article 20 GDPR)
In certain instances, you have the right to transfer your personal data from one controller to another, provided you have given us your permission to the data processing, or you have concluded a contract with us. This can either be carried out by the controller which data is being transferred from, or that you receive the personal data in a commonly used machine-readable format.
Right to object (Article 21 GDPR)
When the processing is based on public or legitimate interest (Article 6(1)(e) and 6(1)(f), including profiling) you have the right to object to the processing. If Occlutech cannot prove that there is a justified public or legitimate interest, we must cease the processing of that personal data.
5. Modifications to our data protection provisions
We reserve the right to adjust this data protection statement, so that it always conforms to the current legal requirements, or in order to implement changes in the data protection statement that concern our services, as may be the case when new services are introduced. Whenever you then visit our website, the new data protection statement will be applicable.