Arthrex, Inc.
  • Events Calendar
  • 0 0

GDPR Privacy Notice


If you are in the European Economic Area when visiting this website, your personal data will be subject to Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

In this Privacy Notice we, Arthrex, Inc., 1370 Creekside Blvd., Naples, FL 34108, USA (“ARTHREX” or “We”) will inform you about how we process and use personal data of visitors of this website from the European Economic Area and on the specific rights such visitors have in connection with their personal data.

Please note that this Privacy Notice applies only to personal data collected in connection with this website which is subject to the GDPR and therefore expressly does not apply to (a) data which is not personal data such as data on corporations or other legal entities, (b) data collected outside of this website; and (c) personal data of website visitors who are not in the European Economic Area.

  1. Privacy Shield Data Transfer Commitment

1.1 ARTHREX as well as its U.S. subsidiaries (Arthrex California Inc., Arthrex California Technology, and Arthrex Manufacturing Inc.), relies on and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce as well as the Model Contracts/Standard Contractual Clauses set forth by the European Commission and the Swiss Federal Data Protection and Information Commissioner, respectively, regarding the collection, use and retention of all personally identifying information that it processes and that is transferred from countries in the European Economic Area and Switzerland to the United States, both in electronic or paper form, including Personal Data and Sensitive Personal Data (defined below). ARTHREX has certified that it adheres to the data protection principles of: notice, choice and consent, onward transfer, security, data integrity, access and enforcement. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

1.2 ARTHREX complies with the Privacy Shield Principles for onward transfers of Personal Data from the EU and Switzerland, including onward transfer liability provisions, relating to transfers of data to a third party acting as an agent on its behalf.

This EU-U.S. and Swiss-U.S. Data Transfer Commitment covers both “Personal Data”, which means any information from which an individual can be directly or indirectly identified, as well as “Sensitive Personal Data”, which means personal information revealing an individual’s racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional, or trade organization or union, physical or mental health including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences, and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior. In addition, for Switzerland, the definition of sensitive data includes ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. Notwithstanding the foregoing, this website is not intended for the collection of Sensitive Personal Data.

1.3 With respect to Personal Data received or transferred following the Privacy Shield Framework, ARTHREX is subject to the investigatory regulatory enforcement powers of the Federal Trade Commission (FTC). In certain situations, ARTHREX may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

1.4 Under certain conditions as described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, individuals may invoke binding arbitration when other dispute resolution measures have been exhausted.

1.5 To learn more about the Privacy Shield Program, and to view ARTHREX’s certification, please visit: https://www.privacyshield.gov/.

1.6 For more information, please visit the following links:

- European Commission Model Contracts/Standard Contractual Clauses:

http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm

- EU General Data Protection Regulation (GDPR):

http://ec.europa.eu/justice/data-protection/reform/index_en.htm

 

  1. Name and Address of the Data Controller and the Representative in the European Union, Supervisory Authority

2.1 We, ARTHREX, are the controller within the meaning of the GDPR of all data collected in connection with this website.

2.1.1 If you have any questions, comments or suggestions about this Privacy Notice or ARTHREX’s privacy practices, please contact ARTHREX at:

Jason Vendel, Sr. Mgr Global Compliance Operations & Privacy
Arthrex, Inc.
1370 Creekside Blvd.
Naples, Florida 34108
(800) 933-7001
Email: AskCompliance@arthrex.com

2.1.2 In compliance with the Privacy Shield, ARTHREX commits to resolve complaints about your privacy and our collection or use of your Personal Data.

2.1.3 ARTHREX has further committed to refer unresolved privacy complaints under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks to an independent recourse mechanism:

American Arbitration Association: International Centre for Dispute Resolution

http://go.adr.org/privacyshield.html

2.2 We have designated a representative in the European Union in accordance with Art. 27 of the GDPR.

2.2.1 Our representative has been mandated to be addressed in addition to us or instead of us by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with the GDPR. Our designation of a representative is without prejudice to legal actions which could be initiated against us directly.

2.2.2 You can contact our representative in the European Union at any time with any questions about data protection. Our representative’s name and address are as follows:

Arthrex GmbH
Erwin-Hielscher-Strasse 9
81249 München
Telefon: 08990  Telephone: +49 89 90 90 05 0  Fax: +49 89 90 90 05 2801
Website: www.arthrex.com        Email: info@arthrex.de

2.2.3 You can contact the data protection officer of our representative in the European Union at any time with any questions about data protection. Our data protection officer’s name and contact details are as follows:

Leif-Eric Langguth
Arthrex GmbH, Erwin-Hielscher-Strasse 9, 81249 München
Email: dataprotection@arthrex.de

2.3 The data protection supervisory authority responsible for our representative in the European Union is:

Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)

      Address:                                                         Postal Address:
      Promenade 27 (Schloss)                                 Postfach 606
      91522 Ansbach                                                91511 Ansbach
      Germany                                                          Germany

      Contact Details:
      Telephone: +49 981 53 1300
      Fax: +49 981 53 98 1300
      Email: poststelle@lda.bayern.de

If you wish to file a complaint, you can also use the complaint form available at https://www.lda.bayern.de/de/beschwerde.html.

 

  1. Processing in the Context of our Website

In this Section we will inform you about how we process and use Personal Data in relation to you which we collect in connection with our website, and on the specific rights you have in this respect.

3.1 Scope and Purposes

3.1.1 When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer.

We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other Personal Data relating to you except as disclosed in Sec. 3.1.2.

This processing will take place for the fulfilment of the existing contract of use with you, as far as it serves the purpose of the technical implementation of the website’s use (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR) and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We will assume that your interests do not conflict with this, because the measures described below are taken in order to limit processing to an appropriate degree.

3.1.2 We will also use the data described in Sec. 1.1 to draw conclusions about your interests from your use and to adapt our website’s offerings according to your interests (profiling). We do this for the preservation of our aforementioned legitimate interest in making our website as user-friendly, safe and attractive as possible and in promoting the sale of our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described in Sec. 3.1.4 (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR).

3.1.3 We use cookies, among other things, to process the data mentioned under Section 1.1 and 3.1.2. Cookies are files that are stored on your computer's hard drive and are accessed by our server when you visit our website.
We use cookies to make your use of the website more convenient.

 

Cookie

Data/Purpose

 

CFID

Cookie for identifying your browser during the session, which is required for the technical operation of the website

 

CFTOKEN

Cookie for identifying your browser during the session, which is required for the technical operation of the website  

 

_ga

Cookie for identifying your browser for the services of Google Analytics (see Sec.3.2)

 

_gid

Cookie for identifying your browser for the services of Google Analytics (see Sec.3.2)

 

countrypreference

Cookie for storage of country settings, which is required for the technical operation of the website

 

interruptAutomaticRedirect

Cookie for storage of view options (desktop or mobile), which is required for the technical operation of the website

 

menu

Cookie for storage of menu settings, which is required for the technical operation of the website

 

screenpreference

Cookie for storage of view options (desktop or mobile), which is required for the technical operation of the website 

You can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time. Please refer to your browser's operating instructions to find out how this works. If you do not accept cookies, this can lead to restrictions in the use of our service.

3.1.4 When you visit our website, you are notified of the use of cookies for tracking and analysis (see Sec. 2) and asked to provide your express consent. The notice makes reference to the detailed explanations in this Privacy Notice.

3.1.5 Log files are deleted after 30 days. Most cookies expire and are deleted at the end of your browser session, some (including those mentioned in Sec. 2) will persist for up to 24 months before they expire and are deleted. After expiry of those periods information will be deleted or made anonymous.

3.2 Use of Google Analytics

3.2.1 Our website uses Google Analytics, a web analysis service of Google LLC (https://www.google.de/intl/en/about/), 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google") for the purposes set forth in Section 1.1 and 3.1.2 and the preservation of our legitimate interest described therein (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) and, where applicable, on the basis of your consent as described in Sec. 3.1.4 (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR)

You can find further information on how Google uses information from sites or apps that use its services here: https://www.google.com/policies/technologies/partner-sites/

Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how users use the site (see Section 3.1.3). The information generated by the cookie about your use of this website such as pages visited and

          • browser type and version,
          • operating system of your computer,
          • referrer URL (i.e. the page last visited),
          • host name of accessing computer (IP address),
          • date and time of server request

are transferred to a Google server and stored there. IP anonymisation has been activated on this website such that the IP addresses of users located within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area will be truncated when stored on the Google server.

Google has joined the Privacy Shield (cf. Sec. 1 above) so that Google guarantees compliance with EU data protection standards.

The data listed above can be captured and used across devices through identification, e.g. login to Google services. This makes it possible for Google to capture that you start your visit of our website on a PC and continue it on a mobile device and the data from both devices can be combined. We have not activated the User-ID adjustment and thus do not collect this data.

On behalf of this website’s operator, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. We have chosen settings to erase analytics data after 50 months in order to be able to compile and compare statistical data.

The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

Disabling add-ons: You can prevent the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use this website’s full functionality.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

In the version of our website optimised for mobile browsers we have provided a special deactivation option.

Opt-out: In addition or as an alternative to the browser add-on you can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set which prevents the future collection of your data when visiting this website:

<a href="javascript:gaOptout()">Google Analytics deaktivieren</a>

The opt-out will work only in the browser and only for this domain. An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you must click this link again.

If you do not wish to receive interest-based advertising, you can also disable Google's use of cookies for these purposes by visiting https://myaccount.google.com/intro.

Finally, please note that on this website, Google Analytics has been supplemented with the code "gat._anonymizeIp();" to ensure anonymous collection of IP addresses (so-called IP masking).

You can find additional information on the use and protection of your data in connection with Google Analytics on the Google Analytics help pages (https://support.google.com/analytics/answer/6004245?hl=en).

3.3 We also use the Google Tag Manager to administer our website and implement Google Analytics. For this purpose we have activated the option to anonymize data transmissions and have entered into a processing agreement with Google. For further details, refer to the foregoing information on Google Analytics.

3.4 Third Party Icons Such as Facebook and YouTube

Our website contains icons with the logos of certain social media platforms. The icons are linked to a URL of the social media platform. When you click on the icon, the respective function of the social media platform is activated (like, share, connect etc.). Until then no data is transmitted to the social media platform. When you click on the icon, you will leave our website. We make reference to Sec. 3.5. Our website currently contains icons of the following social media platforms:

3.4.1 When you click on the icon Twitter you will be re-directed to the services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: http://twitter.com/privacy.

3.4.2 When you click on the icon Facebook you will be re-directed to the services of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: facebook.com/help.

3.4.3 When you click on the icon YouTube you will be re-directed to the services of YouTube, LLC, Cherry Ave., United States, a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: https://www.google.de/intl/de/policies/privacy/.

3.5 Additional Recipients

Our website may contain references to third parties’ offers in the form of links, advertising banners or the like. If you follow these links (usually by clicking on the link or advertising banner), you will be directed to third-party offers. We would like to point out that providers of such offers may be in an unsafe third country and that clicking on such links may therefore lead to a transfer of information to such a country, that we are not the controller with respect to such third party offers and have not agreed any guarantees with the controllers’ of such third party offers regarding data protection and that only the data protection policies of the third party as the controller will apply to these offers. Although we do not pass on any Personal Data to such providers or their service providers ourselves, they can draw conclusions from the fact that you come from our website when you click on an advertisement.

We also refer to Sections 6 et seq. for further information regarding the possible recipients and retention periods of the above information.

  1. Processing of Data If You Contact Us

4.1 When you contact us by e-mail, phone or in any other manner in connection with this website, we will record your name, the date and time of your call and the content of your request in a contact log. If you are registered in our CRM database or if you express an interest in a product or service, this information will be stored in our CRM database. For further information see Sec. 5 below

4.2 We will store and process the above information to perform the contractual relationship with you with respect to the delivery or service to which the call relates on the one hand (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services to meet your individual requirements and thus promoting the sale of our products and services, possibly offering you additional products or services in line with your interests, documenting the content of your request for the establishment, exercise or defence of legal claims and, where relevant, fulfilling our product monitoring obligations with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

4.3 We may enable other companies of our group of undertakings (“Affiliate(s)”) to present their products and services on our website and to communicate with users in their respective countries of establishment through our website. If you request information which relates to countries other than the USA, we will pass on the information submitted and your interest to the local Affiliate in your country of residence or the country to which the inquiry relates, in order to enable that Affiliate to provide the information you have requested. Where the inquiry relates to a specific transaction, we pass on the information for purpose the performance of steps prior to entering into a contract (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, where not, for preservation of our legitimate interest in approaching (prospective) customers through the company of our group of undertakings which is closest to the customer (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). For further information on data transfers to Affiliates see Sec. 1 below.

4.4 Unless one of the longer retention periods specified further below applies, contact logs will be retained for 12 months after the call. If you should submit information that we must collect as part of our legal product monitoring obligation, please take note of the information contained in Section 3.4.

4.5 We also refer to Sections 6 et seq. for further information regarding the possible recipients and retention periods of the above information.

  1. Processing of Data in Our CRM Database

5.1 If you express an interest in our products or services (e.g. by making an enquiry at a trade fair or conference, by e-mail, or via phone), or if you interact or transact with us as a customer, supplier or other business partner, we will set up a customer account in our CRM database which contains your master data (name, address, account etc.).

If you contact us as an employee of an organization or a company, we will store and process the categories of data described herein generally in relation to this organization or company, but may link it to the information that you are employed by such organization or company and are our contact person.

All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the (prospective) business relationship will then be stored in, or linked to, this customer account.

5.2 We will store and process data (a) relating to prospective customers or business partners in order to process your inquiry and also to protect our legitimate interest in improving our deliveries and services to meet your individual requirements, promoting the sale of our products and services and possibly offering you additional products or services in line with your interests (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR), and (b) relating to actual business partners on the one hand to perform the respective contractual relationship with respect to the products and services we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and (c) where relevant, in order to fulfill (i) our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR), as well as (ii) statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

5.3 We may also process data on (prospective) business partners in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

5.4 Personal data stored in our CRM Database may be disclosed to our Affiliates for the purpose of account planning, support and management as well as to track sales opportunities and to conduct outreach and client engagement. In any case, access to such data is always restricted by multiple levels of access rights granted on a need-to-know basis ensuring that the Affiliates, and within each Affiliate the respective employees, access only the data they require for their business functions.

We share data in the contexts specified hereinabove in order to protect our legitimate interests in coordinating sales processes and business and IT administrative processes on the level of the group of undertakings and planning and providing our deliveries and services as close to our customers as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). For further information on data transfers to Affiliates see Sec. 6.1 below.

5.5 We also refer to Sections 6 et seq. for further information regarding the possible recipients and retention periods of the above information.

5.6 You can object to the use of your data for direct marketing purposes at any time (cf. Section 7).

  1. General Information on Recipients, Categories of Recipients and Transfers

6.1 In the contexts specified hereinabove we may share Personal Data with Affiliates in order to protect our legitimate interests in coordinating sales processes and business and IT administrative processes on the level of the group of undertakings and planning and providing our deliveries and services as close to our customers as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

In order to provide for a uniform level of data protection for data subjects from the European Economic Area throughout our group of undertakings, we have agreed upon uniform data protection provisions for all data transfers in an Intercompany Agreement between ARTHREX and its Affiliates located in the European Economic Area which, with respect to data exports outside of the European Economic Area, incorporate the standard data protection clauses adopted by the Commission for this purpose. The essential content of this Intercompany Agreement is that

(a)     any exchange of Personal Data is subject to the terms of the Intercompany Agreement, which provides for different data protection arrangements depending on whether the receiving entity receives the data as a processor of the disclosing entity, or under its own control, or under joint control;

(b)     appropriate guarantees apply to all data transfers outside of the European Economic Area; and

c) in the event of joint control, the entity transferring the Personal Data shall, as between the parties to the transfer, (a) be responsible for compliance with the obligations under the GDPR, in particular as regards the exercising of data subject rights, (b) serve as a contact point for data subjects, and (c) make available the essence of these arrangements to the data subjects.

We will be pleased to provide you with further details of the Intercompany Agreement on request.

6.2 The data protection officer of our representative in the European Union will have access to your data as necessary for the consummation of its data protection tasks. The data protection officer is under a statutory obligation of confidentiality.

6.3 All of our servers and databases may be operated, maintained or further developed by additional processors or other contractors. They may have access to your data.

6.4 Where we store and process data for the consummation of contracts, we may pass these data on to agents and contractors we employ for such consummation (e.g. to carriers for transportation purposes).

6.5 Where we store and process data for communication with you, we may use additional processors or contractors in order to process or transmit correspondence with you (e.g. letter shops), who will then have access to your data.

6.6 We may also retain consultants or advisors such as legal, tax or business consultants. They may have access to your data.

6.7 Where we use contractors of the categories listed hereinabove to handle your data on our behalf, we have concluded, or will conclude prior to such processing, a contract processing agreement with the contractor to ensure that Personal Data is processed only on our behalf and in accordance with our instructions. Where the data are not processed on our behalf, we will enter into appropriate confidentiality agreements with the contractors.

6.8 We will transfer your Personal Data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obligated to do so (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR) or if we have a legitimate interest in averting coercive measures of such authorities, institutions or bodies within the scope of their legal authority (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Such legally required or necessary transmissions are not the subject of this Privacy Notice.

  1. General Information on Retention Periods and Anonymisation

7.1 We have enacted a data retention and deletion policy in order to ensure that Personal Data are only stored for as long as necessary for their purpose.

7.2 Our data retention and deletion policy takes account of the principle that Personal Data should be retained for limited periods even after the original purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defence of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

7.3 Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

7.3.1 We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified hereinbelow. Otherwise (prospective) customer data will be deleted after expiry of one year.

7.3.2 For compliance with the statutory retention period for commercial and tax documentation we will retain correspondence for seven years and invoices and other booking documentation for 11 years.

7.3.3 We will retain contract-related data and documents for 11 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations.

7.3.4 We will retain all product safety documents and product data including information on safety-relevant incidents and accidents or customer complaints to comply with our statutory product monitoring obligation and to assert, exercise or defend legal claims within the statutory limitation periods for 31 years after the end of product sales.

7.4 If the term "deletion" or “erasure” is used in this Privacy Notice, we reserve the right to anonymise the relevant data record, such that it can no longer be assigned to you, instead of complete deletion

7.5 Anonymised data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymised data is not subject to the GDPR and is not the subject of this Privacy Notice.

  1. Your Rights

You as the data subject have certain rights with regard to your Personal Data, which we will explain to you below:

8.1 Right of Access and Information - Under the conditions stipulated in Art. 15 of the GDPR you have the right to obtain from us confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and certain information on their processing. Please note that this right is subject to certain statutory limitations (in particular under § 34 of the German Data Protection Act).

8.2 Right to Rectification - Under the conditions stipulated in Art. 16 of the GDPR you have the right to obtain from us the rectification of inaccurate Personal Data, and the completion of incomplete Personal Data.

8.3 Right to be Forgotten - Under the conditions stipulated in Art. 17 of the GDPR you have the right to obtain from us the erasure of certain of your Personal Data, such as data which are no longer necessary for legitimate purposes (such as the establishment, exercise or defence of legal claims).

8.4 Right to Restriction of Processing - Under the conditions stipulated in Art. 18 of the GDPR you have the right to obtain from us the restriction of processing of certain of your Personal Data, such as data which you claim not be accurate.

8.5 Right to Data Portability - Under the conditions stipulated in Art. 20 of the GDPR you have the right to receive, or request us to transfer to a third party, in a machine-readable format, Personal Data relating to you which are processed by automated means solely on the basis of your consent or for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.

8.6 Right of Objection - Under the conditions stipulated in Art. 21 of the GDPR you have the right to object, on grounds relating to your particular situation, to certain processing operations of your Personal Data. We may in such case not follow your objection if there are compelling legitimate grounds for the processing which override your interests or if processing is necessary for the establishment, exercise or defence of legal claims.

8.7 Right of Objection to Direct Marketing (Art. 21(2) of the GDPR) - You can object to the further processing of your Personal Data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

8.8 Automated Decisions (Art. 22 of the GDPR) - We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

8.9 Guarantees - To the extent that we indicate in this Privacy Policy that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from us. If a guarantee exists in the form of participation in the Privacy Shield Program, you will find information and documentation here: http://europa.eu/rapid/press-release_MEMO-16-434_en.htm..

8.10 Consents - If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection pursuant to Sections 6et seq.). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider ).

8.11 Right to Lodge a Complaint - You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for our representative in the European Union (Section 3).

8.12 You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our representative in the European Union and its data protection officer also. You may be required to identify yourself to us as a data subject to exercise your rights.

  1. Security

We have implemented extensive, industry standard technical and organisational measures to protect your Personal Data from unauthorised access and misuse.

  1. Changes to this Privacy Notice

ARTHREX periodically evaluates its privacy policies and procedures to implement improvements and refinements. Therefore, ARTHREX reserves the right to modify or amend this Privacy Notice at any time and for any reason. When this policy is amended, ARTHREX will revise the “last updated” date at the bottom of this policy. Please review this Privacy Notice periodically and especially before you provide personally identifiable information to us. For material changes to this policy, ARTHREX will notify individuals by placing a notice on this page.

 

Last Updated: May 2020